Journal of Information Security Research ›› 2019, Vol. 5 ›› Issue (1): 68-74.
Previous Articles Next Articles
Received:
2019-01-08
Online:
2019-01-15
Published:
2019-01-08
林璟锵,郑昉昱,王跃武
通讯作者:
林璟锵
作者简介:
林璟锵
博士,研究员,主要研究方向为应用密码学、网络与系统安全.
linjingqiang@iie.ac.cn
郑昉昱
博士,助理研究员,主要研究方向为应用密码学、高性能计算和计算机算术.
fyzheng@is.ac.cn
中国科学院大学网络空间安全学院
王跃武
博士,研究员,主要研究方向为移动安全、容器安全以及密码应用测评.
wangyuewu@iie.ac.cn
[1] Guninski G. Linux kernel 2.6 fun, Windoze is a joke[EB/OL]. [2005-02-15]. http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html [2] Lafon M, Francoise R, CAN-2005-0400: Information leak in the Linux kernel ext2 implementation[EB/OL]. [2005-03-25]. https://seclists.org/bugtraq/2005/Apr/17 [3] National Vulnerability Database. CVE-2014-0069[EB/OL]. [2014-02-28]. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0069. [4] National Vulnerability Database. CVE-2014-4653[EB/OL]. [2014-03-07]. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4653. [5] Chow J, Pfaff B, Garfinkel T, et al. Understanding data lifetime via whole system simulation[C]// Proc of the 13th USENIX Security Symp. Berkeley: USENIX, 2004: 321-336 [6] The MITRE Corporation. CWE-212: Improper cross-boundary removal of sensitive data[EB/OL]. [2018-04-03]. https://cwe.mitre.org/data/definitions/212.html. [7] The MITRE Corporation. CWE-226: Sensitive information uncleared before release[EB/OL]. [2018-05-29]. https://cwe.mitre.org/data/definitions/226.html. [8] Szekeres L, Payer M, Wei T, et al. Sok: Eternal war in memory[C]// Proc of the 34th IEEE Symp on Security and Privacy. Piscataway,NJ: IEEE, 2013: 48-62 [9] Halderman J A, Schoen S D, Heninger N, et al. Lest we remember: cold-boot attacks on encryption keys[J]. Communications of the ACM, 2009, 52(5): 91-98 [10] Stewin P, Bystrov I. Understanding DMA malware[C]//Proc of Int Conf on Setection of Intrusions and Malware, and Vulnerability Assessment. Berlin:Springer, 2012: 21-41 [11] Becher M, Dornseif M, Klein C N. FireWire:All your memory are belong to us[J]. Proceedings of CanSecWest, 2005: 67 [12] Blass E O, Robertson W. TRESOR-HUNT: Attacking CPU-bound encryption[C]//Proc of the 28th Annual Computer Security Applications Conference. New York:ACM, 2012: 71-78 [13] Li Y, McCune J M, Perrig A. VIPER: Verifying the integrity of peripherals' firmware[C]//Proc of the 18th ACM Conf on Computer and Communications Security. New York:ACM, 2011: 3-16 [14] Müller T, Freiling F C, Dewald A. TRESOR runs encryption securely outside RAM[C]//Proc of USENIX Security Symp. Berkeley : USENIX, 2011 [15] Simmons P. Security through Amnesia: A software-based solution to the cold boot attack on disk encryption[C]//Proc of the 27th Annual Computer Security Applications Conf. New York:ACM, 2011: 73-82 [16] Garmany B, Müller T. PRIME: Private RSA infrastructure for memory-less encryption[C]//Proc of the 29th Annual Computer Security Applications Conf. New York:ACM, 2013: 149-158 [17] Zhao Y, Lin J, Pan W, et al. RegRSA: Using registers as buffers to resist memory disclosure attacks[C]//Proc of IFIP Int Information Security and Privacy Conf. Berlin:Springer, 2016: 293-307 [18] Pabel J. FrozenCache: Mitigating cold-boot attacks for full-disk-encryption software[C]//Proc of the 27th Chaos Communication Congress. 2010 [19] Guan L, Lin J, Luo B, et al. Copker: Computing with private keys without RAM[C]// Proc of 21st Annual Network and Distributed System Security Symp. Rosten:the Internet Society, 2014: 23-26 [20] Lin J, Guan L, Ma Z, et al. Copker: A cryptographic engine against cold-boot attacks[J]. IEEE Trans on Dependable and Secure Computing, 2018, 15(5): 742-754 [21] Colp P, Zhang J, Gleeson J, et al. Protecting data on smartphones and tablets from memory attacks[C]// Proc of the 20th Int Conf on Architectural Support for Programming Languages and Operating Systems. New York:ACM, 2015 [22] Guan L, Lin J, Luo B, et al. Protecting private keys against memory disclosure attacks using hardware transactional memory[C]//Proc of IEEE Symp on Security and Privacy, Piscataway: IEEE, 2015: 3-19 [23] Sun H, Sun K, Wang Y, et al. TrustOTP: Transforming smartphones into secure one-time password tokens[C]//Proc of the 22nd ACM Conf on Computer and Communications Security. News York:ACM, 2015: 976-988 [24] Sun H, Sun K, Wang Y, et al. TrustICE: Hardware-assisted isolated computing environments on mobile devices[C]//Proc of the 45th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks, Piscataway,NJ:IEEE, 2015: 367-378 [25] Zhang N, Sun K, Lou W, et al. CaSE: Cache-assisted secure execution on arm processors[C]//Proc of IEEE Symp on Security and Privacy, Piscataway,NJ:IEEE, 2016: 72-90 [26] Vasiliadis G, Athanasopoulos E, Polychronakis M, et al. PixelVault: Using PGUs for securing cryptographic operations[C]//Proc of the 2014 ACM Conf on Computer and Communications Security. New York:ACM, 2014: 1131-1142 [27] Zhu Z, Kim S, Rozhanski Y, et al. Understanding the security of discrete GPUs[C]//Proc of the General Purpose GPUs. New York:ACM, 2017: 1-11 [28] Boneh D, Ding X, Tsudik G, et al. A method for fast revocation of public key certificates and security capabilities[C]//Proc of USENIX Security Symp. Berkeley:USENIX, 2001: 22-22 [29] Lindell Y. Fast secure two-party ECDSA signing[C]//Proc of Annual International Cryptology Conference. Berlin:Springer, 2017: 613-644 [30] 林璟锵, 马原, 荆继武, 等. 适用于云计算的基于SM2算法的签名及解密方法和系统: 中国, ZL2014104375995[P]. 2017-11-03 [31] Libert B, Quisquater J J. Efficient revocation and threshold pairing based cryptosystems[C]//Proc of the 22nd Annual Symp on Principles of Distributed Computing. New York:ACM, 2003: 163-171 [32] Tang Y, Ames P, Bhamidipati S, et al. CleanOS: Limiting mobile data exposure with idle eviction[C]//Proc of the 10th USENIX Symp on Operating Systems Design and Implementation. Berkeley:USENIX, 2012: 77-91 [33] Müller T, Taubmann B, Felix C. Freiling. TreVisor - OS-independent software-based full disk encryption secure against main memory attacks[C]// Proc of Int Confon Applied Cryptography and Network Security. Berlin:Springer,2012: 66-83 [34] Shinagawa T, Eiraku H, Tanimoto K, et al. BitVisor: A thin hypervisor for enforcing i/o device security[C]//Proc of the 2009 ACM SIGPLAN/SIGOPS Int Conf on Virtual Execution Environments. New York:ACM, 2009: 121-130 [35] Wang Z, Zheng F, Lin J, et al. Utilizing GPU virtualization to protect the private keys of GPU cryptographic computation[C]//Proc of Int Conf on Information and Communications Security. Berlin:Springer, 2018: 142-157 [36] Mashtizadeh A J, Bittau A, Boneh D, et al. CCFI: Cryptographically enforced control flow integrity[C]//Proc of the 22nd ACM Conf on Computer and Communications Security. New York:ACM, 2015: 941-951 [37] Götzfried J, Müller T, Drescher G, et al. RamCrypt: Kernel-based address space encryption for user-mode processes[C]//Procs of the 11th ACM on Asia Conf on Computer and Communications Security. New York:ACM, 2016: 919-924 [38] Chen Cao, Le Guan, Ning Zhang et al, Wenjing Lou: CryptMe: Data leakage prevention for unmodified programs on ARM devices[G]// LNCS 11050: Proc of Int Symp on Recent Advances in Intrusion Detection. Berlin:Springer, 2018: 380-400 [39] Jingqiang Lin, Bo Luo, Le Guan et al: Secure computing using registers and caches: The problem, challenges, and solutions[J] IEEE Security & Privacy, 2016, 14(6): 63-70 [40] Lipp M, Schwarz M, Gruss D, et al. Meltdown[EB/OL]. [2018-09-01].https://arxiv.org/abs/1801.01207 [41] Kocher P, Genkin D, Gruss D, et al. Spectre attacks: Exploiting speculative execution[EB/OL]. [2018-09-01]. https://arxiv.org/abs/1801.01203 [42] Guoxing Chen, Sanchuan Chen, Yuan Xiao et al, SgxPectre attacks: Stealing Intel secrets from SGX enclaves via speculative execution. [EB/OL]. [2018-02-25]. https://arxiv.org/abs/1802.09085 [43] Hetzelt F, Buhren R. Security analysis of encrypted virtual machines[C]// Proc of the 13th ACM SIGPLAN/SIGOPS Int Conf on Virtual Execution Environments. New York:ACM, 2017 [44] Morbitzer M, Huber M, Horsch J et al. SEVered: Subverting AMD’s virtual machine encryption[EB/OL].[2018-05-24]. https://arxiv.org/abs/1805.09604 |
[1] | . A Survey of Research on Network Attack Model [J]. Journal of Information Security Research, 2020, 6(12): 1058-1067. |
[2] | . Research on Industrial Internet Security Monitoring Audit and Trend Awareness Technology [J]. Journal of Information Security Research, 2020, 6(11): 0-0. |
[3] | . A Survey of Research Work on Critical Information Infrastructure System Security Defense [J]. Journal of Information Security Research, 2020, 6(1): 14-24. |
[4] | . Practical and Research on Industrial Control Security of Whole Process Cold Rolling Line [J]. Journal of Information Security Research, 2019, 5(8): 752-755. |
[5] | . A Review of Cyber-Physical Security in Smart Grids [J]. Journal of Information Security Research, 2019, 5(12): 1068-1075. |
[6] | . The Taxonomy Towards the Security Application of Cryptography [J]. Journal of Information Security Research, 2019, 5(1): 14-22. |
[7] | . Survey on Mobile Web Operating System Security [J]. Journal of Information Security Research, 2018, 4(8): 689-697. |
[8] | . Cyber Range Based Security Analysis of DNC Protocol [J]. Journal of Information Security Research, 2017, 3(6): 560-567. |
[9] | . The analysis of the application of biometric technology in commercial Banks [J]. Journal of Information Security Research, 2017, 3(11): 1006-1010. |
[10] | Wu Zhijun. The Information Security Assurance of Civil Aviation Information System in the United States [J]. Journal of Information Security Research, 2016, 2(6): 562-567. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||