CN104794410A - Database security protection method based on dependable computing technology - Google Patents
Database security protection method based on dependable computing technology Download PDFInfo
- Publication number
- CN104794410A CN104794410A CN201510128903.2A CN201510128903A CN104794410A CN 104794410 A CN104794410 A CN 104794410A CN 201510128903 A CN201510128903 A CN 201510128903A CN 104794410 A CN104794410 A CN 104794410A
- Authority
- CN
- China
- Prior art keywords
- audit
- database
- management system
- tcb
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a database security protection method based on a dependable computing technology. Security related data, such as identity information, license information, audit configuration information and audit logs which serve as implementation bases of a database security mechanism comprising identification, access control, audit and the like, of a database management system are established on the basis of a dependable system environment and hardware security, and the problem that the database security mechanism is influenced to achieve various attack purposes due to the fact that an adversary tampers with the bases is prevented. According to the method, a security database system for storing sensitive data based on a security chip can be established, it is guaranteed that the security related data of the data security mechanism cannot be tampered, and therefore the security of the security mechanism of the database management system is improved.
Description
Technical field
The present invention is based on reliable computing technology and propose a kind of database security protection method, belong to database security field.
Background technology
Along with informationalized development, increasing data have been stored in database, no matter are the outside threats such as virus, wooden horse, assault, or the malicious act of internal staff can both produce serious influence to Database Systems.Threaten to tackle these, safety database employs various security mechanism as certification, access control, audit etc.But safety database does not provide enough protections for the foundation of the enforcement of these mechanism.These database security related datas are once be tampered and will cause extremely serious impact to Database Systems.Therefore the data security brought in order to the hysteresis quality tackling Database System Security mechanism inherently safe safeguard procedures threatens, and is necessary that the database security related data to depositing in database carries out safeguard protection.
But existing database safety technique exists the safety that following two remarkable defects cannot guarantee these safety-relevant datas: one, the protection of safety-relevant data does not have and environmental safety binding.Under the integrity protection measure of traditional database security related data is based upon the comparatively safe prerequisite of environment usually, such as, in operating system, there is not virus, wooden horse etc., and this hypothesis is difficult to set up.In the disrupted situation of system environments, even if safety database has carried out integrity protection to safety-relevant data also cannot ensure its integrality.This is owing to lacking the detection to system environments security when carrying out integrity measurement to safety-relevant data, the integrity measurement value causing under insecure environments safety-relevant data to produce self is exactly incredible, and it is just more insincere to carry out integrity check based on this value.And when lacking the detection to system environments security, the result of integrity measurement value also can be tampered, and is also incredible.
Its two, the protection of safety-relevant data is not based upon on hardware foundation.The integrity protection of traditional database security related data is based upon on the security basis of the system trusted computing base (Trusted Computer Base, TCB) that software mode realizes usually.The TCB that this software mode realizes can not stop assailant's distorting safety-relevant data completely, such as can contact the internal staff of Database Systems once be malice, so they can distort safety-relevant data data and not realized easily, cause serious loss.This is the insurmountable problem of safety database scheme lacking hardware supported.
In a word, still lacking one in current safety database can safe data storage storehouse safety-relevant data, and by database security protection method that the enforcement of its security mechanism and system environments, bottom hardware security are bound.
Summary of the invention
For the problems referred to above; the invention provides a kind of database security protection method based on reliable computing technology; can guarantee that the foundation that Database Security Mechanism is implemented is believable; namely integrity protection is carried out to identity information, access control authorization message, audit configuration information and audit log; and its integrality and system environments and bottom hardware are bound mutually, thus effectively can find long-range attack person or internal staff's distorting these database security related datas.
The ultimate principle of this technology is: the integrity measurement value of the signature key utilizing safety chip TCM/TPM to produce to the table storing the safety-relevant datas such as identity information, authorization message, audit configuration information and audit log in database carries out signature protection, specifies the secure system environment using this signature key.Because this signature key is subject to the hardware protection of safety chip, assailant cannot directly obtain this key, so cannot forge a signature.Meanwhile, the environment for use due to this signature key is the safe condition of database, so assailant also cannot use this signature key to sign to the data after distorting by altered data base management system TCB.
To achieve these goals, the present invention is by the following technical solutions:
Based on a database security protection method for reliable computing technology, on the basis of data base management system (DBMS) TCB, realize the safeguard protection to database by safety chip and credible metric module, the method specifically comprises:
1) adopt the system of the method to implement clean boot based on safety chip, and build trust chain, described trust chain comprises credible metric module and data base management system (DBMS) TCB; Meanwhile, described safety chip produces a signature key, and the environment for use of this signature key specifies trust chain environment for this reason;
2) when writing safety-relevant data by security mechanism in database, first credible tolerance is carried out by the safe condition of credible metric module to current data base management system TCB; If TCB is in a safe condition for current data base management system, then the integrity measurement value of signature key to described safety-relevant data is utilized to sign, and by this safety-relevant data and signature value together stored in database;
3) when reading described safety-relevant data by security mechanism from database, first credible tolerance is carried out by the safe condition of credible metric module to current data base management system TCB; If TCB is in a safe condition for current data base management system, then the integrality of read signature value and safety-relevant data is verified that the integrity value obtained in (by the current integrity value that obtains and step 2) compares, just prove safe if the same).
Further, described security mechanism comprises: authentication mechanism, access control mechanisms and Audit Mechanism, and described safety-relevant data comprises: identity information, authorization message, audit configuration information and audit log; Described authentication mechanism is responsible for carrying out identity validation according to the identity information stored in database; Access control mechanisms is responsible for conducting interviews control according to the authorization message stored in database; The audit configuration information that Audit Mechanism is responsible for according to storing in database is audited.
Further, the write flow process of described identity information comprises the following steps:
1-a) obtained the identity information of user by authentication mechanism, and ask the signature key of safety chip;
The safe condition of credible metric module to current data base management system TCB 1-b) is utilized to carry out credible tolerance;
If 1-c) data base management system (DBMS) TCB is in a safe condition, authentication mechanism then utilizes the integrity value of signature key to identity information to sign, then by this information and signature value together stored in database.
Further, the reading flow process of described identity information comprises the following steps:
2-a) authentication mechanism reads out identity information and signature value thereof from database;
2-b) the integrality of authentication mechanism certifying signature value and identity information.If by detecting, then can follow-up authentication operation be carried out, otherwise reporting authentication failure.
Further, the write flow process of described authorization message comprises the following steps:
3-a) obtained the authorization message of safety officer by access control mechanisms, and ask the signature key of safety chip;
The safe condition of credible metric module to current data base management system TCB 3-b) is utilized to carry out credible tolerance;
If 3-c) data base management system (DBMS) TCB is in a safe condition, access control mechanisms then utilizes the integrity value of signature key to authorization message to sign, then by authorization message and signature value together stored in database.
Further, the reading flow process of described authorization message comprises the following steps:
4-a) access control mechanisms reads out authorization message and signature value thereof from database;
4-b) the integrality of access control mechanisms certifying signature value and authorization message.If by detecting, then to conduct interviews controls according to this authorization message, otherwise reporting authentication unsuccessfully.
Further, the write flow process of described audit configuration information comprises the following steps:
5-a) be audited by Audit Mechanism the audit configuration information of keeper, and ask the signature key of safety chip;
5-b) utilize credible metric module can carry out credible tolerance to the safe condition of current data base management system TCB;
If 5-c) data base management system (DBMS) TCB is in a safe condition, Audit Mechanism then utilizes the integrity value of signature key to audit configuration information to sign, then by this information and signature value together stored in database.
Further, the reading flow process of described audit configuration information comprises the following steps:
6-a) Audit Mechanism reads out configuration information and signature value thereof from database;
6-b) the integrality of Audit Mechanism certifying signature value and configuration information.If by detecting, then audit according to this configuration information, otherwise reporting authentication failure.
Further, the write flow process of described audit log comprises the following steps:
7-a) Audit Mechanism is before carrying out record of the audit, the signature key of request safety chip;
7-b) utilize credible metric module can carry out credible tolerance to the safe condition of current data base management system TCB;
If 7-c) data base management system (DBMS) TCB is in a safe condition, Audit Mechanism then utilizes the integrity value of signature key to record of the audit to sign, then by record of the audit and signature value together stored in database.
Further, above-mentioned steps also comprises: modify to the form of original audit log, increase by two Column Properties and be respectively used to stored count value and integrity value, during each generation record of the audit, the current count value of the monotone counter provided by safety chip is all provided by Audit Mechanism, and utilizes the integrity value sum counter value of the signature key of safety chip to this record sign together and store.
