基于虚拟化与体系结构支持的移动平台系统安全研究

项目名称： 基于虚拟化与体系结构支持的移动平台系统安全研究

项目编号： No.61303011

项目类型： 青年科学基金项目

立项/批准年度： 2014

项目学科： 自动化技术、计算机技术

项目作者： 夏虞斌

作者单位： 上海交通大学

项目金额： 23万元

中文摘要： 随着移动设备的广泛应用，其安全问题日益严重，其中挑战主要来自于移动平台的以下特点：首先，用户隐私数据集中，使移动设备极易成为攻击目标；其次，丰富的功能使软件系统日趋复杂，潜在漏洞也随之增加；再次，设备容易丢失或被窃，使攻击者可使用包括物理攻击在内的多种攻击手段。已有研究大多集中在应用层与操作系统层，主要检测已知的恶意软件以及防御已知的安全漏洞，且依赖于庞大的可信计算基。本项目拟从硬件层与虚拟化层自底向上地探索一种通用的、保护力度更强的安全机制。一方面，利用在服务器领域取得重大突破的虚拟化安全技术，研究对移动平台关键数据和代码的不同层次的安全监控、安全隔离、可控交互等技术；另一方面，结合移动端的安全硬件，在减小可信计算基的同时，为上层软件提供安全支撑，并进一步扩展体系结构以抵御物理攻击。研究以保证对现有移动应用的兼容性为前提，充分考虑移动平台计算的限制，在提高安全性的同时保证系统实用性。

中文关键词： TrustZone；移动；安全；虚拟化；体系结构

英文摘要： With the wider use of mobile devices, the security issue is getting more and more serious. The main challenges come from following features of mobile platform. First, mobile platform has intensive user privacy which makes it an attractive target of security attack. Second, as the functionalities of mobile device increasing, the software has become more and more complex and the number of potential software bugs is also growing. Third, since it is common for a device to get lost or stolen, an attacker can issue various attacks including physical attack. Most previous work focused on application level and operating system level, which mainly detected known malware and defended against known security vulnerabilities. These work relied heavily on large TCB (Trusted Computing Base). In this project, we plan to research for a more general and stronger mechanism from the hardware and virtualization layers in a bottom-up way. We leverage virtualization security technology whose effectiveness has been proven in server area to support secure monitoring, secure isolation and controlled interaction to protect critical data and code on mobile platform. Meanwhile, we use secure hardware on mobile device to offer supports for up-layer software, as well as reduce the TCB. We'll further extend current architecture to defend again

英文关键词： TrustZone；Mobile；Security；Virtualization；Architecture