移动存储设备属于被动设备,其安全防护往往依赖于终端系统的安全机制,在提供安全性的同时会降低系统可用性.本文提出了一种基于可信虚拟域的移动存储设备结构框架TRSF(Trusted Removable Storage Framework)实现存储设备的主动防护.TRSF将智能卡芯片和动态隔离机制绑定到存储设备中,并由片上操作系统构建从底层可信平台模块到隔离运行环境的可信数据通道,从而为移动存储设备在非可信终端系统中被非可信进程访问和使用提供一个可信虚拟环境.最后基于TRSF实现了一款主动安全U盘UTrustDisk.与没有增加主动防护机制相比,增加该机制导致平均读写性能开销分别增加了7.5%和11.5%.

As removable storage medias are passive devices,their security policies depend on mechanisms in connected terminal systems,which will reduce the availability while providing security.This paper presents TRSF,a framework of removable storage based on trust virtual domain to implement active protection.TRSF solidifies a smart card and an isolation mechanism into the storage device and builds trust data channels from the device to the isolated usage environment in terminal system.So TRSF is able to provide trust virtual environment for data access and usage of removable storage even in untrust terminal systems by untrust processes.We implement an intelligent USB disk based on TRSF called UTrustDisk to evaluate the framework.The average overhead on read and write caused by trust chain mechanism is 7.5% and 11.5%.