Further, the reading flow process of described audit log comprises the following steps:
8-a) Audit Mechanism reads out audit log and signature value thereof from database;
8-b) the integrality of Audit Mechanism certifying signature value and record of the audit.If by detecting, then follow-up audit query analysis operation can be carried out, otherwise reporting authentication failure.
Beneficial effect of the present invention is:
The present invention is by the implementation basis of the Database Security Mechanisms such as authentication mechanism, access control mechanisms, Audit Mechanism---and identity information, access control authorization message, the audit safety-relevant data such as configuration information and audit log are based upon on the basis of the credible and hardware security of system environments, stop opponent by distorting above-mentioned foundation and then affecting the problem that Database Security Mechanism reaches all kinds of attack object.When needs use above-mentioned safety-relevant data, the present invention can verify the integrality of these data, to guarantee that these data are not illegally distorted.Before carrying out integrity verification, the present invention also will utilize credible measurement technology to test to system environments, guarantees that the result verified is believable.In addition, the signature key of safety-relevant data also uses hardware security chip and is encrypted protection, therefore achieves hardware based safety.Thus guarantee that the safety-relevant data of Database Security Mechanism can not be tampered, and then improve the safety of security mechanism of data base management system (DBMS) wherein.
Accompanying drawing explanation
Fig. 1 is the database security protection method configuration diagram based on reliable computing technology.
Embodiment
Example explanation is done below by the concrete enforcement of the gordian technique module described in summary of the invention, but not with this explanation restriction scope of invention.
The present invention is based on the structure composed of the database security protection method of reliable computing technology see Fig. 1, mainly comprise authentication mechanism, access control mechanisms and Audit Mechanism in safety chip TCM/TPM, credible metric module, data base management system (DBMS) TCB.Wherein, safety chip is responsible for providing root of trust and signature key; Credible tolerance is carried out to the process in system environments or file in the trust chain basis that credible tolerance module in charge is formed after system start-up; Authentication mechanism is then responsible for carrying out identity validation according to the identity information stored in database; Access control mechanisms is then responsible for conducting interviews control according to the authorization message stored in database; Audit Mechanism is then responsible for auditing according to the audit configuration information stored in database.
First introduce safety chip module, these two basic modules of credible metric module, the present invention needs the partial function utilizing it to provide, but the implementation of module self is not then in limit of consideration of the present invention.Make an explanation to its function that the present invention relates to below.
1. safety chip
The function needing safety chip to provide in the present invention or mechanism mainly measure root of trust, cryptographic key protection function.Tolerance root of trust is the basis of the system trust chain constructing by safety chip protection.And from this root of trust to credible metric module the building mode of trust chain have many, such as staticametric etc.The safeguard protection that cryptographic key protection function is then safety chip for key that it produces provides.Usually, safety chip has a storage root key SRK (Storage Root Key), and it is established when chip initiation, and preserves in the chips always, obtains to prevent assailant.SRK can create unsymmetrical key pair as father's key, and states the environment for use (realizing by specifying the environmental metrics value deposited in safety chip) of this cipher key pair private key, and is encrypted private key, leaves safety chip outside in.When using this private key to carry out signing or deciphering, this private key must be written into safety chip inside and use, and is namely deciphered it by SRK in safety chip inside.Thus realize two objects: the first, the security of key is based upon on hardware chip basis; The second, the environment for use of key must meet expection.Finally, the safety chip mentioned in the present invention can be domestic TCM chip, also can be TPM chip or its he provide the software and hardware of above-mentioned functions.And the storage root key of the safety chip mentioned in content of the present invention refers to and produced and the public private key pair for encryption and decryption protected by safety chip, SRK might not be refered in particular to.Equally, above-mentioned signature key also refers to and is produced and the public private key pair for signing protected by safety chip.
2. credible metric module
Credible metric module is positioned at operating system nucleus layer, starts in the process building trust chain measured, so it is arranged in the TCB of whole system in system.What the present invention needed it to provide carries out integrity measurement to any process started in system environments, and measurement results is expanded to the function in safety chip.
To set forth the specific embodiment of the present invention below:
Essence based on the database security protection method of reliable computing technology utilizes reliable computing technology to the enhancing of traditional database security function.To the transformation of former data base management system (DBMS) security function be related in concrete enforcement:
Will add integrity verification flow process in original authentication mechanism, authentication authorization and accounting mechanism, after receiving authentication request, after will carrying out integrity verification, could implement certification according to identity information to the identity information stored in system table.Identity information is just may perform after certification once repeatedly to access usually, can not cause too many impact, therefore can directly this integrity verification flow process be added in the code of authentication function the efficiency of whole Database Systems.
Will add integrity verification flow process in original access control mechanisms, namely access control mechanisms is after receiving request of access, after will carrying out integrity verification, could implement access control according to authorization data to the authorization data stored in system table.And due to industrial control system higher for the requirement of efficiency, if each data access all adds integrity verification procedures in access control flow process, then can greatly lower efficiency.Therefore, integrity verification flow process can be embodied as separately the expansion module of a database, and switch function is set, can select according to different application scenarioss the integrity verification procedures that opens or closes in access control flow process.
The transformation of Audit Mechanism is then divided into two aspects: on the one hand, and Audit Mechanism, before operating database conducting audit record, first will carry out integrity verification to audit configuration relevant information.But, with the amendment of access control mechanisms unlike, audit configuration information only can read once when database starts usually, can not impact, therefore can directly this integrity verification flow process be added in the code of audit function the efficiency of whole Database Systems.On the other hand, audit log, as the basis of subsequent analysis, must guarantee that it is credible.Therefore, need, when Audit Mechanism produces audit log, to carry out integrity protection to daily record.First, usually comprise the feature of more record based on audit log, the integrity protection of record rank when implementing integrity protection, should be adopted, but not whole daily record; Secondly, the integrity protection of record level can only guarantee that assailant cannot distort wall scroll record of the audit, but cannot verify whether assailant deletes or add record of the audit.So need extraly to the monotone counter that audit log use safety chip provides.Particularly, to modify to the form of original audit log, increase by two Column Properties and be respectively used to stored count value and integrity value.During each generation record of the audit, all should be inquired about the value of current monotone counter by Audit Mechanism, and utilize the integrity value sum counter value of the signature key of safety chip to this record sign together and store.Because monotone counter is protected by safety chip, cannot be tampered, its value can only increase and can not reduce, and therefore assailant deletes or increases record of the audit, can both by checking that count value tests out.
Claims (11)
1., based on a database security protection method for reliable computing technology, on the basis of data base management system (DBMS) TCB, realize the safeguard protection to database by safety chip and credible metric module, the method specifically comprises:
1) adopt the system of the method to implement clean boot based on safety chip, and build trust chain, described trust chain comprises credible metric module and data base management system (DBMS) TCB; Meanwhile, described safety chip produces a signature key, and the environment for use of this signature key specifies trust chain environment for this reason;
2) when writing safety-relevant data by security mechanism in database, first credible tolerance is carried out by the safe condition of credible metric module to current data base management system TCB; If TCB is in a safe condition for current data base management system, then the integrity measurement value of signature key to described safety-relevant data is utilized to sign, and by this safety-relevant data and signature value together stored in database;
3) when reading described safety-relevant data by security mechanism from database, first credible tolerance is carried out by the safe condition of credible metric module to current data base management system TCB; If TCB is in a safe condition for current data base management system, then the integrality of read signature value and safety-relevant data is verified.
2. as claimed in claim 1 based on the database security protection method of reliable computing technology, it is characterized in that, described security mechanism comprises: authentication mechanism, access control mechanisms and Audit Mechanism, and described safety-relevant data comprises: identity information, authorization message, audit configuration information and audit log; Described authentication mechanism is used for carrying out identity validation according to the identity information stored in database; Described access control mechanisms is for the control that conducts interviews according to the authorization message stored in database; Described Audit Mechanism is used for auditing according to the audit configuration information stored in database.
3., as claimed in claim 2 based on the database security protection method of reliable computing technology, it is characterized in that, the write flow process of described identity information comprises the following steps:
1-a) obtained the identity information of user by authentication mechanism, and ask the signature key of safety chip;
The safe condition of credible metric module to current data base management system TCB 1-b) is utilized to carry out credible tolerance;
If 1-c) data base management system (DBMS) TCB is in a safe condition, authentication mechanism then utilizes the integrity value of signature key to identity information to sign, then by this information and signature value together stored in database.
4., as claimed in claim 3 based on the database security protection method of reliable computing technology, it is characterized in that, the reading flow process of described identity information comprises the following steps:
2-a) authentication mechanism reads out identity information and signature value thereof from database;
2-b) the integrality of authentication mechanism certifying signature value and identity information, if by detecting, then can follow-up authentication operation be carried out, otherwise reporting authentication failure.
5., as claimed in claim 2 based on the database security protection method of reliable computing technology, it is characterized in that, the write flow process of described authorization message comprises the following steps:
3-a) obtained the authorization message of safety officer by access control mechanisms, and ask the signature key of safety chip;
The safe condition of credible metric module to current data base management system TCB 3-b) is utilized to carry out credible tolerance;
If 3-c) data base management system (DBMS) TCB is in a safe condition, access control mechanisms then utilizes the integrity value of signature key to authorization message to sign, then by authorization message and signature value together stored in database.
6., as claimed in claim 5 based on the database security protection method of reliable computing technology, it is characterized in that, the reading flow process of described authorization message comprises the following steps:
4-a) access control mechanisms reads out authorization message and signature value thereof from database;
4-b) the integrality of access control mechanisms certifying signature value and authorization message, if by detecting, then to conduct interviews controls according to this authorization message, otherwise reporting authentication unsuccessfully.
7., as claimed in claim 2 based on the database security protection method of reliable computing technology, it is characterized in that, the write flow process of described audit configuration information comprises the following steps:
5-a) be audited by Audit Mechanism the audit configuration information of keeper, and ask the signature key of safety chip;
5-b) utilize credible metric module can carry out credible tolerance to the safe condition of current data base management system TCB;
If 5-c) data base management system (DBMS) TCB is in a safe condition, Audit Mechanism then utilizes the integrity value of signature key to audit configuration information to sign, then by this information and signature value together stored in database.
8., as claimed in claim 7 based on the database security protection method of reliable computing technology, it is characterized in that, the reading flow process of described audit configuration information comprises the following steps:
6-a) Audit Mechanism reads out configuration information and signature value thereof from database;
6-b) the integrality of Audit Mechanism certifying signature value and configuration information, if by detecting, then audit according to this configuration information, otherwise reporting authentication failure.
9., as claimed in claim 2 based on the database security protection method of reliable computing technology, it is characterized in that, the write flow process of described audit log comprises the following steps:
7-a) Audit Mechanism is before carrying out record of the audit, the signature key of request safety chip;
7-b) utilize credible metric module can carry out credible tolerance to the safe condition of current data base management system TCB;
If 7-c) data base management system (DBMS) TCB is in a safe condition, Audit Mechanism then utilizes the integrity value of signature key to record of the audit to sign, then by record of the audit and signature value together stored in database.
10. as claimed in claim 9 based on the database security protection method of reliable computing technology; it is characterized in that; also comprise: the form of original audit log is modified; increase by two Column Properties and be respectively used to stored count value and integrity value; during each generation record of the audit; the current count value of the monotone counter provided by safety chip is all provided by Audit Mechanism, and utilizes the integrity value sum counter value of the signature key of safety chip to this record sign together and store.
11. as claimed in claim 10 based on the database security protection method of reliable computing technology, and it is characterized in that, the reading flow process of described audit log comprises the following steps:
8-a) Audit Mechanism reads out audit log and signature value thereof from database;
8-b) the integrality of Audit Mechanism certifying signature value and record of the audit, if by detecting, then follow-up audit query analysis operation can be carried out, otherwise reporting authentication failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510128903.2A CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510128903.2A CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104794410A true CN104794410A (en) | 2015-07-22 |
| CN104794410B CN104794410B (en) | 2018-01-09 |
Family
ID=53559199
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510128903.2A Active CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104794410B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145631A (en) * | 2017-06-15 | 2019-01-04 | 上海长城计算机网络工程有限公司 | A kind of database information security system |
| CN109670312A (en) * | 2017-10-13 | 2019-04-23 | 华为技术有限公司 | Method of controlling security and computer system |
| CN111814157A (en) * | 2019-04-12 | 2020-10-23 | 阿里巴巴集团控股有限公司 | Data security processing system, method, storage medium, processor and hardware security card |
| CN114385248A (en) * | 2020-10-22 | 2022-04-22 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
| CN114978677A (en) * | 2022-05-20 | 2022-08-30 | 中国电信股份有限公司 | Asset access control method, device, electronic equipment and computer readable medium |
| CN117725631A (en) * | 2023-12-18 | 2024-03-19 | 四川和恩泰半导体有限公司 | Secure memory bank and method for starting secure memory bank |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242267A (en) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A trusted network connection method for enhancing security |
| US20100217988A1 (en) * | 2007-04-12 | 2010-08-26 | Avow Systems, Inc. | Electronic document management and delivery |
| CN102340500A (en) * | 2011-07-13 | 2012-02-01 | 中国人民解放军海军计算技术研究所 | Security management system and method of dependable computing platform |
| CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
-
2015
- 2015-03-23 CN CN201510128903.2A patent/CN104794410B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100217988A1 (en) * | 2007-04-12 | 2010-08-26 | Avow Systems, Inc. | Electronic document management and delivery |
| CN101242267A (en) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A trusted network connection method for enhancing security |
| CN102340500A (en) * | 2011-07-13 | 2012-02-01 | 中国人民解放军海军计算技术研究所 | Security management system and method of dependable computing platform |
| CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
Non-Patent Citations (1)
| Title |
|---|
| 李昊 等: "基于可信平台模块的虚拟单调计数器研究", 《计算机研究与发展》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145631A (en) * | 2017-06-15 | 2019-01-04 | 上海长城计算机网络工程有限公司 | A kind of database information security system |
| CN109670312A (en) * | 2017-10-13 | 2019-04-23 | 华为技术有限公司 | Method of controlling security and computer system |
| US11687645B2 (en) | 2017-10-13 | 2023-06-27 | Huawei Technologies Co., Ltd. | Security control method and computer system |
| CN111814157A (en) * | 2019-04-12 | 2020-10-23 | 阿里巴巴集团控股有限公司 | Data security processing system, method, storage medium, processor and hardware security card |
| CN114385248A (en) * | 2020-10-22 | 2022-04-22 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
| CN114385248B (en) * | 2020-10-22 | 2024-04-23 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
| CN114978677A (en) * | 2022-05-20 | 2022-08-30 | 中国电信股份有限公司 | Asset access control method, device, electronic equipment and computer readable medium |
| CN117725631A (en) * | 2023-12-18 | 2024-03-19 | 四川和恩泰半导体有限公司 | Secure memory bank and method for starting secure memory bank |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104794410B (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Guin et al. | Ensuring proof-of-authenticity of IoT edge devices using blockchain technology | |
| Le et al. | BIFF: A blockchain-based IoT forensics framework with identity privacy | |
| Saad et al. | Exploring the attack surface of blockchain: A comprehensive survey | |
| US10680812B2 (en) | Event attestation for an electronic device | |
| CN104794410A (en) | Database security protection method based on dependable computing technology | |
| Xue et al. | RootAgency: A digital signature-based root privilege management agency for cloud terminal devices | |
| US20220253538A1 (en) | Method and system for data security, validation, verification and provenance within independent computer systems and digital networks | |
| CN107864115A (en) | A kind of method that user account login authentication is carried out using portable terminal | |
| Lee | Security basics for computer architects | |
| CN104615947A (en) | Credible database integrity protecting method and system | |
| Lee et al. | Reverse‐safe authentication protocol for secure USB memories | |
| Khan et al. | OTIT: Towards secure provenance modeling for location proofs | |
| van Dijk et al. | Protocol attacks on advanced PUF protocols and countermeasures | |
| CN106027237B (en) | Cipher key matrix safety certifying method based on group in a kind of RFID system | |
| Brotsis et al. | Blockchain meets Internet of Things (IoT) forensics: A unified framework for IoT ecosystems | |
| CN117037988B (en) | Electronic medical record storage method and device based on blockchain | |
| Gladston et al. | Merkle tree and blockchain-based cloud data auditing | |
| He et al. | Unknown threats detection methods of smart contracts | |
| CN106156640A (en) | Information O&M service knowledge sharing method based on big data trust computing | |
| CN105933303A (en) | File tempering detection method and device | |
| CN112016119B (en) | Autonomous identity management method based on block chain | |
| Gallo et al. | T-DRE: a hardware trusted computing base for direct recording electronic vote machines | |
| CN110443070A (en) | More host shared memory systems and data completeness protection method | |
| Fu et al. | An Improved Biometric Fuzzy Signature with Timestamp of Blockchain Technology for Electrical Equipment Maintenance | |
| Sood | Physically Unclonable Functions with Confidential Computing for Enhanced Encryption of EHRs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |