CN104794410B - A kind of database security protection method based on reliable computing technology - Google Patents
A kind of database security protection method based on reliable computing technology Download PDFInfo
- Publication number
- CN104794410B CN104794410B CN201510128903.2A CN201510128903A CN104794410B CN 104794410 B CN104794410 B CN 104794410B CN 201510128903 A CN201510128903 A CN 201510128903A CN 104794410 B CN104794410 B CN 104794410B
- Authority
- CN
- China
- Prior art keywords
- database
- audit
- safety
- management system
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of database security protection method based on reliable computing technology; by the implementation basis of the Database Security Mechanisms such as certification, access control, audit --- identity information, authorization message, the safety-relevant data for the data base management system such as configuration information and audit log of auditing establish system environments is credible and hardware security on the basis of, prevent opponent by distorting above-mentioned foundation to influence the problem of Database Security Mechanism is to reach all kinds of attack purposes.Based on this method, a Mechanism in Security Database Systems for storing sensitive data based on safety chip can be established, it is ensured that the safety-relevant data of Database Security Mechanism will not be tampered, and then improve the safety of the security mechanism of data base management system therein.
Description
Technical field
The present invention proposes a kind of database security protection method based on reliable computing technology, belongs to database security field.
Background technology
With the development of informationization, increasing data are stored in database, either outside virus, wood
Horse, assault etc. threaten, or the malicious act of internal staff can produce serious influence to Database Systems.In order to
These threats are tackled, safety database has used such as certification, access control of various security mechanisms, audit etc..However, secure data
Storehouse is not provided with enough protections for the foundation of the implementation of these mechanism.These database security related datas are once usurped
Extremely serious influence will be caused to Database Systems by changing.Therefore prevent to tackle Database System Security mechanism inherently safe
The data safety that the hysteresis quality of shield measure is brought is threatened, it is necessary to which the database security related data deposited in database is carried out
Safeguard protection.
But there are following two notable defects and can not ensure these safety-relevant datas in existing database safe practice
Safety:First, the protection of safety-relevant data is no and environmental safety is bound.Traditional database security related data it is complete
Whole property safeguard measure be typically established at environment it is comparatively safe on the premise of, such as virus, wooden horse etc. are not present in operating system, and
It is this to assume to be difficult to set up.In the case of system environments is disrupted, even if safety database is carried out to safety-relevant data
Integrity protection can not also ensure its integrality.This is due to lack when carrying out integrity measurement to safety-relevant data
Detection to system environments security, cause under insecure environments integrity measurement value caused by safety-relevant data itself just
It is incredible, and it is just more insincere to carry out integrity check based on the value.And lacking to system environments security
Detection in the case of, the result of integrity measurement value can also be tampered, and incredible.
Second, the protection of safety-relevant data is not established on hardware foundation.Traditional database security related data
Integrity protection be typically established at software mode realization system trusted computing base (Trusted Computer Base, TCB)
Security on the basis of.The TCB that this software mode is realized can not prevent attacker from distorting safety-relevant data completely,
Such as it is once malice that can contact the internal staff of Database Systems, then they can distort safety-relevant data data
Without being realized easily, serious loss is caused.This is the absence of the insurmountable problem of safety database scheme of hardware supported.
In a word, still lack in current safety database one kind can safe data storage storehouse safety-relevant data, and will
The database security protection method that the implementation of its security mechanism is bound with system environments, bottom hardware security.
The content of the invention
In view of the above-mentioned problems, the invention provides a kind of database security protection method based on reliable computing technology, energy
Enough ensure that the foundation that Database Security Mechanism is implemented is believable, i.e., identity information, access control authorization message, audit are configured
Information and audit log carry out integrity protection, and its integrality and system environments and bottom hardware are mutually bound, so as to
Effectively find that long-range attack person or internal staff distort to these database security related datas.
The general principle of the technology is:Using signature key caused by safety chip TCM/TPM to storing body in database
Part information, authorization message, the integrity measurement value of table for the safety-relevant data such as configuration information and audit log of auditing are signed
Name protection, specifies the secure system environment using the signature key.Because the signature key is by the hardware protection of safety chip,
Attacker can not directly obtain the key, so can not forge a signature.Simultaneously as the use environment of the signature key is data
The safe condition in storehouse, thus attacker also can not by altered data base management system TCB come using the signature key to distorting
Data afterwards are signed.
To achieve these goals, the present invention uses following technical scheme:
A kind of database security protection method based on reliable computing technology, on the basis of data base management system TCB,
Safeguard protection to database is realized by safety chip and credible metric module, this method specifically includes:
1) safety chip startup with high safety is based on using the system of this method, and builds trust chain, in the trust chain
Including credible metric module and data base management system TCB;Meanwhile the safety chip produces a signature key, the signature
The use environment of key is appointed as this trust chain environment;
2) when writing safety-relevant data into database by security mechanism, first by credible metric module to working as
Preceding data base management system TCB safe condition carries out credible measurement;If current data base management system TCB is in safe shape
State, then the integrity measurement value of the safety-relevant data is signed using signature key, and by the safety-relevant data
And signature value is stored in database together;
3) when reading the safety-relevant data from database by security mechanism, credible metric module is passed through first
Credible measurement is carried out to current data base management system TCB safe condition;If current data base management system TCB is in safety
State, then the signature value and the integrality of safety-relevant data that are read are verified (i.e. by currently available integrity value
It is compared with the obtained integrity value in step 2), if it is safe equally to turn out).
Further, the security mechanism includes:Authentication mechanism, access control mechanisms and Audit Mechanism, the safe phase
Closing data includes:Identity information, authorization message, audit configuration information and audit log;The authentication mechanism is responsible for according to data
The identity information stored in storehouse carries out identity validation;Access control mechanisms are responsible for being carried out according to the authorization message stored in database
Access control;Audit Mechanism is responsible for being audited according to the audit configuration information stored in database.
Further, the write-in flow of the identity information comprises the following steps:
The identity information of user 1-a) is obtained by authentication mechanism, and asks the signature key of safety chip;
Credible measurement 1-b) is carried out to current data base management system TCB safe condition using credible metric module;
If 1-c) data base management system TCB is in a safe condition, authentication mechanism is then using signature key to identity information
Integrity value signed, then the information and signature value are stored in database together.
Further, the reading flow of the identity information comprises the following steps:
2-a) authentication mechanism reads out identity information and its signature value from database;
2-b) authentication mechanism checking signature value and the integrality of identity information.If by detection, can carry out follow-up
Authentication operation, otherwise reporting authentication failure.
Further, the write-in flow of the authorization message comprises the following steps:
The authorization message of safety officer 3-a) is obtained by access control mechanisms, and asks the signature of safety chip close
Key;
Credible measurement 3-b) is carried out to current data base management system TCB safe condition using credible metric module;
If 3-c) data base management system TCB is in a safe condition, access control mechanisms are then using signature key to authorizing
The integrity value of information is signed, and is then stored in authorization message and signature value in database together.
Further, the reading flow of the authorization message comprises the following steps:
4-a) access control mechanisms read out authorization message and its signature value from database;
4-b) the integrality of access control mechanisms checking signature value and authorization message.If by detection, according to this mandate
Information conducts interviews control, and otherwise reporting authentication fails.
Further, the write-in flow of the audit configuration information comprises the following steps:
5-a) be audited the audit configuration information of keeper by Audit Mechanism, and asks the signature of safety chip close
Key;
5-b) credible measurement can be carried out to current data base management system TCB safe condition using credible metric module;
If 5-c) data base management system TCB is in a safe condition, Audit Mechanism is then configured using signature key to audit
The integrity value of information is signed, and is then stored in the information and signature value in database together.
Further, the reading flow of the audit configuration information comprises the following steps:
6-a) Audit Mechanism reads out configuration information and its signature value from database;
6-b) Audit Mechanism checking signature value and the integrality of configuration information.If by detection, according to this configuration information
Audited, otherwise reporting authentication fails.
Further, the write-in flow of the audit log comprises the following steps:
7-a) Audit Mechanism asks the signature key of safety chip before record of the audit is carried out;
7-b) credible measurement can be carried out to current data base management system TCB safe condition using credible metric module;
If 7-c) data base management system TCB is in a safe condition, Audit Mechanism is then using signature key to record of the audit
Integrity value signed, then record of the audit and signature value are stored in database together.
Further, above-mentioned steps also include:The form of original audit log is modified, increase by two Column Properties difference
For stored count value and integrity value, when producing record of the audit every time, all inquire about what is provided by safety chip by Audit Mechanism
The current count value of monotone counter, and the signature key of safety chip is utilized to the integrity value and Counter Value of the record
Signed and stored together.
Further, the reading flow of the audit log comprises the following steps:
8-a) Audit Mechanism reads out audit log and its signature value from database;
8-b) Audit Mechanism checking signature value and the integrality of record of the audit.If by detection, can carry out follow-up
Audit query analysis operation, otherwise reporting authentication failure.
The beneficial effects of the present invention are:
Implementation basis of the invention by Database Security Mechanisms such as authentication mechanism, access control mechanisms, Audit Mechanisms ---
Identity information, access control authorization message, audit configuration information and audit log etc. safety-relevant data are established in system environments
On the basis of credible and hardware security, opponent is prevented to influence Database Security Mechanism by distorting above-mentioned foundation to reach each
Class attacks the problem of purpose.When needing to use above-mentioned safety-relevant data, the present invention can be carried out to the integrality of these data
Checking, to ensure that these data are not distorted illegally.Before integrity verification is carried out, the present invention will also utilize credible measurement skill
Art is tested to system environments, it is ensured that the result of checking is believable.In addition, the signature key of safety-relevant data also uses
Protection is encrypted in hardware security chip, it is achieved that hardware based safety.So that it is guaranteed that Database Security Mechanism
Safety-relevant data will not be tampered, and then improve the safety of the security mechanism of data base management system therein.
Brief description of the drawings
Fig. 1 is the database security protection method configuration diagram based on reliable computing technology.
Embodiment
Example explanation will be done to the specific implementation of the key technology module described in the content of the invention below, but not with this
Kind explains the scope of limitation invention.
The structure composed of database security protection method of the invention based on reliable computing technology mainly includes referring to Fig. 1
Safety chip TCM/TPM, credible metric module, the authentication mechanism in data base management system TCB, access control mechanisms and audit
Mechanism.Wherein, safety chip is responsible for providing root of trust and signature key;Credible metric module is responsible for being formed after system start-up
Trust chain on the basis of credible measurement is carried out to the process in system environments or file;Authentication mechanism is then responsible for according in database
The identity information of storage carries out identity validation;Access control mechanisms are then responsible for being visited according to the authorization message stored in database
Ask control;Audit Mechanism is then responsible for being audited according to the audit configuration information stored in database.
Safety chip module, credible metric module the two basic modules are introduced first, and the present invention needs to utilize
Its partial function provided, but the implementation of module itself is not then in limit of consideration of the present invention.Below will be to the present invention
Its function being related to explains.
1. safety chip
The function or mechanism mainly measurement root of trust, cryptographic key protection function that safety chip provides are needed in the present invention.Degree
Amount root of trust is the basis by the system trust chain constructing of safety chip protection.And from the root of trust to credible metric module
The building mode of trust chain have many, such as staticametric etc..And it is caused by it that cryptographic key protection function, which is then safety chip,
The safeguard protection that key provides.Generally, safety chip has a storage root key SRK (Storage Root Key), it
It is established, and is remained stored in chip during chip initiation, prevents attacker from obtaining.SRK can be used as father's key to create
Unsymmetrical key pair, and state the use environment of this cipher key pair private key (by specifying the environmental metrics deposited in safety chip
Value is realized), and private key is encrypted, it is stored in outside safety chip., should when being signed or being decrypted using this private key
Private key must be loaded into inside safety chip and use, i.e., it is decrypted by SRK inside safety chip.So as to realize two mesh
's:First, the security of key is established on the basis of hardware chip;Second, the use environment of key has to comply with expection.Most
Afterwards, safety chip mentioned in the present invention can be domestic TCM chips or TPM chips or its he provide it is above-mentioned
The software and hardware of function.And the storage root key for the safety chip mentioned in present invention refers to be produced by safety chip and protected
The public private key pair for encryption and decryption, SRK might not be refered in particular to.Equally, above-mentioned signature key is also referred to by safe core
The public private key pair for being used to sign that piece is produced and protected.
2. credible metric module
Credible metric module is located at operating system nucleus layer, is measured during system starts structure trust chain, institute
It is located at it in the TCB of whole system.What the present invention needed that it provides carries out complete to any process for starting in system environments
Property measurement, and the function that measurement results are expanded in safety chip.
The embodiment of the present invention will be illustrated below:
The essence of database security protection method based on reliable computing technology is using reliable computing technology to traditional
The enhancing of database security function.The transformation of former data base management system security function will be related in specific implementation:
Integrity verification flow is added in original authentication mechanism, authentication authorization and accounting mechanism is right after certification request is received
After the identity information stored in system table carries out integrity verification, certification could be implemented according to identity information.Identity information is usual
Multiple access may be simply performed after certification once, the efficiency of whole Database Systems will not be caused to influence too much, therefore
The integrity verification flow can directly be added in the code of authentication function.
Integrity verification flow is added in original access control mechanisms, i.e. access control mechanisms are receiving access request
Afterwards, after carrying out integrity verification to the authorization data stored in system table, access control could be implemented according to authorization data.And
Because requirement of the industrial control system for efficiency is higher, if data access all adds integrity verification in access control flow every time
Process, then it can greatly reduce efficiency.Therefore, integrity verification flow can be implemented separately as the expanded mode of a database
Block, and switch function is set, the integrality in access control flow can be opened or closed according to different application scenarios selections
Verification process.
And the transformation of Audit Mechanism is then divided into two aspects:On the one hand, Audit Mechanism records to database conducting audit
Before operation, integrity verification first is carried out to audit configuration relevant information.It is however, different from the modification of access control mechanisms
It is that audit configuration information generally can only be read once when database starts, and the efficiency of whole Database Systems will not be caused
Influence, therefore can directly add the integrity verification flow in the code of audit function.On the other hand, audit log conduct
The basis of subsequent analysis, it is necessary to ensure that it is credible.Therefore, it is necessary to when Audit Mechanism produces audit log, daily record is carried out
Integrity protection.First, the characteristics of more record being generally comprised based on audit log, record should be used when implementing integrity protection
The integrity protection of rank, rather than whole daily record;Secondly, recording the integrity protection of level can only ensure that attacker can not distort list
Bar record of the audit, but can not verify whether attacker deletes or add record of the audit.So need extraly to day of auditing
The monotone counter that will chip safe to use provides.Specifically, the form of original audit log is modified, the row of increase by two
Attribute is respectively used to stored count value and integrity value.When producing record of the audit every time, it should all be inquired about by Audit Mechanism current single
The value of counter is adjusted, and the integrity value and Counter Value of the record are signed together using the signature key of safety chip
And store.Because monotone counter is protected by safety chip, it can not be tampered, its value, which can only increase, to be reduced, therefore attack
Person deletes or increase record of the audit, can be by checking that count value tests out.
Claims (9)
1. a kind of database security protection method based on reliable computing technology, on the basis of data base management system TCB, lead to
The safeguard protection of safety chip and the realization of credible metric module to database is crossed, this method specifically includes:
1) safety chip startup with high safety is based on using the system of this method, and builds trust chain, the trust chain includes
Credible metric module and data base management system TCB;Meanwhile the safety chip produces a signature key, the signature key
Use environment be appointed as this trust chain environment;
2) when writing safety-relevant data into database by security mechanism, first by credible metric module to current number
Credible measurement is carried out according to base management system TCB safe condition;If current data base management system TCB is in a safe condition,
The integrity measurement value of the safety-relevant data is signed using signature key, and by the safety-relevant data and signature
Value is stored in database together, and the security mechanism includes Audit Mechanism, and the safety-relevant data includes audit configuration information
And audit log;The Audit Mechanism is used to be audited according to the audit configuration information stored in database, the audit day
The write-in flow of will comprises the following steps:
2-1) form of original audit log is modified, two Column Properties of increase are respectively used to stored count value and integrality
Value;
2-2) Audit Mechanism asks the signature key of safety chip before record of the audit is carried out;
2-3) credible measurement can be carried out to current data base management system TCB safe condition using credible metric module;
When 2-4) producing record of the audit every time, the current of the monotone counter provided by safety chip is all inquired about by Audit Mechanism
Count value, if data base management system TCB is in a safe condition, Audit Mechanism is then using the signature key of safety chip to the note
The integrity value and Counter Value of record carry out signing together and in data storage storehouses;
3) when reading the safety-relevant data from database by security mechanism, first by credible metric module to working as
Preceding data base management system TCB safe condition carries out credible measurement;If current data base management system TCB is in safe shape
State, then the signature value and the integrality of safety-relevant data that are read are verified.
2. the database security protection method based on reliable computing technology as claimed in claim 1, it is characterised in that the peace
Full mechanism includes:Authentication mechanism and access control mechanisms, the safety-relevant data include:Identity information and authorization message;Institute
Authentication mechanism is stated to be used to carry out identity validation according to the identity information stored in database;The access control mechanisms are used for basis
The authorization message stored in database conducts interviews control.
3. the database security protection method based on reliable computing technology as claimed in claim 2, it is characterised in that the body
The write-in flow of part information comprises the following steps:
The identity information of user 1-a) is obtained by authentication mechanism, and asks the signature key of safety chip;
Credible measurement 1-b) is carried out to current data base management system TCB safe condition using credible metric module;
If 1-c) data base management system TCB is in a safe condition, authentication mechanism is then using signature key to the complete of identity information
Whole property value is signed, and is then stored in the information and signature value in database together.
4. the database security protection method based on reliable computing technology as claimed in claim 3, it is characterised in that the body
The reading flow of part information comprises the following steps:
2-a) authentication mechanism reads out identity information and its signature value from database;
2-b) authentication mechanism checking signature value and the integrality of identity information, if by detection, can carry out follow-up certification
Operation, otherwise reporting authentication failure.
5. the database security protection method based on reliable computing technology as claimed in claim 2, it is characterised in that described to award
The write-in flow of power information comprises the following steps:
The authorization message of safety officer 3-a) is obtained by access control mechanisms, and asks the signature key of safety chip;
Credible measurement 3-b) is carried out to current data base management system TCB safe condition using credible metric module;
If 3-c) data base management system TCB is in a safe condition, access control mechanisms are then using signature key to authorization message
Integrity value signed, then authorization message and signature value are stored in database together.
6. the database security protection method based on reliable computing technology as claimed in claim 5, it is characterised in that described to award
The reading flow of power information comprises the following steps:
4-a) access control mechanisms read out authorization message and its signature value from database;
4-b) the integrality of access control mechanisms checking signature value and authorization message, if by detection, according to this authorization message
Conduct interviews control, and otherwise reporting authentication fails.
7. the database security protection method based on reliable computing technology as claimed in claim 1, it is characterised in that described to examine
The write-in flow of meter configuration information comprises the following steps:
5-a) be audited the audit configuration information of keeper by Audit Mechanism, and asks the signature key of safety chip;
5-b) credible measurement can be carried out to current data base management system TCB safe condition using credible metric module;
If 5-c) data base management system TCB is in a safe condition, Audit Mechanism is then using signature key to configuration information of auditing
Integrity value signed, then the information and signature value are stored in database together.
8. the database security protection method based on reliable computing technology as claimed in claim 7, it is characterised in that described to examine
The reading flow of meter configuration information comprises the following steps:
6-a) Audit Mechanism reads out configuration information and its signature value from database;
6-b) Audit Mechanism checking signature value and the integrality of configuration information, if by detection, are carried out according to this configuration information
Audit, otherwise reporting authentication failure.
9. the database security protection method based on reliable computing technology as claimed in claim 1, it is characterised in that described to examine
The reading flow of meter daily record comprises the following steps:
8-a) Audit Mechanism reads out audit log and its signature value from database;
8-b) Audit Mechanism checking signature value and the integrality of record of the audit, if by detection, can carry out follow-up audit
Query analysis operates, and otherwise reporting authentication fails.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510128903.2A CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510128903.2A CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104794410A CN104794410A (en) | 2015-07-22 |
CN104794410B true CN104794410B (en) | 2018-01-09 |
Family
ID=53559199
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510128903.2A Active CN104794410B (en) | 2015-03-23 | 2015-03-23 | A kind of database security protection method based on reliable computing technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104794410B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109145631A (en) * | 2017-06-15 | 2019-01-04 | 上海长城计算机网络工程有限公司 | A kind of database information security system |
CN109670312A (en) * | 2017-10-13 | 2019-04-23 | 华为技术有限公司 | Method of controlling security and computer system |
CN111814157B (en) * | 2019-04-12 | 2022-12-27 | 阿里巴巴集团控股有限公司 | Data security processing system, method, storage medium, processor and hardware security card |
EP3989478B1 (en) * | 2020-10-22 | 2023-10-18 | Moxa Inc. | Computing system and device for handling a chain of trust |
CN114978677A (en) * | 2022-05-20 | 2022-08-30 | 中国电信股份有限公司 | Asset access control method, device, electronic equipment and computer readable medium |
CN117725631A (en) * | 2023-12-18 | 2024-03-19 | 四川和恩泰半导体有限公司 | Secure memory bank and method for starting secure memory bank |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242267A (en) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A trusted network connection method for enhancing security |
CN102340500A (en) * | 2011-07-13 | 2012-02-01 | 中国人民解放军海军计算技术研究所 | Security management system and method of dependable computing platform |
CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100217988A1 (en) * | 2007-04-12 | 2010-08-26 | Avow Systems, Inc. | Electronic document management and delivery |
-
2015
- 2015-03-23 CN CN201510128903.2A patent/CN104794410B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242267A (en) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A trusted network connection method for enhancing security |
CN102340500A (en) * | 2011-07-13 | 2012-02-01 | 中国人民解放军海军计算技术研究所 | Security management system and method of dependable computing platform |
CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
Non-Patent Citations (1)
Title |
---|
基于可信平台模块的虚拟单调计数器研究;李昊 等;《计算机研究与发展》;20111231;第48卷(第3期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN104794410A (en) | 2015-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104794410B (en) | A kind of database security protection method based on reliable computing technology | |
Le et al. | BIFF: A blockchain-based IoT forensics framework with identity privacy | |
Saad et al. | Exploring the attack surface of blockchain: A comprehensive survey | |
Alblooshi et al. | Blockchain-based ownership management for medical IoT (MIoT) devices | |
CN109450638A (en) | Electronic component data management system and method based on block chain | |
US11151259B2 (en) | Method and system for data security, validation, verification and provenance within independent computer systems and digital networks | |
CN107864115A (en) | A kind of method that user account login authentication is carried out using portable terminal | |
US20190230071A1 (en) | System and method for authenticating and enabling an electronic device in an electronic system | |
US10628575B2 (en) | System and method to cause an obfuscated non-functional device to transition to a starting functional state using a specified number of cycles | |
CN104615947B (en) | A kind of believable data base integrity guard method and system | |
Panait et al. | Identity Management on Blockchain--Privacy and Security Aspects | |
Chen et al. | BPVSE: Publicly verifiable searchable encryption for cloud-assisted electronic health records | |
Li et al. | {RegexScalpel}: Regular Expression Denial of Service ({{{{{ReDoS}}}}}) Defense by {Localize-and-Fix} | |
TW202215814A (en) | Physically unclonable functions | |
TW202230397A (en) | Physically unclonable functions | |
CN106027237A (en) | Group based key array security authentication protocol in RFID (Radio Frequency Identification) system | |
Vig et al. | Customizing skewed trees for fast memory integrity verification in embedded systems | |
Haque et al. | Emergence of blockchain technology: a reliable and secure solution for IoT systems | |
Ziauddin et al. | Formal analysis of ISO/IEC 9798-2 authentication standard using AVISPA | |
CN112016119B (en) | Autonomous identity management method based on block chain | |
Othman et al. | Secured web application using combination of Query Tokenization and Adaptive Method in preventing SQL Injection Attacks | |
Brotsis et al. | Blockchain meets Internet of Things (IoT) forensics: A unified framework for IoT ecosystems | |
TW202215815A (en) | Physically unclonable functions | |
TW202232914A (en) | Physically unclonable functions | |
Zhan et al. | NSGA‐II‐Based Granularity‐Adaptive Control‐Flow Attestation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |