可信技術(shù)在國產(chǎn)化嵌入式平臺(tái)的應(yīng)用研究
2021年電子技術(shù)應(yīng)用第12期
孟祥斌,劉笑凱,郝克林
華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083
摘要: 國產(chǎn)化嵌入式平臺(tái)的安全威脅依舊嚴(yán)峻,為了提高國產(chǎn)化平臺(tái)的安全性與可控性,可信技術(shù)的應(yīng)用十分關(guān)鍵。在基于龍芯2K-1000CPU的國產(chǎn)化嵌入式平臺(tái)上,采用可信平臺(tái)控制模塊(Trusted Platform Control Module,TPCM),應(yīng)用可信啟動(dòng)、可信軟件基、可信文件存儲(chǔ)和I/O口的可信訪問等技術(shù),實(shí)現(xiàn)了國產(chǎn)化嵌入式平臺(tái)的可信運(yùn)行。TPCM可信模塊基于CCP903T密碼芯片實(shí)現(xiàn)。此平臺(tái)已在某安全項(xiàng)目中通過測試投入使用,對可信技術(shù)在國產(chǎn)化平臺(tái)的應(yīng)用以及標(biāo)準(zhǔn)化形成留下參考性意義。
中圖分類號: TN918;TP309
文獻(xiàn)標(biāo)識碼: A
DOI:10.16157/j.issn.0258-7998.211350
中文引用格式: 孟祥斌,劉笑凱,郝克林. 可信技術(shù)在國產(chǎn)化嵌入式平臺(tái)的應(yīng)用研究[J].電子技術(shù)應(yīng)用,2021,47(12):94-99.
英文引用格式: Meng Xiangbin,Liu Xiaokai,Hao Kelin. Research on application of trusted technology in localized embedded platform[J]. Application of Electronic Technique,2021,47(12):94-99.
文獻(xiàn)標(biāo)識碼: A
DOI:10.16157/j.issn.0258-7998.211350
中文引用格式: 孟祥斌,劉笑凱,郝克林. 可信技術(shù)在國產(chǎn)化嵌入式平臺(tái)的應(yīng)用研究[J].電子技術(shù)應(yīng)用,2021,47(12):94-99.
英文引用格式: Meng Xiangbin,Liu Xiaokai,Hao Kelin. Research on application of trusted technology in localized embedded platform[J]. Application of Electronic Technique,2021,47(12):94-99.
Research on application of trusted technology in localized embedded platform
Meng Xiangbin,Liu Xiaokai,Hao Kelin
National Computer System Engineering Research Institute of China,Beijing 100083,China
Abstract: The security threats of localized embedded platforms are still severe. In order to improve the security and controllability of localized platforms, the application of trusted technology is critical. This article uses a trusted platform control module(TPCM) on a localized embedded platform based on the Godson 2K-1000CPU, using trusted boot, trusted software base, trusted file storage and I/O ports. Technology such as trusted access realizes the trusted operation of the localized embedded platform. The TPCM trusted module is implemented based on the CCP903T cryptographic chip. This platform has been tested and put into use in a security project, leaving a reference for the application of trusted technology in the localization platform and the formation of standardization.
Key words : trusted boot;trusted platform control module(TPCM);localization platform;I/O port trusted access
0 引言
近些年計(jì)算機(jī)技術(shù)飛速發(fā)展,同時(shí)信息安全威脅事件大量爆發(fā),信息安全問題被國內(nèi)外各研究人員廣泛關(guān)注。傳統(tǒng)的信息安全防御技術(shù)有防火墻、堵漏洞以及入侵檢測等方式,很難有較大突破。沈昌祥院士提出:網(wǎng)絡(luò)安全最重要的是“安全可信”[1]。我國在“自主研發(fā)”方面實(shí)現(xiàn)了信息系統(tǒng)從硬件到軟件的自主研發(fā)、生產(chǎn)、升級、維護(hù)的全程可控,但是由于計(jì)算機(jī)體系結(jié)構(gòu)固有的缺點(diǎn)以及軟件可能存在的缺陷,在自主研發(fā)的平臺(tái)下,仍然存在各種不可避免的未知的軟硬件漏洞。因此,本文將運(yùn)用可信技術(shù),遵照可信計(jì)算規(guī)范,自主設(shè)計(jì)可信硬件模塊,擴(kuò)展可信BIOS和操作系統(tǒng)。以可信密碼模塊為信任根,構(gòu)建貫穿硬件層、固件層、操作系統(tǒng)層和應(yīng)用層全過程的信任鏈解決方案,能夠?yàn)閲a(chǎn)化嵌入式計(jì)算平臺(tái)提供有效完整的全信任鏈保護(hù),實(shí)現(xiàn)了信息系統(tǒng)基礎(chǔ)平臺(tái)裝備的“安全可信”。
本文詳細(xì)內(nèi)容請下載:http://www.jysgc.com/resource/share/2000003879。
作者信息:
孟祥斌,劉笑凱,郝克林
(華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。