CN104331666A - Trusted measurement method for computer systems - Google Patents
Trusted measurement method for computer systems Download PDFInfo
- Publication number
- CN104331666A CN104331666A CN201410624170.7A CN201410624170A CN104331666A CN 104331666 A CN104331666 A CN 104331666A CN 201410624170 A CN201410624170 A CN 201410624170A CN 104331666 A CN104331666 A CN 104331666A
- Authority
- CN
- China
- Prior art keywords
- computer system
- cryptographic hash
- read
- catalogue
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a trusted measurement method for computer systems. Aiming at a computer system to be protected, a file characteristic Hash value calculation program is used for scanning directories in the computer system, and calculates the Hash values of the files in the directories, and the calculated Hash values are written into a read only memory device for initialization; when trusted measurement needs to be carried out for the computer system, the Hash values, which are calculated by using the file characteristic Hash value calculation program, of the files in the directories are compared with the Hash values in the read only memory device, and if the Hash values of the files in the directories are consistent with the Hash values in the read only memory device, then the current computer system environment is trustable. The method ensures the authenticity of computer system data, realizes data protection and ensures the authenticity of codes.
Description
Technical field
The present invention relates to a kind of computer system confidence level metering method, particularly relate to a kind of computer system confidence level metering method being applicable to computer environment creditability measurement.
Background technology
Trust computing (Trusted Computing) is calculating and widely use in communication system the credible calculating platform under supporting based on hardware security module, to improve a kind of technology of the security of entire system.
In trust computing, need the multiple hardwares such as use safety coprocessor, cryptography accelerators, individual token, dongle, credible platform module to realize the function such as confidentiality and code protection of the authenticity of data, the confidentiality of data, data protection and code authenticity, code.And the tolerance of system credibility can be provided to be realize a more crucial fundamental of above-mentioned functions.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of credible platform module of light weight, is used for ensureing the authenticity of data, realizes data protection and ensure code authenticity
The technical solution used in the present invention is as follows:
A kind of computer system confidence level metering method, its method is: for the computer system that will protect, by the catalogue in file characteristic cryptographic hash calculation procedure scanning computer system, and calculate the cryptographic hash of catalogue file, by the cryptographic hash initialization write read only memory devices calculated; When needs carry out credible tolerance to computer system, calculate the cryptographic hash of described catalogue file with described file characteristic cryptographic hash calculation procedure, compare with the cryptographic hash in ROM (read-only memory) equipment, if consistent, show that current computer systems environment is credible.
As preferably, described file characteristic cryptographic hash calculation procedure is SHA-1, MD5 or other custom-designed hash algorithms of standard.
As preferably, the catalogue in the computer system of described scanning is all catalogues or part assigned catalogue.
As preferably, described read only memory devices is USB read only memory devices.
Compared with prior art, the invention has the beneficial effects as follows: ensure that the authenticity of computer system data, realize data protection and ensure code authenticity.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Arbitrary feature disclosed in this instructions (comprising any accessory claim, summary), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
A kind of computer system confidence level metering method, its method is: for the computer system that will protect, by the catalogue in file characteristic cryptographic hash calculation procedure scanning computer system, and calculate the cryptographic hash of catalogue file, by the cryptographic hash initialization write read only memory devices calculated; When needs carry out credible tolerance to computer system, calculate the cryptographic hash of described catalogue file with described file characteristic cryptographic hash calculation procedure, compare with the cryptographic hash in ROM (read-only memory) equipment, if consistent, show that current computer systems environment is credible.
The present invention combines mainly through software and hardware module, provides a kind of credible platform module of light weight, can be used in trust computing, as the tolerance of system credibility, is used for ensureing the authenticity of data, realizes data protection and ensure code authenticity.
In this specific embodiment, described read only memory devices is USB read only memory devices.
In order to provide creditability measurement to trusted computer system, just need believable, can not a to be tampered trusted root.Adopt read-only USB storage device to serve as the role of this trusted root.Read-only USB storage device can only write one piece of data by special importing equipment at the time standby dispatched from the factory, and can only read, can not revise after this segment data.Therefore read-only USB storage device just can be used for the cryptographic hash of saved system file, uses as a trusted root.
And produce the trusted root data be kept in read-only USB storage device, just need a set of file cryptographic hash software for calculation.This cover software can according to configuration, and the All Files under some critical directories of scan operation system, produces system file feature cryptographic hash with SHA-1, MD5 of standard or other custom-designed hash algorithms.What hash algorithm no matter to produce the feature cryptographic hash of system file with, finally carry out hash algorithm during credible tolerance, must calculate with the feature cryptographic hash be kept in read only memory devices the hash algorithm adopted identical.
Before trusted computer system dispatches from the factory, first with above-mentioned file cryptographic hash software for calculation scanning system critical file, produce feature cryptographic hash, then use Special Equipment this feature cryptographic hash to be write in read-only USB storage device.Read-only USB storage device, file cryptographic hash software for calculation are sold with trusted computer system.In the process that trusted computer system uses, the file characteristic cryptographic hash that user can use file cryptographic hash software for calculation to calculate current system at any time compares with the file characteristic cryptographic hash of dispatching from the factory of preserving in read-only USB storage device.Once cryptographic hash changes, just show that current system may be revised by virus or Malware, environment is no longer credible.Thus the tolerance realized system credibility.
Catalogue in the computer system of described scanning is all catalogues or part assigned catalogue, determines according to real needs.The system file that will scan when user will write feature cryptographic hash in USB storage device at first, can put white list under some file on-demand, calculates in the process of cryptographic hash automatically ignore in scanning.
The present invention program's lightweight, does not need the hardware and software of amendment system; Flexibly, with low cost, a USB read only memory devices can provide credible tolerance for any number of identical computer system; Trust computing tolerance accurately, can take precautions against the destruction of various rogue program and bogusware; The platform that collapses is suitable for, and to the computer system of all kinds of Linux, windows system, all can realize the tolerance to trusted context.
Claims (4)
1. a computer system confidence level metering method, its method is: for the computer system that will protect, by the catalogue in file characteristic cryptographic hash calculation procedure scanning computer system, and calculate the cryptographic hash of catalogue file, by the cryptographic hash initialization write read only memory devices calculated; When needs carry out credible tolerance to computer system, calculate the cryptographic hash of described catalogue file with described file characteristic cryptographic hash calculation procedure, compare with the cryptographic hash in ROM (read-only memory) equipment, if consistent, show that current computer systems environment is credible.
2. computer system confidence level metering method according to claim 1, described file characteristic cryptographic hash calculation procedure is SHA-1, MD5 or other custom-designed hash algorithms of standard.
3. computer system confidence level metering method according to claim 1, the catalogue in the computer system of described scanning is all catalogues or part assigned catalogue.
4. computer system confidence level metering method according to claim 1, described read only memory devices is USB read only memory devices.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410624170.7A CN104331666A (en) | 2014-11-10 | 2014-11-10 | Trusted measurement method for computer systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410624170.7A CN104331666A (en) | 2014-11-10 | 2014-11-10 | Trusted measurement method for computer systems |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104331666A true CN104331666A (en) | 2015-02-04 |
Family
ID=52406388
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410624170.7A Pending CN104331666A (en) | 2014-11-10 | 2014-11-10 | Trusted measurement method for computer systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104331666A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106557700A (en) * | 2016-11-24 | 2017-04-05 | 苏州国芯科技有限公司 | A kind of gauging system and method for trusted computer |
| CN108319473A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | Terminal system starts method and apparatus |
| CN108920957A (en) * | 2018-06-29 | 2018-11-30 | 北京奇虎科技有限公司 | The method and device of data safety detection |
| CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
| CN111901305A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Memory operation method and device, storage medium and electronic device |
| WO2024000497A1 (en) * | 2022-06-30 | 2024-01-04 | 西门子(中国)有限公司 | Security detection method and apparatus for memory, and computer device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991779A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Safety chip based virus prevention method |
| CN101620659A (en) * | 2009-07-14 | 2010-01-06 | 北京大学 | Hook detecting method under Windows operation system |
| US8087084B1 (en) * | 2006-06-28 | 2011-12-27 | Emc Corporation | Security for scanning objects |
| US8302193B1 (en) * | 2008-05-30 | 2012-10-30 | Symantec Corporation | Methods and systems for scanning files for malware |
| CN103679002A (en) * | 2013-12-12 | 2014-03-26 | 小米科技有限责任公司 | Method and device for monitoring file change and server |
| CN103927490A (en) * | 2014-04-25 | 2014-07-16 | 华为技术有限公司 | OS secure startup method and device |
-
2014
- 2014-11-10 CN CN201410624170.7A patent/CN104331666A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991779A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Safety chip based virus prevention method |
| US8087084B1 (en) * | 2006-06-28 | 2011-12-27 | Emc Corporation | Security for scanning objects |
| US8302193B1 (en) * | 2008-05-30 | 2012-10-30 | Symantec Corporation | Methods and systems for scanning files for malware |
| CN101620659A (en) * | 2009-07-14 | 2010-01-06 | 北京大学 | Hook detecting method under Windows operation system |
| CN103679002A (en) * | 2013-12-12 | 2014-03-26 | 小米科技有限责任公司 | Method and device for monitoring file change and server |
| CN103927490A (en) * | 2014-04-25 | 2014-07-16 | 华为技术有限公司 | OS secure startup method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106557700A (en) * | 2016-11-24 | 2017-04-05 | 苏州国芯科技有限公司 | A kind of gauging system and method for trusted computer |
| CN108319473A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | Terminal system starts method and apparatus |
| CN108920957A (en) * | 2018-06-29 | 2018-11-30 | 北京奇虎科技有限公司 | The method and device of data safety detection |
| CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
| CN111901305A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Memory operation method and device, storage medium and electronic device |
| CN111901305B (en) * | 2020-06-28 | 2022-12-02 | 北京可信华泰信息技术有限公司 | Memory operation method and device, storage medium and electronic device |
| WO2024000497A1 (en) * | 2022-06-30 | 2024-01-04 | 西门子(中国)有限公司 | Security detection method and apparatus for memory, and computer device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104331666A (en) | Trusted measurement method for computer systems | |
| US11165811B2 (en) | Computer security vulnerability assessment | |
| GB2575207A (en) | Blockchain ledgers of material spectral signatures for supply chain integrity management | |
| CN106682497B (en) | The system and method for secure execution code under supervisor mode | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| US8978152B1 (en) | Decentralized token table generation | |
| US9749141B2 (en) | Secure boot devices, systems, and methods | |
| CN104751063B (en) | A kind of operating system trusted bootstrap method based on real pattern technology | |
| WO2021008118A1 (en) | Service system access method and device | |
| CN104573490A (en) | Method for protecting installed software on Android platform | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| US20200389483A1 (en) | Computer security vulnerability assessment | |
| US20160350537A1 (en) | Central processing unit and method to verify mainboard data | |
| CN107480535A (en) | The reliable hardware layer design method and device of a kind of two-way server | |
| GB2553836A (en) | File execution | |
| CN109196507B (en) | Method and apparatus for providing cryptographic security functions for operation of a device | |
| US10192047B2 (en) | Provisioning of identity information | |
| EP3176723B1 (en) | Computer system and operating method therefor | |
| WO2015157131A3 (en) | System and method for boot sequence modification using chip-restricted instructions residing on an external memory device | |
| US20230017231A1 (en) | Securely executing software based on cryptographically verified instructions | |
| CN110334524B (en) | SOC starting method and system based on secondary key | |
| CN111177799B (en) | Security protection method, system, computer device and computer-readable storage medium | |
| CN108121899B (en) | Anti-repackaging method and system for application program | |
| US20140317709A1 (en) | Computer server and authentication method | |
| Yoon et al. | Mobile security technology for smart devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150204 |