CN109977665B - Cloud server starting process anti-theft and anti-tampering method based on TPCM - Google Patents
Cloud server starting process anti-theft and anti-tampering method based on TPCM Download PDFInfo
- Publication number
- CN109977665B CN109977665B CN201910219861.1A CN201910219861A CN109977665B CN 109977665 B CN109977665 B CN 109977665B CN 201910219861 A CN201910219861 A CN 201910219861A CN 109977665 B CN109977665 B CN 109977665B
- Authority
- CN
- China
- Prior art keywords
- firmware
- cloud server
- theft
- soft
- starting instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
Abstract
A cloud server starting process anti-theft and anti-tampering method based on TPCM belongs to the field of information security and trusted computing, in particular to a method for ensuring the safe range of the trusted start and operation of the relevant soft/firmware in the cloud server starting process by using TPCM, which is characterized in that the original start instruction of the soft/firmware is replaced by an anti-theft start instruction, the metric value of the soft/firmware is used as the identification code of the soft/firmware, and the soft/firmware program entry address can be read only after the metric value passes the integrity verification through the one-to-one mapping relation between the metric value in the anti-theft start instruction and the soft/firmware program entry address; meanwhile, the anti-theft starting instruction is encrypted and stored in an external memory, so that the safety of the anti-theft starting instruction is ensured; meanwhile, when the software/firmware is started, the variable memory address is used for loading the anti-theft starting instruction, and the memory space of the anti-theft starting instruction is released after the start is completed, so that a hacker cannot find the anti-theft starting instruction and cannot read the software/firmware program entry address, and the software/firmware anti-theft starting method has dual safety of static storage and dynamic operation.
Description
Technical Field
The invention relates to the field of information security and trusted computing, in particular to a cloud server starting process anti-theft and anti-tampering method based on a Trusted Platform Control Module (TPCM).
Background
With the rapid development of computer technologies and devices, computers have been integrated into aspects of daily life and work of society, technologies such as cloud computing, internet of things, three-network integration and the like related to computers are also increasingly applied to various industries, but with the progress of the technologies, the exposed information security problems are more and more, including computer virus infection, hacker intrusion and the like, which seriously threaten the security of software, hardware, data, information and other resources of computer users by stealing and tampering firmware and software of computers, the traditional software-based security technology is very weak when dealing with the problems, and the trusted computing technology provides a trusted mechanism from the beginning of hardware, and can solve the problems from the bottom layer of the computer. China starts earlier in the fields of information security and trusted computing, the level is not low, a trusted platform control module TPCM is researched and designed, and the trusted platform control module TPCM has the capability of providing cryptographic service and active measurement for a computer system, so that the invention provides an anti-theft and anti-tampering method for the starting process of a cloud server based on the trusted platform control module TPCM.
In a patent with the publication number of CN102819694A entitled "a TCM chip, a virus checking method, and a device for operating the TCM chip", a trusted cryptography module TCM chip including a virus scanning module is disclosed, which scans whether contents to be detected are infected with viruses through virus library characteristic information input by an administrator, and this method needs to collect virus library characteristic information in advance, i.e., a certain virus can be checked out first, but it is impossible to find a new virus, so the method has the disadvantage of hysteresis.
In a patent with publication number CN107317684A and a patent name "a secure operation method and system of a network adapter", a method for signing and encrypting a system image using a trusted cryptography module TCM is disclosed, which can ensure that the integrity of the system image is not tampered, but the method protects files at the image level, and the granularity is too large to protect the security of programs in the image from finer granularity.
Aiming at the technical requirements and the technical defects of the prior patent, the invention provides a cloud server starting process anti-theft and anti-tampering method based on a Trusted Platform Control Module (TPCM). the Trusted Platform Control Module (TPCM) is used for calculating the integrity metric value of the relevant software/firmware of the cloud server starting as an integrity identification code, whether the integrity metric value of the relevant software/firmware of the cloud server starting is equal to the integrity reference value is verified in a trusted starting verification stage of the cloud server so as to judge whether the trusted starting stage of the cloud server can be entered, and the key is that the integrity metric value of the relevant software/firmware of the cloud server starting is bound with a program entry address of the relevant software/firmware of the cloud server starting to generate an anti-theft starting instruction, whether the integrity metric value of the relevant software/firmware of the cloud server starting is equal to the integrity reference value is verified in the trusted, to determine whether the cloud server boot-up related software/firmware can be booted and run. The integrity measurement value of the cloud server starting related software/firmware program is used for verifying the integrity of the software/firmware program, so that the defect of hysteresis of using virus library characteristic information to detect whether the program is tampered in the prior patent is overcome; in addition, the invention starts from the cloud server to start the relevant software/firmware program to verify and protect the integrity of the software/firmware program, and overcomes the defect of too large granularity when the integrity verification is carried out on the system image in the prior patent; more importantly, the method hides the program entry address of the cloud server startup related software/firmware, so that the tampered program can be prevented from running, and the cloud server startup related software/firmware to be started can be prevented from being stolen and tampered.
