计算机科学与探索Issue(5):412-421,10.DOI:10.3778/j.issn.1673-9418.1209012
PriVisor:不可信操作系统中用户隐私数据保护方法*
PriVisor:A Method for User Privacy Protection in Untrusted Operating System
摘要
Abstract
How to protect the user’s privacy data within the more and more complicated network environment catches the researchers’attention. The operating system (OS) is prone to be attacked for its complicated implementation. The attacker can hijack the OS kernel to steal the user’s privacy data by exploiting its vulnerabilities. This paper proposes a system named PriVisor (privacy visor) to protect the user’s private data based on a lightweight VMM (virtual machine monitor) named OSV. By limiting the OS memory access operation, the OS cannot access the user’s data if it is unau-thorized, which ensures the completeness of user’s privacy data. At the same time, this paper also builds a secure I/O channel by monitoring the device configuration space, which prevents the compromised OS reconfiguring the device configuration space to steal the user’s data when the user interacts with the computer. This paper verifies its security and reliability theoretically by modeling the memory protection system of PriVisor. The real attack case analysis confirms the effectiveness and security of PriVisor.关键词
隐私数据/虚拟机监控器/内存隔离/I/O控制Key words
privacy data/virtual machine monitor/memory isolation/I/O control分类
信息技术与安全科学引用本文复制引用
任建宝,齐勇,戴月华,王晓光,宣宇,耿晨,史椸..PriVisor:不可信操作系统中用户隐私数据保护方法*[J].计算机科学与探索,2013,(5):412-421,10.基金项目
The National Natural Science Foundation of China under Grant No.60933003(国家自然科学基金) (国家自然科学基金)
