基于嵌入式可信系统的可容忍非信任组件的计算平台

A Embedded System-based Computing Platform for Tolerating Untrusted Component

  • 摘要: 针对现在大量遗留系统中存在的非信任组件会造成终端安全操作隐患这一问题,提出了一种基于嵌入式可信系统的可容忍非信任组件的计算平台,该平台在不改变现有终端硬件结构以及上层操作系统的前提下,允许非信任组件的存在,并采用虚拟机等技术保证非信任组件不会造成严重的安全威胁。另外,基于IMA与SB两种度量模型为该平台设计了新的完整性度量模型,该度量模型借鉴IMA对嵌入式系统进行度量,而对于上层平台则使用由虚拟机支持的SB模型,以保证平台的可信启动、进程的可信加载、程序的可信运行安全有效。

     

    Abstract: Considering that there are many untrusted components on the legacy OS,which leads to security operation's hidden troubles on the computing terminal,the paper proposes a new computing platform,which is based on the embedded system and tolerates untrusted components.In addition,the platform proposed in this paper doesn't need change hardware structure and the OS on the legacy terminal system.Secondly,the model assures the existence of untrusted components can't bring serious information security threats.At the same time,the paper also proposes a new integrity measurement method which integrates IMA and SB methods,offers effective security protection for the booting of the platform,the loading of the process and the running of the procedure.

     

/

返回文章
返回