Disclosure of Invention
The invention provides a method for preventing stealing and tampering in the starting process of a cloud server based on a Trusted Platform Control Module (TPCM), which aims to solve the information security problem that a hacker starts the original program entry address of related software/firmware to enter the inside of a program of the hacker through the cloud server so as to steal and tamper the program of the hacker.
In order to solve the technical problems, the invention adopts the following technical scheme:
a cloud server starting process anti-theft and anti-tamper method based on TPCM is characterized in that, the method is a method for assisting and protecting the trusted start and operation of the cloud server start-up related soft/firmware by using the integrity metric value of the cloud server start-up related soft/firmware after the trusted start-up check is passed as the anti-theft start-up instruction of the integrity identification code, the cloud server is a server on a cloud computing platform, the cloud server startup related software/firmware comprises a Basic Input Output System (BIOS), a Master Boot Record (MBR), an operating system Loader (OS Loader) and an operating system Kernel (OS Kernel), and the operations of integrity measurement, trusted startup verification, anti-theft startup instruction creation and trusted startup and running are performed on the determined software or firmware, and are sequentially realized according to the following steps:
step (1), a cloud server starting process anti-theft and anti-tampering system based on a Trusted Platform Control Module (TPCM) is constructed, the system comprises a cloud server starting related soft/firmware original state data caching module, a cloud server starting related soft/firmware integrity metric caching module, an anti-theft starting instruction module and the Trusted Platform Control Module (TPCM), and the functions of the system are realized by means of a Central Processing Unit (CPU), a Random Access Memory (RAM) and an external memory of the cloud server, wherein:
the cloud server starts the relevant soft/firmware primitive state data cache module, store basic input output system BIOS, master boot record MBR, operating system Loader OS Loader and primitive state data of operating system Kernel program OS Kernel, the above-mentioned cloud server starts the primitive state data of the relevant soft/firmware and expresses as:
{ function identification code DP, network address IP, number ID },
the function identification code DP is distinguished according to the technical effect of starting related software/firmware by the cloud server, the network address IP is distinguished according to the network address of the cloud server where the related software/firmware is started by the cloud server, and the serial number ID is a unique identification code which is used for distinguishing the software or firmware determined in the related software/firmware started by the cloud server from other software and firmware in the related software/firmware started by the cloud server;
the cloud server starts a related soft/firmware integrity metric value caching module, stores an integrity metric value generated in a trusted start verification stage of the cloud server starting the related soft/firmware, and is expressed in a record format as follows: { function identification code DP, network address IP, number ID, integrity metric generation time IM _ T },
the integrity measurement value refers to an integrity measurement value when the cloud server starts a related soft/firmware program, and the integrity measurement value generation time IM _ T refers to a time point when the integrity measurement value is generated;
the anti-theft starting instruction module at least comprises an anti-theft starting instruction generating part, an anti-theft starting instruction executing part, an anti-theft starting instruction releasing part and an anti-theft starting instruction destroying part, wherein:
the anti-theft starting instruction generating part is responsible for generating an anti-theft starting instruction for starting related software/firmware for the cloud server;
the anti-theft starting instruction execution part is responsible for executing an anti-theft starting instruction;
the anti-theft starting instruction destroying part is responsible for deleting invalid or illegal anti-theft starting instructions and releasing the occupied memory address space after the execution of the anti-theft starting instructions is finished or when the illegal anti-theft starting instructions are met;
the anti-theft starting instruction AT least comprises a function identification code DP of the relevant soft/firmware started by the cloud server, an integrity metric value generation time IM _ T, an integrity metric value, an anti-theft starting instruction generation time AT _ T, a program entry address of the relevant soft/firmware started by the cloud server and an original starting instruction of the relevant soft/firmware started by the cloud server, wherein the integrity metric value of the relevant soft/firmware started by the cloud server and the program entry address of the relevant soft/firmware started by the cloud server form a one-to-one mapping relation, and the anti-theft starting instruction linked list of the relevant soft/firmware started by the cloud server is encrypted and stored in an external memory in a form of a linked list;
the anti-theft starting instruction generation time AT _ T is used for judging whether the anti-theft starting instruction is invalid or not;
the trusted platform control module TPCM and the cloud server mainboard are bound together through a physical interface, the trusted platform control module TPCM comprises a trusted cryptography module TCM and a cloud server startup related software/firmware integrity measurement module, wherein:
the trusted cryptography module TCM at least comprises an SM3 hash operation unit, an SMS4 symmetric cryptography operation unit and an input/output interface;
the cloud server starts the related soft/firmware integrity measurement module and at least comprises an integrity measurement value generation part and an integrity measurement value comparison part;
step (2), performing trusted boot check on the cloud server boot-related software/firmware, and the steps are as follows:
step (2.1), at an initial trusted boot verification time T0, the cloud server boot-related soft/firmware integrity measurement module respectively calculates an integrity measurement value of the cloud server boot-related soft/firmware according to a cloud server boot-related soft/firmware program corresponding to original state data of the cloud server boot-related soft/firmware, and simultaneously encrypts and stores the integrity measurement value in an external memory in a record format, wherein the integrity measurement value generation time IM _ T is T0;
