TSSP:一种TrustZone架构中的会话调度方案
TSSP: A Session Scheduling Method in TrustZone Architecture
作者:赵波(武汉大学 计算机学院, 湖北 武汉 430072;空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072);马骏(武汉大学 计算机学院, 湖北 武汉 430072;空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072);肖钰(武汉大学 计算机学院, 湖北 武汉 430072;空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072);刘育博(武汉大学 计算机学院, 湖北 武汉 430072;空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072)
Author:ZHAO Bo(Computer School, Wuhan Univ., Wuhan 430072, China;Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education, Wuhan Univ., Wuhan 430072, China);MA Jun(Computer School, Wuhan Univ., Wuhan 430072, China;Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education, Wuhan Univ., Wuhan 430072, China);XIAO Yu(Computer School, Wuhan Univ., Wuhan 430072, China;Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education, Wuhan Univ., Wuhan 430072, China);LIU Yubo(Computer School, Wuhan Univ., Wuhan 430072, China;Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education, Wuhan Univ., Wuhan 430072, China)
收稿日期:2016-09-18 年卷(期)页码:2017,49(1):151-158
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:DOS攻击;会话调度;安全
Key words:denial-of-service attack;session scheduling;security
基金项目:国家“863”计划资助项目(2015AA016002);江苏省自然科学基金青年基金资助项目(BK20130372);国家“973”计划资助项目(2014CB340600)
中文摘要
针对TrustZone架构中,恶意CA长时间占用会话资源引起DOS攻击的问题,提出了一种TrustZone架构中的会话调度方案(TSSP)。结合TrustZone会话执行的特点,给出了会话等待队列、执行队列的构建方法,同时引入了等待队列会话优先级、执行队列会话剩余价值的计算方法,在此基础上,对会话调度策略进行详细的阐述。通过实验证明了本方案能够保证高优先级的会话优先执行,同时能够有效抵抗由于恶意CA长时间占用会话资源引起的DOS攻击。最后,从安全与性能两个方面对加入会话调度机制后的系统进行评估。实验结果表明,加入调度机制后,在保证系统安全性的基础上,增加的性能开销在0.01~0.27 s之间。
英文摘要
In TrustZone architecture,a malicious CA occupying session resources for a long time usually introduces DOS attacks.To solve this problem,a TrustZone session scheduling protocol(TSSP) was proposed.Combined with the features of session execution in TrustZone architecture,the construction method of session waiting queue and execution queue was introduced.Meanwhile,the calculation methods of session priority in waiting list and session surplus value in executing list were proposed.Based on this, the session scheduling strategy was detailed described.The experimental results showed that this protocol could ensure that session with high priority be executed first and could resist DOS attack induced by malicious CA occupying session resources for a long period of time.Finally,the security and performance evaluations of the system added with session scheduling mechanism were done.The results showed that on the premise of ensuring system security the performance overhead added is between 0.01 and 0.27 s.
上一条:基于多维时间序列分析的网络异常检测
【关闭】