defaulting that the cloud server startup related software/firmware program is not tampered at the trusted startup verification initial time t0, and taking the integrity metric value of the cloud server startup related software/firmware at the time as an integrity reference value of the cloud server startup related software/firmware;
step (2.2), at a trusted start simulation time T1, the cloud server start-up related soft/firmware integrity measurement module respectively calculates integrity measurement values of cloud server start-up related soft/firmware according to cloud server start-up related soft/firmware programs corresponding to original state data of the cloud server start-up related soft/firmware, encrypts the integrity measurement values in a record format, and sends the encrypted integrity measurement values to the cloud server start-up related soft/firmware integrity measurement value cache module, wherein the integrity measurement value generation time IM _ T is T1;
compared with the trusted start simulation time t1, the trusted start verification initial time t0 is that the original state data of the cloud server start-up related software/firmware is the same at the front and back times, but the cloud server start-up related software/firmware program may be different at the front and back times due to tampering, and the obtained integrity measurement values may also be different;
step (2.3), the cloud server starts the related soft/firmware integrity measurement module to extract the integrity measurement value record of the cloud server start related soft/firmware at the trusted start check initial time t0 from the external memory, according to the description of the step (2.1), the integrity reference value record of the cloud server startup related software/firmware is called, the integrity reference value record is decrypted by a trusted cryptography module TCM to obtain the integrity reference value of the cloud server startup related software/firmware, and extracts the integrity metric value record of the cloud server startup related soft/firmware at the trusted startup simulation time t1 from the cloud server startup related soft/firmware integrity metric value cache module, decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server startup related soft/firmware, and then the cloud server starts a related soft/firmware integrity measurement module to judge whether the two are equal:
if the two are not equal, the cloud server starts the credible start check failure of the related soft/firmware;
if the two are equal, the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server to start the related software/firmware, and then enters a trusted starting and running stage for the cloud server to start the related software/firmware;
step (3), the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server starting related soft/firmware which passes the trusted starting inspection, and encapsulates the program entry address of the cloud server starting related soft/firmware and the original starting instruction in the anti-theft starting instruction to replace the original starting instruction of the cloud server starting related soft/firmware, and the steps are as follows:
step (3.1), the anti-theft starting instruction module extracts an integrity metric value record of the cloud server starting related soft/firmware from the cloud server starting related soft/firmware integrity metric value cache module, and decrypts the integrity metric value record through the trusted cryptography module TCM to obtain a function identification code DP of the cloud server starting related soft/firmware, an integrity metric value generation time IM _ T and an integrity metric value;
step (3.2), the anti-theft starting instruction module extracts the cloud server starting related soft/firmware program from the read only memory or the external memory, and resolves the program entry address of the cloud server starting related soft/firmware and the original starting instruction;
step (3.3), the anti-theft starting instruction module respectively starts related soft/firmware for the cloud server to generate an anti-theft starting instruction according to the content obtained or analyzed in the step (3.1) and the step (3.2) and the anti-theft starting instruction generation time AT _ T, and encrypts and stores the anti-theft starting instruction in an external memory;
and (4) the cloud server starts a trusted starting and running stage of the related software/firmware, and the steps are as follows:
step (4.1), the anti-theft starting instruction module extracts an anti-theft starting instruction of the cloud server starting related soft/firmware waiting to be started from an external memory, decrypts the anti-theft starting instruction by the trusted cryptography module TCM, and loads the anti-theft starting instruction into a random and blank memory address space by the anti-theft starting instruction module;
step (4.2), the anti-theft start instruction module extracts the integrity metric value of the cloud server start related soft/firmware waiting to be started from the memory address space occupied by the anti-theft start instruction in step (4.1), extracts the integrity metric value record of the corresponding cloud server start related soft/firmware from the external memory, calls the integrity metric value record of the cloud server start related soft/firmware according to the description in step (2.1), decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server start related soft/firmware, and then judges whether the two are equal by the cloud server start related soft/firmware integrity metric module:
if the two are not equal, the anti-theft starting instruction is illegal, the anti-theft starting instruction module deletes the instruction and releases the memory address space of the instruction, the anti-theft starting instruction module regenerates a new anti-theft starting instruction according to the step (3), and returns to the step (4.1) to restart execution;
if the two are equal, continuing to execute the next step;
step (4.3), the anti-theft starting instruction module extracts a program entry address of cloud server starting related soft/firmware and an original starting instruction from the memory address space occupied by the anti-theft starting instruction in the step (4.1), and starts and operates the cloud server starting related soft/firmware program;
and (4.4) releasing the memory address space occupied by the anti-theft starting instruction in the step (4.1) by the anti-theft starting instruction module.
Compared with a method for reading programs of related software/firmware by using original starting instructions of the cloud server for starting the related software/firmware, the method has the following advantages: the integrity metric value of the cloud server startup related software/firmware and the program entry address of the cloud server startup related software/firmware are mapped one by one, and an anti-theft startup instruction is generated for each cloud server startup related software/firmware, so that an alien intruder cannot start the integrity verification of the related software/firmware through the cloud server, and the concealment of the program entry address of the cloud server startup related software/firmware is protected; the anti-theft starting instruction is encrypted and stored permanently by utilizing an external memory and is loaded into a blank memory address space randomly when in use, so that an external invader cannot find the memory address of the anti-theft starting instruction at all and cannot find the program entry address of the cloud server starting related software/firmware; according to the method and the device, the mapping relation between the integrity metric value of the cloud server startup related software/firmware and the program entry address of the cloud server startup related software/firmware can be used for detecting whether an external intrusion event occurs in the whole process from the initial moment of the cloud server startup related software/firmware trusted startup verification to the completion of the trusted startup stage.
Drawings
FIG. 1 is a block diagram of the present system;
FIG. 2 is a flow chart of the main program of the present system;
FIG. 3 is a chain structure diagram of the system for anti-theft activation command.
Detailed Description
The invention provides a method for preventing stealing and tampering in the starting process of a cloud server based on a Trusted Platform Control Module (TPCM), which aims to solve the information security problem that a hacker starts the original program entry address of related software/firmware to enter the inside of a program of the hacker through the cloud server so as to steal and tamper the program of the hacker.
The purpose, technical scheme and advantages and disadvantages of the present invention are described in detail below with reference to the following embodiments of the present invention, which are trusted boot processes of a cloud server in a cloud computing platform, and with reference to the accompanying drawings of the specification, a main program flow of the present invention is implemented in the following steps in sequence as shown in fig. 2:
step (1), a cloud server starting process anti-theft and anti-tampering system based on a Trusted Platform Control Module (TPCM) is constructed, as shown in the attached figure 1, the system comprises a cloud server starting related software/firmware original state data caching module, a cloud server starting related software/firmware integrity metric caching module, an anti-theft starting instruction module and the Trusted Platform Control Module (TPCM), and the functions of the system are realized by means of a Central Processing Unit (CPU), a Random Access Memory (RAM) and an external memory of the cloud server, wherein:
the cloud server starts the relevant soft/firmware primitive state data cache module, store basic input output system BIOS, master boot record MBR, operating system Loader OS Loader and primitive state data of operating system Kernel program OS Kernel, the above-mentioned cloud server starts the primitive state data of the relevant soft/firmware and expresses as:
{ function identification code DP, network address IP, number ID },
the function identification code DP is distinguished according to the technical effect of starting related software/firmware by the cloud server, the network address IP is distinguished according to the network address of the cloud server where the related software/firmware is started by the cloud server, and the serial number ID is a unique identification code which is used for distinguishing the software or firmware determined in the related software/firmware started by the cloud server from other software and firmware in the related software/firmware started by the cloud server;
the cloud server starts a related soft/firmware integrity metric value caching module, stores an integrity metric value generated in a trusted start verification stage of the cloud server starting the related soft/firmware, and is expressed in a record format as follows:
{ function identification code DP, network address IP, number ID, integrity metric generation time IM _ T },
the integrity measurement value refers to an integrity measurement value when the cloud server starts a related soft/firmware program, and the integrity measurement value generation time IM _ T refers to a time point when the integrity measurement value is generated;
the anti-theft starting instruction module at least comprises an anti-theft starting instruction generating part, an anti-theft starting instruction executing part, an anti-theft starting instruction releasing part and an anti-theft starting instruction destroying part, wherein:
the anti-theft starting instruction generating part is responsible for generating an anti-theft starting instruction for starting related software/firmware for the cloud server;
the anti-theft starting instruction execution part is responsible for executing an anti-theft starting instruction;
the anti-theft starting instruction destroying part is responsible for deleting invalid or illegal anti-theft starting instructions and releasing the occupied memory address space after the execution of the anti-theft starting instructions is finished or when the illegal anti-theft starting instructions are met;
the anti-theft starting instruction AT least comprises a function identification code DP of the cloud server starting related soft/firmware, an integrity metric value generation time IM _ T, an integrity metric value, an anti-theft starting instruction generation time AT _ T, a program entry address of the cloud server starting related soft/firmware and an original starting instruction of the cloud server starting related soft/firmware, and is characterized in that the integrity metric value of the cloud server starting related soft/firmware and the program entry address of the cloud server starting related soft/firmware form a one-to-one mapping relation, and the anti-theft starting instruction of the cloud server starting related soft/firmware is encrypted and stored in an external memory in a form of a linked list, as shown in figure 3;
the anti-theft starting instruction generation time AT _ T is used for judging whether the anti-theft starting instruction is invalid or not;
the trusted platform control module TPCM and the cloud server mainboard are bound together through a physical interface, the trusted platform control module TPCM comprises a trusted cryptography module TCM and a cloud server startup related software/firmware integrity measurement module, wherein:
the trusted cryptography module TCM at least comprises an SM3 hash operation unit, an SMS4 symmetric cryptography operation unit and an input/output interface;
the SM3 hash operation unit provides a hash operation function and provides support for the cloud server starting related soft/firmware integrity measurement module to calculate the cloud server starting related soft/firmware integrity measurement value;
the SMS4 symmetric cryptographic operation unit provides functions of generating SMS4 symmetric keys and executing SMS4 encryption/decryption, and provides support for encryption storage and decryption to use a cloud server to start a related soft/firmware integrity reference value and an anti-theft starting instruction;
the cloud server starts the related soft/firmware integrity measurement module and at least comprises an integrity measurement value generation part and an integrity measurement value comparison part;
step (2), performing trusted boot check on the cloud server boot-related software/firmware, and the steps are as follows:
step (2.1), at an initial trusted boot verification time T0, the cloud server boot-related soft/firmware integrity measurement module respectively calculates an integrity measurement value of the cloud server boot-related soft/firmware according to a cloud server boot-related soft/firmware program corresponding to original state data of the cloud server boot-related soft/firmware, and simultaneously encrypts and stores the integrity measurement value in an external memory in a record format, wherein the integrity measurement value generation time IM _ T is T0;
defaulting that the cloud server startup related software/firmware program is not tampered at the trusted startup verification initial time t0, and taking the integrity metric value of the cloud server startup related software/firmware at the time as an integrity reference value of the cloud server startup related software/firmware;
step (2.2), at a trusted start simulation time T1, the cloud server start-up related soft/firmware integrity measurement module respectively calculates integrity measurement values of cloud server start-up related soft/firmware according to cloud server start-up related soft/firmware programs corresponding to original state data of the cloud server start-up related soft/firmware, encrypts the integrity measurement values in a record format, and sends the encrypted integrity measurement values to the cloud server start-up related soft/firmware integrity measurement value cache module, wherein the integrity measurement value generation time IM _ T is T1;
compared with the trusted start simulation time t1, the trusted start verification initial time t0 is that the original state data of the cloud server start-up related software/firmware is the same at the front and back times, but the cloud server start-up related software/firmware program may be different at the front and back times due to tampering, and the obtained integrity measurement values may also be different;
step (2.3), the cloud server starts the related soft/firmware integrity measurement module to extract the integrity measurement value record of the cloud server start related soft/firmware at the trusted start check initial time t0 from the external memory, according to the description of the step (2.1), the integrity reference value record of the cloud server startup related software/firmware is called, the integrity reference value record is decrypted by a trusted cryptography module TCM to obtain the integrity reference value of the cloud server startup related software/firmware, and extracts the integrity metric value record of the cloud server startup related soft/firmware at the trusted startup simulation time t1 from the cloud server startup related soft/firmware integrity metric value cache module, decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server startup related soft/firmware, and then the cloud server starts a related soft/firmware integrity measurement module to judge whether the two are equal:
if the two are not equal, the cloud server starts the credible start check failure of the related soft/firmware;
if the two are equal, the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server to start the related software/firmware, and then enters a trusted starting and running stage for the cloud server to start the related software/firmware;
step (3), the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server starting related soft/firmware which passes the trusted starting inspection, and encapsulates the program entry address of the cloud server starting related soft/firmware and the original starting instruction in the anti-theft starting instruction to replace the original starting instruction of the cloud server starting related soft/firmware, and the steps are as follows:
step (3.1), the anti-theft starting instruction module extracts an integrity metric value record of the cloud server starting related soft/firmware from the cloud server starting related soft/firmware integrity metric value cache module, and decrypts the integrity metric value record through the trusted cryptography module TCM to obtain a function identification code DP of the cloud server starting related soft/firmware, an integrity metric value generation time IM _ T and an integrity metric value;
step (3.2), the anti-theft starting instruction module extracts the cloud server starting related soft/firmware program from the read only memory or the external memory, and resolves the program entry address of the cloud server starting related soft/firmware and the original starting instruction;
step (3.3), the anti-theft starting instruction module respectively starts related soft/firmware for the cloud server to generate an anti-theft starting instruction according to the content obtained or analyzed in the step (3.1) and the step (3.2) and the anti-theft starting instruction generation time AT _ T, and encrypts and stores the anti-theft starting instruction in an external memory;
and (4) the cloud server starts a trusted starting and running stage of the related software/firmware, and the steps are as follows:
step (4.1), the anti-theft starting instruction module extracts an anti-theft starting instruction of the cloud server starting related soft/firmware waiting to be started from an external memory, decrypts the anti-theft starting instruction by the trusted cryptography module TCM, and loads the anti-theft starting instruction into a random and blank memory address space by the anti-theft starting instruction module;
step (4.2), the anti-theft start instruction module extracts the integrity metric value of the cloud server start related soft/firmware waiting to be started from the memory address space occupied by the anti-theft start instruction in step (4.1), extracts the integrity metric value record of the corresponding cloud server start related soft/firmware from the external memory, calls the integrity metric value record of the cloud server start related soft/firmware according to the description in step (2.1), decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server start related soft/firmware, and then judges whether the two are equal by the cloud server start related soft/firmware integrity metric module:
if the two are not equal, the anti-theft starting instruction is illegal, the anti-theft starting instruction module deletes the instruction and releases the memory address space of the instruction, the anti-theft starting instruction module regenerates a new anti-theft starting instruction according to the step (3), and returns to the step (4.1) to restart execution;
if the two are equal, continuing to execute the next step;
step (4.3), the anti-theft starting instruction module extracts a program entry address of cloud server starting related soft/firmware and an original starting instruction from the memory address space occupied by the anti-theft starting instruction in the step (4.1), and starts and operates the cloud server starting related soft/firmware program;
and (4.4) releasing the memory address space occupied by the anti-theft starting instruction in the step (4.1) by the anti-theft starting instruction module.
Claims (1)
1. A cloud server starting process anti-theft and anti-tamper method based on TPCM is characterized in that, the method is a method for assisting and protecting the trusted start and operation of the cloud server start-up related soft/firmware by using the integrity metric value of the cloud server start-up related soft/firmware after the trusted start-up check is passed as the anti-theft start-up instruction of the integrity identification code, the cloud server is a server on a cloud computing platform, the cloud server startup related software/firmware comprises a Basic Input Output System (BIOS), a Master Boot Record (MBR), an operating system Loader (OS Loader) and an operating system Kernel (OS Kernel), and the operations of integrity measurement, trusted startup verification, anti-theft startup instruction creation and trusted startup and running are performed on the determined software or firmware, and are sequentially realized according to the following steps:
step (1), a cloud server starting process anti-theft and anti-tampering system based on a Trusted Platform Control Module (TPCM) is constructed, the system comprises a cloud server starting related soft/firmware original state data caching module, a cloud server starting related soft/firmware integrity metric caching module, an anti-theft starting instruction module and the Trusted Platform Control Module (TPCM), and the functions of the system are realized by means of a Central Processing Unit (CPU), a Random Access Memory (RAM) and an external memory of the cloud server, wherein:
the cloud server starts the relevant soft/firmware primitive state data cache module, store basic input output system BIOS, master boot record MBR, operating system Loader OS Loader and primitive state data of operating system Kernel program OS Kernel, the above-mentioned cloud server starts the primitive state data of the relevant soft/firmware and expresses as:
{ function identification code DP, network address IP, number ID },
the function identification code DP is distinguished according to the technical effect of starting related software/firmware by the cloud server, the network address IP is distinguished according to the network address of the cloud server where the related software/firmware is started by the cloud server, and the serial number ID is a unique identification code which is used for distinguishing the software or firmware determined in the related software/firmware started by the cloud server from other software and firmware in the related software/firmware started by the cloud server;
the cloud server starts a related soft/firmware integrity metric value caching module, stores an integrity metric value generated in a trusted start verification stage of the cloud server starting the related soft/firmware, and is expressed in a record format as follows:
{ function identification code DP, network address IP, number ID, integrity metric generation time IM _ T },
the integrity measurement value refers to an integrity measurement value when the cloud server starts a related soft/firmware program, and the integrity measurement value generation time IM _ T refers to a time point when the integrity measurement value is generated;
the anti-theft starting instruction module at least comprises an anti-theft starting instruction generating part, an anti-theft starting instruction executing part, an anti-theft starting instruction releasing part and an anti-theft starting instruction destroying part, wherein:
the anti-theft starting instruction generating part is responsible for generating an anti-theft starting instruction for starting related software/firmware for the cloud server;
the anti-theft starting instruction execution part is responsible for executing an anti-theft starting instruction;
the anti-theft starting instruction destroying part is responsible for deleting invalid or illegal anti-theft starting instructions and releasing the occupied memory address space after the execution of the anti-theft starting instructions is finished or when the illegal anti-theft starting instructions are met;
the anti-theft starting instruction AT least comprises a function identification code DP of the relevant soft/firmware started by the cloud server, an integrity metric value generation time IM _ T, an integrity metric value, an anti-theft starting instruction generation time AT _ T, a program entry address of the relevant soft/firmware started by the cloud server and an original starting instruction of the relevant soft/firmware started by the cloud server, wherein the integrity metric value of the relevant soft/firmware started by the cloud server and the program entry address of the relevant soft/firmware started by the cloud server form a one-to-one mapping relation, and the anti-theft starting instruction linked list of the relevant soft/firmware started by the cloud server is encrypted and stored in an external memory in a form of a linked list;
the anti-theft starting instruction generation time AT _ T is used for judging whether the anti-theft starting instruction is invalid or not;
the trusted platform control module TPCM and the cloud server mainboard are bound together through a physical interface, the trusted platform control module TPCM comprises a trusted cryptography module TCM and a cloud server startup related software/firmware integrity measurement module, wherein:
the trusted cryptography module TCM at least comprises an SM3 hash operation unit, an SMS4 symmetric cryptography operation unit and an input/output interface;
the cloud server starts the related soft/firmware integrity measurement module and at least comprises an integrity measurement value generation part and an integrity measurement value comparison part;
step (2), performing trusted boot check on the cloud server boot-related software/firmware, and the steps are as follows:
step (2.1), at an initial trusted boot verification time T0, the cloud server boot-related soft/firmware integrity measurement module respectively calculates an integrity measurement value of the cloud server boot-related soft/firmware according to a cloud server boot-related soft/firmware program corresponding to original state data of the cloud server boot-related soft/firmware, and simultaneously encrypts and stores the integrity measurement value in an external memory in a record format, wherein the integrity measurement value generation time IM _ T is T0;
defaulting that the cloud server startup related software/firmware program is not tampered at the trusted startup verification initial time t0, and taking the integrity metric value of the cloud server startup related software/firmware at the time as an integrity reference value of the cloud server startup related software/firmware;
step (2.2), at a trusted start simulation time T1, the cloud server start-up related soft/firmware integrity measurement module respectively calculates integrity measurement values of cloud server start-up related soft/firmware according to cloud server start-up related soft/firmware programs corresponding to original state data of the cloud server start-up related soft/firmware, encrypts the integrity measurement values in a record format, and sends the encrypted integrity measurement values to the cloud server start-up related soft/firmware integrity measurement value cache module, wherein the integrity measurement value generation time IM _ T is T1;
step (2.3), the cloud server starts the related soft/firmware integrity measurement module to extract the integrity measurement value record of the cloud server start related soft/firmware at the trusted start check initial time t0 from the external memory, according to the description of the step (2.1), the integrity reference value record of the cloud server startup related software/firmware is called, the integrity reference value record is decrypted by a trusted cryptography module TCM to obtain the integrity reference value of the cloud server startup related software/firmware, and extracts the integrity metric value record of the cloud server startup related soft/firmware at the trusted startup simulation time t1 from the cloud server startup related soft/firmware integrity metric value cache module, decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server startup related soft/firmware, and then the cloud server starts a related soft/firmware integrity measurement module to judge whether the two are equal:
if the two are not equal, the cloud server starts the credible start check failure of the related soft/firmware;
if the two are equal, the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server to start the related software/firmware, and then enters a trusted starting and running stage for the cloud server to start the related software/firmware;
step (3), the anti-theft starting instruction module respectively creates an anti-theft starting instruction for the cloud server starting related soft/firmware which passes the trusted starting inspection, and encapsulates the program entry address of the cloud server starting related soft/firmware and the original starting instruction in the anti-theft starting instruction to replace the original starting instruction of the cloud server starting related soft/firmware, and the steps are as follows:
step (3.1), the anti-theft starting instruction module extracts an integrity metric value record of the cloud server starting related soft/firmware from the cloud server starting related soft/firmware integrity metric value cache module, and decrypts the integrity metric value record through the trusted cryptography module TCM to obtain a function identification code DP of the cloud server starting related soft/firmware, an integrity metric value generation time IM _ T and an integrity metric value;
step (3.2), the anti-theft starting instruction module extracts the cloud server starting related soft/firmware program from the read only memory or the external memory, and resolves the program entry address of the cloud server starting related soft/firmware and the original starting instruction;
step (3.3), the anti-theft starting instruction module respectively starts related soft/firmware for the cloud server to generate an anti-theft starting instruction according to the content obtained or analyzed in the step (3.1) and the step (3.2) and the anti-theft starting instruction generation time AT _ T, and encrypts and stores the anti-theft starting instruction in an external memory;
and (4) the cloud server starts a trusted starting and running stage of the related software/firmware, and the steps are as follows:
step (4.1), the anti-theft starting instruction module extracts an anti-theft starting instruction of the cloud server starting related soft/firmware waiting to be started from an external memory, decrypts the anti-theft starting instruction by the trusted cryptography module TCM, and loads the anti-theft starting instruction into a random and blank memory address space by the anti-theft starting instruction module;
step (4.2), the anti-theft start instruction module extracts the integrity metric value of the cloud server start related soft/firmware waiting to be started from the memory address space occupied by the anti-theft start instruction in step (4.1), extracts the integrity metric value record of the corresponding cloud server start related soft/firmware from the external memory, calls the integrity metric value record of the cloud server start related soft/firmware according to the description in step (2.1), decrypts the integrity metric value record by the trusted cryptography module TCM to obtain the integrity metric value of the cloud server start related soft/firmware, and then judges whether the two are equal by the cloud server start related soft/firmware integrity metric module:
if the two are not equal, the anti-theft starting instruction is illegal, the anti-theft starting instruction module deletes the instruction and releases the memory address space of the instruction, the anti-theft starting instruction module regenerates a new anti-theft starting instruction according to the step (3), and returns to the step (4.1) to restart execution;
if the two are equal, continuing to execute the next step;
step (4.3), the anti-theft starting instruction module extracts a program entry address of cloud server starting related soft/firmware and an original starting instruction from the memory address space occupied by the anti-theft starting instruction in the step (4.1), and starts and operates the cloud server starting related soft/firmware program;
and (4.4) releasing the memory address space occupied by the anti-theft starting instruction in the step (4.1) by the anti-theft starting instruction module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910219861.1A CN109977665B (en) | 2019-03-22 | 2019-03-22 | Cloud server starting process anti-theft and anti-tampering method based on TPCM |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910219861.1A CN109977665B (en) | 2019-03-22 | 2019-03-22 | Cloud server starting process anti-theft and anti-tampering method based on TPCM |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109977665A CN109977665A (en) | 2019-07-05 |
| CN109977665B true CN109977665B (en) | 2021-01-01 |
Family
ID=67080051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910219861.1A Active CN109977665B (en) | 2019-03-22 | 2019-03-22 | Cloud server starting process anti-theft and anti-tampering method based on TPCM |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109977665B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110414235B (en) * | 2019-07-08 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Active immune double-system based on ARM TrustZone |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7590867B2 (en) * | 2004-06-24 | 2009-09-15 | Intel Corporation | Method and apparatus for providing secure virtualization of a trusted platform module |
| CN101834860B (en) * | 2010-04-22 | 2013-01-30 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
| CN101901319B (en) * | 2010-07-23 | 2012-02-08 | 北京工业大学 | Trusted computing platform and method for verifying trusted chain transfer |
| CN102063592B (en) * | 2011-01-07 | 2013-03-06 | 北京工业大学 | Credible platform and method for controlling hardware equipment by using same |
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
| WO2013115776A1 (en) * | 2012-01-30 | 2013-08-08 | Intel Corporation | Remote trust attestation and geo-location of of servers and clients in cloud computing environments |
| CN103488937B (en) * | 2013-09-16 | 2017-02-22 | 华为技术有限公司 | Measuring method, electronic equipment and measuring system |
| US10051069B2 (en) * | 2014-11-26 | 2018-08-14 | International Business Machines Corporation | Action based trust modeling |
-
2019
- 2019-03-22 CN CN201910219861.1A patent/CN109977665B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109977665A (en) | 2019-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112074836B (en) | Apparatus and method for protecting data through trusted execution environment | |
| CN103038745B (en) | Extension integrity measurement | |
| EP1980970B1 (en) | Dynamic trust management | |
| US11714910B2 (en) | Measuring integrity of computing system | |
| US20060155988A1 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
| US20060161769A1 (en) | Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module | |
| JP2000516373A (en) | Method and apparatus for secure processing of encryption keys | |
| KR20130114726A (en) | System and method for tamper-resistant booting | |
| TW201500960A (en) | Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| JP2014524088A (en) | Secure host execution architecture | |
| CN113190831A (en) | TEE-based operating system application integrity measurement method and system | |
| Ling et al. | Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes | |
| CN112800429A (en) | Method for protecting driver in UEFI BIOS firmware system based on foundation | |
| US20080178257A1 (en) | Method for integrity metrics management | |
| US9122864B2 (en) | Method and apparatus for transitive program verification | |
| WO2013039527A1 (en) | Security mechanism for developmental operating systems | |
| CN109977665B (en) | Cloud server starting process anti-theft and anti-tampering method based on TPCM | |
| Frazelle | Securing the Boot Process: The hardware root of trust | |
| US20220092189A1 (en) | Implementation of Trusted Computing System Based on Master Controller of Solid-State Drive | |
| Frazelle | Securing the boot process | |
| CN112948771A (en) | Authority verification method and device, readable storage medium and electronic equipment | |
| CN115964758A (en) | TrustZone-based kernel data integrity protection method | |
| EP2735992B1 (en) | Software identification | |
| KR101893504B1 (en) | A file integrity test in linux environment device and method | |
| JP2005182509A (en) | Computer system and data tampering detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |