CN105354497A - Computer protection apparatus and method - Google Patents
Computer protection apparatus and method Download PDFInfo
- Publication number
- CN105354497A CN105354497A CN201510700374.9A CN201510700374A CN105354497A CN 105354497 A CN105354497 A CN 105354497A CN 201510700374 A CN201510700374 A CN 201510700374A CN 105354497 A CN105354497 A CN 105354497A
- Authority
- CN
- China
- Prior art keywords
- hardware device
- tolerance
- kernel file
- treat
- wait
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a computer protection apparatus and method. The apparatus comprises: a policy management unit, a hardware measurement unit, a software measurement unit and an execution unit, wherein the policy management unit is used for configuring a to-be-measured hardware device and a to-be-measured kernel file according to received policy configuration information; the hardware measurement unit is used for measuring the to-be-measured hardware device when a computer powered on to obtain a first measurement value; the software measurement unit is used for measuring the to-be-measured kernel file to obtain a second measurement value; and the execution unit is used for determining whether the first measurement and the second measurement value are the same as corresponding standard measurement values, if yes, the to-be-measured hardware device or a guiding operating system is allowed to be started, and if not, after a starting privileged code from the outside is received or a warning message is sent to the outside, the to-be-measured hardware device or the guiding operating system is allowed to be started. The scheme provided by the present invention can improve the security of a computer.
Description
Technical field
The present invention relates to field of computer technology, particularly a kind of device and method of computer safeguard.
Background technology
Along with the development of computer technology, computing machine plays more and more important role in life and in producing, and is widely used in the departments such as hospital, public institution and enterprise.Store the various data of user in computing machine, particularly store a large amount of data in the server, these data may be individual subscriber privacy, Enterprise business secret or government department's classified papers, if these data are obtained by disabled user, individual privacy will be caused to reveal, Enterprise business secret is obtained by rival, country's important decision is disclosed, thus bring puzzlement to personal user, cause huge economic loss to enterprise, national security and social stability are impacted.In order to protect these significant datas, needing to protect computing machine, avoiding disabled user to pass through to destroy and illegal acquisition number certificate computing machine.
At present, the method for protecting computing machine mainly by installing the software of anti-virus or preventing malicious attack on computers, preventing virus or Malware from attacking computing machine, thus preventing user data to be stolen.
Be directed to the method that prior art is protected computing machine by the software of anti-virus or preventing malicious attack, only faced by operating system layer, computing machine protects, cannot protect the potential safety hazard that operating system bottom exists, thus the security of computing machine is lower.
Summary of the invention
The invention provides a kind of device and method of computer safeguard, the security of computing machine can be improved.
Embodiments provide a kind of device of computer safeguard, comprising: policy management element, hardware metric element, software metrics unit and performance element;
Described policy management element, for receiving the outside policy configuration messages sent, according to described policy configuration messages, configuring and treats tolerance hardware device and wait to measure kernel file;
For what configure described policy management element after electricity on computers, described hardware metric element, treats that tolerance hardware device is measured, obtains the first metric;
For what configure described policy management element, described software metrics unit, treats that tolerance kernel file is measured, obtains the second metric;
Described performance element, for judging with described, whether the first metric that described hardware metric element obtains waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive outside send first start franchise code or after externally sending the first alert messages, treat described in permission that tolerance hardware device starts, and judge with described, whether the second metric that described software metrics unit obtains waits that the gauge value of measuring kernel file is identical, if, allow to guide os starting, if not, receive outside send second start franchise code or after externally sending the second alert messages, allow to guide os starting.
Preferably, described policy management element, be further used for described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is arranged, wherein said start-up mode comprises franchise start-up mode and warning start-up mode;
Described performance element, for after judging that described first metric is different from the described gauge value wait measuring hardware device, wait described in further judgement whether the start-up mode of measuring hardware device is franchise start-up mode, if, after receiving the outside franchise code of the first startup sent, treat described in permission that tolerance hardware device starts, otherwise, externally to send described in warning after the first abnormal alert messages appears in tolerance hardware device, treat described in permission that metrology equipment starts, and after judging that described second metric is different from the described gauge value wait measuring kernel file, wait described in further judgement whether the start-up mode of measuring kernel file is franchise start-up mode, if, after receiving the outside franchise code of the second startup sent, allow to guide os starting, otherwise, externally to send described in warning after the second abnormal alert messages appears in tolerance kernel file, allow to guide os starting.
Preferably, described policy management element, be further used for receiving the outside policy update message sent, according to described policy update message, treat tolerance hardware device to described and treat that tolerance kernel file increases accordingly or deletes, and described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is modified.
Preferably, this device comprises further: access control unit;
Described access control unit, for the white list that basis pre-sets, judge that information transmitting terminal to described policy management element sending strategy configuration messages and policy update message is whether in described white list, if, described policy management element is allowed to receive described policy configuration messages or the policy update message of the transmission of described information transmitting terminal, otherwise, stop described policy management element to receive described policy configuration messages or policy update message.
Preferably, described hardware metric element, for configuring after tolerance hardware device in described policy management element, and described policy management element to described after tolerance hardware device increases or deletes, treat that tolerance hardware device is measured to described, wait the gauge value of measuring hardware device described in formation, wait that the gauge value of measuring hardware device is stored in TPM chip by described;
Described software metrics unit, for configuring after tolerance kernel file in described policy management element, and described policy management element to described after tolerance kernel file increases or deletes, treat that tolerance kernel file is measured to described, wait the gauge value of measuring kernel file described in formation, wait that the gauge value of measuring kernel file is stored in described TPM chip by described;
Described performance element, for wait to measure described in reading from described TPM chip hardware device gauge value and described in wait to measure the gauge value of kernel file, judge the gauge value that described first metric waits to measure hardware device with described and described second metric respectively and describedly wait that whether the gauge value of measuring kernel file identical.
The embodiment of the present invention additionally provides a kind of method of computer safeguard, comprising:
Receive the outside policy configuration messages sent, according to described policy configuration messages, configure and treat tolerance hardware device and wait to measure kernel file;
Treat that tolerance hardware device is measured to described after computing machine powers on, obtain the first metric;
Judge with described, whether described first metric waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive first of outside transmission to start franchise code or after externally sending the first alert messages, described in permission, treat that tolerance hardware device starts;
Treat that tolerance kernel file is measured to described, obtain the second metric;
Judge with described, whether described second metric waits that the gauge value of measuring kernel file is identical, if so, allow to guide os starting, if not, receive second of outside transmission start franchise code or after externally sending the second alert messages, allow to guide os starting.
Preferably, the method comprises further: described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is arranged, and wherein said start-up mode comprises franchise start-up mode and warning start-up mode;
Described receive outside send first start franchise code or after externally sending the first alert messages, wait described in permission that measuring hardware device startup comprises: described in judgement, wait whether the start-up mode of measuring hardware device is franchise start-up mode, if, after receiving the outside franchise code of the first startup sent, treat described in permission that tolerance hardware device starts, otherwise, externally to send described in warning after the first abnormal alert messages appears in tolerance hardware device, described in permission, treat that metrology equipment starts;
Described receive outside send second start franchise code or after externally sending the second alert messages, allow to guide os starting to comprise: described in judgement, wait whether the start-up mode of measuring kernel file is franchise start-up mode, if, after receiving the outside franchise code of the second startup sent, allow to guide os starting, otherwise, externally send described in warning after measuring kernel file and occurring the second alert messages of exception, allow to guide os starting.
Preferably, the method comprises further: receive the outside policy update message sent, according to described policy update message, treat tolerance hardware device to described and treat that tolerance kernel file increases accordingly or deletes, and described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is modified.
Preferably, comprise described the taking a step forward of policy configuration messages receiving outside transmission: according to the white list pre-set, judge that the transmitting terminal of described policy configuration messages is whether in described white list, if, allow to receive described policy configuration messages, otherwise, stop the reception to described policy configuration messages.
Preferably, described receive outside send taking a step forward of policy update message comprise: according to described white list, judge that the transmitting terminal of described policy update message is whether in described white list, if, allow to receive described policy update message, otherwise, stop the reception to described policy update message.
Preferably, described configure treat tolerance hardware device and treat tolerance kernel file after comprise further: respectively to described treat tolerance hardware device and treat tolerance kernel file measure, wait described in formation measure the gauge value of hardware device and wait to measure the gauge value of kernel file, treat the gauge value of tolerance hardware device by described and wait that the gauge value of measuring kernel file is stored in TPM chip;
Treat tolerance hardware device described to described and treat that tolerance kernel file increases accordingly or comprises further after deleting: treat tolerance hardware device to described and wait that measuring kernel file measures respectively, wait described in formation measure the gauge value of hardware device and wait to measure the gauge value of kernel file, treat the gauge value of tolerance hardware device by described and wait that the gauge value of measuring kernel file is stored in TPM chip.
Preferably, describedly judge that described first metric is whether identical with described gauge value of waiting to measure hardware device and comprise: the gauge value of waiting to measure hardware device described in reading from described TPM chip, judge described first metric whether with read wait that the gauge value of measuring hardware device is identical;
Describedly judge that described second metric is whether identical with described gauge value of waiting to measure kernel file and comprise: the gauge value of waiting to measure kernel file described in reading from described TPM chip, judge described first metric whether with read wait that the gauge value of measuring kernel file is identical.
Embodiments provide a kind of device and method of computer safeguard, the policy configuration messages that policy management element sends according to outside, be configured in computer starting process need to carry out to measure treat tolerance hardware device and wait to measure kernel file, in computer starting process, hardware metric element is treated tolerance hardware device and is measured, obtain the first metric, software metrics unit is treated tolerance kernel file and is measured, obtain the second metric, performance element judges the first metric and waits that whether the gauge value of measuring hardware device is identical, if identical, allow to treat that tolerance hardware device starts, if not identical, receive outside send first start franchise code or after externally sending the first alert messages, allow to treat that tolerance hardware device starts, performance element judges the second metric and waits that whether the gauge value of measuring kernel file is identical, if identical, allow to guide os starting, if not identical, accept outside send second start franchise code or after externally sending the second alert messages, allow os starting, like this, computing machine is measured corresponding hardware device and kernel file in start-up course, judge that whether metric is identical with standard value, if identical, allow hardware device to start or guide operating system, if different, then send information warning to user or obtain user privilege start allow after, allow hardware device to start or guide operating system, ensure that user can understand the state of computer hardware equipment and kernel file in real time, take corresponding measure, thus improve the security of computing machine.
Accompanying drawing explanation
Fig. 1 is the device schematic diagram of a kind of computer safeguard that one embodiment of the invention provides;
Fig. 2 is the method flow diagram of a kind of computer safeguard that one embodiment of the invention provides;
Fig. 3 is the method flow diagram of a kind of computer safeguard that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, one embodiment of the invention provides a kind of device of computer safeguard, comprising: policy management element 101, hardware metric element 102, software metrics unit 103 and performance element 104;
Described policy management element 101, for accepting the outside policy configuration messages sent, according to described policy configuration messages, configuring and treats tolerance hardware device and wait to measure kernel file;
For what configure described policy management element 101 after electricity on computers, described hardware metric element 102, treats that tolerance hardware device is measured, obtains the first metric;
For what configure described policy management element 101, described software metrics unit 103, treats that tolerance kernel file is measured, obtains the second metric;
Described performance element 104, for judging with described, whether the first metric that described hardware metric element 102 obtains waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive outside send first start franchise code or after externally sending the first alert messages, treat described in permission that tolerance hardware device starts, and judge with described, whether the second metric that described software metrics unit 103 obtains waits that the gauge value of measuring kernel file is identical, if, allow to guide os starting, if not, receive outside send second start franchise code or after externally sending the second alert messages, allow to guide os starting.
Embodiments provide a kind of device of computer safeguard, the policy configuration messages that policy management element sends according to outside, be configured in computer starting process need to carry out to measure treat tolerance hardware device and wait to measure kernel file, in computer starting process, hardware metric element is treated tolerance hardware device and is measured, obtain the first metric, software metrics unit is treated tolerance kernel file and is measured, obtain the second metric, performance element judges the first metric and waits that whether the gauge value of measuring hardware device is identical, if identical, allow to treat that tolerance hardware device starts, if not identical, receive outside send first start franchise code or after externally sending the first alert messages, allow to treat that tolerance hardware device starts, performance element judges the second metric and waits that whether the gauge value of measuring kernel file is identical, if identical, allow to guide os starting, if not identical, accept outside send second start franchise code or after externally sending the second alert messages, allow os starting, like this, computing machine is measured corresponding hardware device and kernel file in start-up course, judge that whether metric is identical with standard value, if identical, allow hardware device to start or guide operating system, if different, then send information warning to user or obtain user privilege start allow after, allow hardware device to start or guide operating system, ensure that user can understand the state of computer hardware equipment and kernel file in real time, take corresponding measure, thus improve the security of computing machine.
In an embodiment of the invention, policy management element is measured hardware device by waiting and is treated that the start-up mode of tolerance kernel file is set to franchise start-up mode or warning start-up mode, performance element judgement first metric or the second metric different from corresponding gauge value after, the further start-up mode judging to wait to measure hardware device or wait to measure kernel file, if franchise start-up mode, then wait for that user inputs corresponding startup privilege code, after user inputs the corresponding franchise code of correct startup, allow to treat tolerance hardware device or treat that tolerance kernel file starts, if warning start-up mode, then sending to user warns until tolerance hardware device or after abnormal alert messages appears in tolerance kernel file, allow to treat tolerance hardware device or treat that tolerance kernel file starts, like this, user can according to the significance level of hardware device and kernel file, the start-up mode of hardware device or kernel file is set flexibly, when computer security sexual satisfaction service condition, improve the applicability of computing machine.
In an embodiment of the invention, policy management element can receive the policy update message that user sends, according to policy update message, increase or delete and treat tolerance hardware device and wait to measure kernel file, change the object of tolerance, ensure after replacement operation system or hardware device, still can measure key hardware equipment or kernel file, computing machine is protected, and treat tolerance hardware device and wait that the start-up mode of measuring kernel file is modified, realize hardware device and the different degree of protection of kernel file, thus improve adaptability and the dirigibility of this computer safeguard device.
In an embodiment of the invention, this device comprises access control unit further, access control unit is according to the white list pre-set, judge that information transmitting terminal to policy management element sending strategy configuration messages and policy update message is whether in white list, if, policy management element is allowed to receive corresponding policy configuration messages or policy update message, otherwise, policy management element is stoped to receive policy configuration messages or policy update message, disabled user is avoided to treat tolerance hardware device by changing to policy management element transmission message and wait to measure kernel file, and then the situation that computer hardware equipment or kernel file destroy is occurred, thus further increase the security of computing machine.
In an embodiment of the invention, after policy management element is treated tolerance hardware device and is treated that tolerance kernel file has configured, and policy management element treat tolerance hardware device or until tolerance kernel file increase or delete after, hardware metric element is treated tolerance hardware device and is measured, form the gauge value of waiting to measure hardware device, software metrics unit is treated tolerance kernel file and is measured, form the gauge value of waiting to measure kernel file, and will the gauge value of tolerance hardware device be treated and wait that the gauge value of measuring kernel file is stored in TPM chip respectively, performance element is when judging the first metric and whether identical with corresponding gauge value the second metric is, corresponding waiting to measure the gauge value of hardware device or treat the gauge value of tolerance kernel file is read from TPM chip, based on the characteristic of TPM chip, to the gauge value of tolerance hardware device be treated and wait that the gauge value of measuring kernel file is stored in TPM chip, the gauge value that disabled user can be avoided to pass through to treat tolerance hardware device or the gauge value of waiting to measure kernel file are modified and computing machine are started when storing and threatening, and then the situation stealing computer data or destruction of computer systems occurs, further increase the security of computing machine.
As shown in Figure 2, one embodiment of the invention provides a kind of method of computer safeguard, comprising:
Step 201: receive the outside policy configuration messages sent, according to described policy configuration messages, configures and treats tolerance hardware device and wait to measure kernel file;
Step 202: treat that tolerance hardware device is measured to described after computing machine powers on, obtain the first metric;
Step 203: judge with described, whether described first metric waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive first of outside transmission to start franchise code or after externally sending the first alert messages, described in permission, treat that tolerance hardware device starts;
Step 204: treat that tolerance kernel file is measured to described, obtain the second metric;
Step 205: judge with described, whether described second metric waits that the gauge value of measuring kernel file is identical, if, allow to guide os starting, if not, receive second of outside transmission start franchise code or after externally sending the second alert messages, allow to guide os starting.
Embodiments provide a kind of method of computer safeguard, after receiving the policy configuration messages of external user transmission, treat tolerance hardware device according to this policy configuration messages and treat that tolerance kernel file is configured, first treat tolerance hardware device after computing machine powers on to measure, obtain the first metric, judge the first metric and wait that whether the gauge value of measuring hardware device is identical, if identical, allow to treat that tolerance hardware device starts, if not identical, then at the first franchise code of startup of reception user transmission or after externally sending the first alert messages, allow to treat that tolerance hardware device starts, then treat tolerance kernel file to measure, obtain the second metric, judge the second metric and wait that whether the gauge value of measuring kernel file is identical, if identical, allow to guide os starting, if not identical, then at the second franchise code of startup of reception user transmission or after externally sending the second alert messages, allow to guide os starting, by this method, in computer starting process, respectively to user be concerned about hardware device and kernel file measure, judge whether it has problems, if no problem, hardware device is then allowed to start or guide os starting, if existing problems, then through user confirm or after sending alert messages to user, allow hardware device to start or guide os starting, guarantee the monitoring state to key hardware equipment and kernel file, adopt corresponding measure when going wrong, thus improve the security of computing machine.
In an embodiment of the invention, measure hardware device by waiting and treat that the start-up mode of tolerance kernel file is set to franchise start-up mode or warning start-up mode, at judgement first metric from after the gauge value of measuring hardware device is different, the further start-up mode judging to wait to measure hardware device, if start-up mode is franchise start-up mode, then wait for that user inputs the first startup privilege code, after user inputs the correct franchise code of the first startup, allow to treat that tolerance hardware device starts, if start-up mode is warning start-up mode, then sending to user warns after in-problem first alert messages of tolerance hardware device, allow to treat that tolerance hardware device starts, at judgement second metric from after the gauge value of measuring kernel file is different, the further start-up mode judging to wait to measure kernel file, if start-up mode is franchise start-up mode, then wait for that user inputs the second startup privilege code, after user inputs the correct franchise code of the second startup, allow to guide os starting, if start-up mode is warning start-up mode, then sending to user warns after in-problem second alert messages of tolerance kernel file, allow to guide os starting, like this, user can arrange the start-up mode of hardware device and kernel file flexibly according to the significance level of hardware device and kernel file, ensureing under the condition that computer security sexual satisfaction uses, counter-measure when hardware device or kernel file go wrong rationally is set, improve the applicability of computing machine.
In an embodiment of the invention, user can sending strategy updating message, treat tolerance hardware device or treat that tolerance kernel file increases accordingly or deletes, after realizing computing machine replacement operation system or replacing hardware device, still can protect the hardware device of key and kernel file, in addition, tolerance hardware device can be treated and wait that the start-up mode of measuring kernel file is modified, arrange according to the actual requirements and treat tolerance hardware device and wait to measure the degree of protection of kernel file, thus improve dirigibility and applicability that computing machine is protected.
In an embodiment of the invention, before the policy configuration messages receiving user's transmission or policy update message, first according to the transmitting terminal of the white list determination strategy configuration messages that pre-sets or policy update message whether in white list, if, then receive policy configuration messages or policy update message, treat tolerance hardware device and treat that tolerance kernel file carries out corresponding equipment, if not, then stop and receive policy configuration messages or policy update message, thus avoid disabled user to pass through to send illegal policy configuration messages or policy update message, Metric policy is distorted, the situation of measurement results distortion is caused to occur, thus further increase the security of computing machine.
In an embodiment of the invention, after treating tolerance hardware device according to policy configuration messages or policy update message and treating that tolerance kernel file is configured or upgrades, to configuration or has upgraded treat tolerance hardware device and wait measure kernel file measure, form the gauge value of waiting to measure hardware device and the gauge value of waiting to measure kernel file, by the gauge value of waiting to measure hardware device formed and wait that measuring the gauge value of kernel file is stored in TPM chip, judging the first metric or whether the second metric is identical with corresponding gauge value is, corresponding gauge value is read from TPM chip, like this, treat tolerance hardware device and after tolerance kernel file is configured or upgrades at every turn, form new gauge value, ensure gauge value and wait to measure hardware device or wait to measure the corresponding of kernel file, gauge value is stored in TPM chip, prevent disabled user from passing through to destroy computing machine to the amendment of gauge value, thus improve the reliability of tolerance and the security of computing machine.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As described in Figure 3, one embodiment of the invention provides a kind of method of computer safeguard, comprising:
Step 301: receive policy configuration messages, treats tolerance hardware device and treats that tolerance kernel file is configured, and arrange the start-up mode of waiting to measure hardware device and wait to measure kernel file.
In an embodiment of the invention, user is according to the actual service condition of computing machine, sending strategy configuration messages, judge that the user of sending strategy configuration messages is whether in the white list pre-set, if no longer, refusal accepts the processing configuration message that this user sends, if, after receiving the policy configuration messages of this user transmission, according to the selection of this user, what configuration needed to carry out measuring treats tolerance hardware device and waits to measure kernel file, and arrange and wait to measure hardware device and wait that measuring the start-up mode of kernel file is set to franchise start-up mode or warning start-up mode.Such as, user 1 is according to the actual service condition of computing machine 1, pci card, RAID card and RAM (random access memory) card are set to wait to measure hardware device, kernel file and initrd file are set to wait to measure kernel file, and the start-up mode of pci card, RAID card and kernel file is set to franchise start-up mode, the start-up mode of RAM (random access memory) card and initrd file is set to warn start-up mode.
Step 302: treat tolerance hardware device and treat that tolerance kernel file is measured, form corresponding gauge value.
In an embodiment of the invention, after treating tolerance hardware device and kernel file configured until tolerance, namely treat tolerance hardware device respectively and just treat that tolerance kernel file is measured, form the gauge value of waiting to measure hardware device and wait to measure the gauge value of kernel file, by the gauge value of waiting to measure hardware device formed and wait that the gauge value of measuring kernel file is stored in TPM chip.Such as, respectively pci card, RAID card, RAM (random access memory) card, kernel file and initrd file are measured, obtain the gauge value of the gauge value of pci card, the gauge value of RAID card, the gauge value of RAM (random access memory) card, the gauge value of kernel file and initrd file respectively, each gauge value obtained is stored in TPM chip.
Step 303: treat tolerance hardware device and measure, obtain the first corresponding metric.
In an embodiment of the invention, successively each is treated that tolerance hardware device is measured, obtain each and wait to measure the first metric corresponding to hardware device.Such as, respectively pci card, RAID card and RAM (random access memory) card are measured, obtain the first metric corresponding to the first metric corresponding to pci card, RAID card and the first metric corresponding to RAM (random access memory) card.
Step 304: judge that whether the first metric that each waits to measure hardware device corresponding is identical with corresponding gauge value, if so, perform step 308, otherwise perform step 305.
In an embodiment of the invention, from TPM chip, read each wait to measure gauge value corresponding to hardware device, each is treated the first metric that tolerance hardware device is corresponding and gauge value compare, if the first metric is worth identical with gauge, then perform step 308, if different, then perform step 305.Such as, the gauge value that pci card, RAID card and RAM (random access memory) card are corresponding is read respectively from TPM chip, respectively the first corresponding to pci card, RAID card and RAM (random access memory) card metric is compared with corresponding gauge value, obtain pci card and each self-corresponding first metric of RAM (random access memory) card different from corresponding gauge value, first metric corresponding to RAID card is worth identical with corresponding gauge, perform step 305 for pci card and RAM (random access memory) card, perform step 308 for RAID card.
Step 305: judge whether the start-up mode waiting to measure hardware device is franchise start-up mode, if so, perform step 306, otherwise perform step 307.
In an embodiment of the invention, if wait that the first metric measuring hardware device is different from corresponding gauge value, then judge that this treats tolerance hardware device start-up mode, if start-up mode is franchise start-up mode, then perform step 306, if start-up mode is warning start-up mode, then perform step 307.Such as, judge that the start-up mode of pci card is franchise start-up mode, the start-up mode of RAM (random access memory) card is warning start-up mode, performs step 306, perform step 307 for RAM (random access memory) card for pci card.
Step 306: judge that whether the franchise code of the first startup that user inputs is correct, if so, perform step 308, otherwise terminate current process.
In an embodiment of the invention, when judging after tolerance hardware device is franchise start-up mode, wait for that user inputs the first startup privilege code, and judge that whether the franchise code of the first startup that user inputs is correct, if the franchise code mistake of the first startup that user does not input or inputs, then terminate current process, if having input the correct franchise code of the first startup, then perform step 308.Such as, user performs step 308 for pci card after have input the correct franchise code of the first startup of pci card.
Step 307: send to user and treat in-problem first alert messages of tolerance hardware device.
In an embodiment of the invention, when judge until tolerance hardware device start-up mode for warning start-up mode after, for in-problem wait measure hardware device, to user send warning this wait measure hardware device there is the first abnormal alert messages.Such as, send RAM (random access memory) card to user and occur the first abnormal alert messages.
Step 308: treat that tolerance hardware device starts, treats tolerance kernel file and measures, obtain the second corresponding metric.
In an embodiment of the invention, after tolerance hardware device starts, each is treated that tolerance kernel file is measured, obtain the second metric that each waits to measure kernel file.Such as, respectively kernel file and initrd file are measured, obtain kernel file and the second metric corresponding to initrd file.
Step 309: judge that whether the second metric that each waits to measure kernel file corresponding is identical with corresponding gauge value, if so, perform step 313, otherwise perform step 310.
Step 310: judge whether the start-up mode waiting to measure kernel file is franchise start-up mode, if so, perform step 311, otherwise perform step 312.
Step 311: judge that whether the franchise code of the second startup that user inputs is correct, if so, perform step 313, otherwise terminate current process.
Step 312: send second alert messages of waiting to measure kernel file storage problem to user.
Step 313: allow kernel file to guide os starting.
In an embodiment of the invention, identical with gauge value at the second metric judging to wait to measure kernel file, or although the second metric is different from gauge value, but be warn start-up mode or input after the correct franchise code of the second startup through user until tolerance kernel file, kernel file guides os starting, and computer starting completes.
It should be noted that, step 309 and step 304, step 310 and step 305, step 311 and step 306, step 312 are similar to step 307 processing procedure, are here no longer described in detail.
According to such scheme, the device and method of a kind of computer safeguard that embodiments of the invention provide, at least has following beneficial effect:
1, in the embodiment of the present invention, the policy configuration messages that policy management element sends according to outside, be configured in computer starting process need to carry out to measure treat tolerance hardware device and wait to measure kernel file, in computer starting process, hardware metric element is treated tolerance hardware device and is measured, obtain the first metric, software metrics unit is treated tolerance kernel file and is measured, obtain the second metric, performance element judges the first metric and waits that whether the gauge value of measuring hardware device is identical, if identical, allow to treat that tolerance hardware device starts, if not identical, receive outside send first start franchise code or after externally sending the first alert messages, allow to treat that tolerance hardware device starts, performance element judges the second metric and waits that whether the gauge value of measuring kernel file is identical, if identical, allow to guide os starting, if not identical, accept outside send second start franchise code or after externally sending the second alert messages, allow os starting, like this, computing machine is measured corresponding hardware device and kernel file in start-up course, judge that whether metric is identical with standard value, if identical, allow hardware device to start or guide operating system, if different, then send information warning to user or obtain user privilege start allow after, allow hardware device to start or guide operating system, ensure that user can understand the state of computer hardware equipment and kernel file in real time, take corresponding measure, thus improve the security of computing machine.
2, in the embodiment of the present invention, wait to measure hardware device and wait that the gauge value of measuring kernel file is stored in TPM chip, based on the security feature of TPM chip, disabled user can be avoided by distorting gauge value, make to wait that the situation of the tolerance forfeiture meaning of measuring hardware device and waiting to measure kernel file occurs, thus further increase the security of computing machine.
3, in the embodiment of the present invention, user can sending strategy updating message, treat tolerance hardware device by policy update message and treat that tolerance kernel file is deleted accordingly or increases, and tolerance hardware device can be treated or wait that the start-up mode of measuring kernel file is modified, thus still can protect computing machine key hardware equipment and kernel file at replacing hardware device or after changing computer operating system, and by the amendment to start-up mode, change the degree of protection to hardware device or kernel file, thus provide the applicability of this computer protecting method.
4, in the embodiment of the present invention, before the policy configuration messages receiving user's transmission or policy update message, judge that the user of sending strategy configuration messages or policy update is whether in the white list preset, if receive this policy configuration messages or policy update message in permission, if do not existed, reject this policy configuration messages or policy update message, thus avoid disabled user by sending the method for illegal policy configuration messages or policy update message, Metric policy is changed, cause measuring situation about losing efficacy to send, further increase the security of computing machine.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a device for computer safeguard, is characterized in that, comprising: policy management element, hardware metric element, software metrics unit and performance element;
Described policy management element, for receiving the outside policy configuration messages sent, according to described policy configuration messages, configuring and treats tolerance hardware device and wait to measure kernel file;
For what configure described policy management element after electricity on computers, described hardware metric element, treats that tolerance hardware device is measured, obtains the first metric;
For what configure described policy management element, described software metrics unit, treats that tolerance kernel file is measured, obtains the second metric;
Described performance element, for judging with described, whether the first metric that described hardware metric element obtains waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive outside send first start franchise code or after externally sending the first alert messages, treat described in permission that tolerance hardware device starts, and judge with described, whether the second metric that described software metrics unit obtains waits that the gauge value of measuring kernel file is identical, if, allow to guide os starting, if not, receive outside send second start franchise code or after externally sending the second alert messages, allow to guide os starting.
2. device according to claim 1, is characterized in that,
Described policy management element, be further used for described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is arranged, wherein said start-up mode comprises franchise start-up mode and warning start-up mode;
Described performance element, for after judging that described first metric is different from the described gauge value wait measuring hardware device, wait described in further judgement whether the start-up mode of measuring hardware device is franchise start-up mode, if, after receiving the outside franchise code of the first startup sent, treat described in permission that tolerance hardware device starts, otherwise, externally to send described in warning after the first abnormal alert messages appears in tolerance hardware device, treat described in permission that metrology equipment starts, and after judging that described second metric is different from the described gauge value wait measuring kernel file, wait described in further judgement whether the start-up mode of measuring kernel file is franchise start-up mode, if, after receiving the outside franchise code of the second startup sent, allow to guide os starting, otherwise, externally to send described in warning after the second abnormal alert messages appears in tolerance kernel file, allow to guide os starting.
3. device according to claim 2, is characterized in that,
Described policy management element, be further used for receiving the outside policy update message sent, according to described policy update message, treat tolerance hardware device to described and treat that tolerance kernel file increases accordingly or deletes, and described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is modified.
4. device according to claim 3, is characterized in that, comprises further: access control unit;
Described access control unit, for the white list that basis pre-sets, judge that information transmitting terminal to described policy management element sending strategy configuration messages and policy update message is whether in described white list, if, described policy management element is allowed to receive described policy configuration messages or the policy update message of the transmission of described information transmitting terminal, otherwise, stop described policy management element to receive described policy configuration messages or policy update message.
5. device according to claim 3, is characterized in that,
Described hardware metric element, for configuring after tolerance hardware device in described policy management element, and described policy management element to described after tolerance hardware device increases or deletes, treat that tolerance hardware device is measured to described, wait the gauge value of measuring hardware device described in formation, wait that the gauge value of measuring hardware device is stored in TPM chip by described;
Described software metrics unit, for configuring after tolerance kernel file in described policy management element, and described policy management element to described after tolerance kernel file increases or deletes, treat that tolerance kernel file is measured to described, wait the gauge value of measuring kernel file described in formation, wait that the gauge value of measuring kernel file is stored in described TPM chip by described;
Described performance element, for wait to measure described in reading from described TPM chip hardware device gauge value and described in wait to measure the gauge value of kernel file, judge the gauge value that described first metric waits to measure hardware device with described and described second metric respectively and describedly wait that whether the gauge value of measuring kernel file identical.
6. a method for computer safeguard, is characterized in that, comprising:
Receive the outside policy configuration messages sent, according to described policy configuration messages, configure and treat tolerance hardware device and wait to measure kernel file;
Treat that tolerance hardware device is measured to described after computing machine powers on, obtain the first metric;
Judge with described, whether described first metric waits that the gauge value of measuring hardware device is identical, if, treat described in permission that tolerance hardware device starts, if not, receive first of outside transmission to start franchise code or after externally sending the first alert messages, described in permission, treat that tolerance hardware device starts;
Treat that tolerance kernel file is measured to described, obtain the second metric;
Judge with described, whether described second metric waits that the gauge value of measuring kernel file is identical, if so, allow to guide os starting, if not, receive second of outside transmission start franchise code or after externally sending the second alert messages, allow to guide os starting.
7. method according to claim 6, is characterized in that, comprises further: described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is arranged, and wherein said start-up mode comprises franchise start-up mode and warning start-up mode;
Described receive outside send first start franchise code or after externally sending the first alert messages, wait described in permission that measuring hardware device startup comprises: described in judgement, wait whether the start-up mode of measuring hardware device is franchise start-up mode, if, after receiving the outside franchise code of the first startup sent, treat described in permission that tolerance hardware device starts, otherwise, externally to send described in warning after the first abnormal alert messages appears in tolerance hardware device, described in permission, treat that metrology equipment starts;
Described receive outside send second start franchise code or after externally sending the second alert messages, allow to guide os starting to comprise: described in judgement, wait whether the start-up mode of measuring kernel file is franchise start-up mode, if, after receiving the outside franchise code of the second startup sent, allow to guide os starting, otherwise, externally send described in warning after measuring kernel file and occurring the second alert messages of exception, allow to guide os starting.
8. method according to claim 7, is characterized in that, comprises further:
Receive the outside policy update message sent, according to described policy update message, treat tolerance hardware device to described and treat that tolerance kernel file increases accordingly or deletes, and described waiting is measured to hardware device and waited that the start-up mode of measuring kernel file is modified.
9. method according to claim 8, is characterized in that,
Comprise described the taking a step forward of policy configuration messages receiving outside transmission: according to the white list pre-set, judge that the transmitting terminal of described policy configuration messages is whether in described white list, if, allow to receive described policy configuration messages, otherwise, stop the reception to described policy configuration messages;
And/or,
Described receive outside send taking a step forward of policy update message comprise: according to described white list, judge that the transmitting terminal of described policy update message is whether in described white list, if so, allow to receive described policy update message, otherwise, stop the reception to described policy update message.
10. method according to claim 8, is characterized in that,
Described configure treat tolerance hardware device and treat tolerance kernel file after comprise further: respectively to described treat tolerance hardware device and treat tolerance kernel file measure, wait described in formation measure the gauge value of hardware device and wait to measure the gauge value of kernel file, treat the gauge value of tolerance hardware device by described and wait that the gauge value of measuring kernel file is stored in TPM chip;
Treat tolerance hardware device described to described and treat that tolerance kernel file increases accordingly or comprises further after deleting: treat tolerance hardware device to described and wait that measuring kernel file measures respectively, wait described in formation measure the gauge value of hardware device and wait to measure the gauge value of kernel file, treat the gauge value of tolerance hardware device by described and wait that the gauge value of measuring kernel file is stored in TPM chip;
And/or,
Describedly judge that described first metric is whether identical with described gauge value of waiting to measure hardware device and comprise: the gauge value of waiting to measure hardware device described in reading from described TPM chip, judge described first metric whether with read wait that the gauge value of measuring hardware device is identical;
Describedly judge that described second metric is whether identical with described gauge value of waiting to measure kernel file and comprise: the gauge value of waiting to measure kernel file described in reading from described TPM chip, judge described first metric whether with read wait that the gauge value of measuring kernel file is identical.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510700374.9A CN105354497A (en) | 2015-10-26 | 2015-10-26 | Computer protection apparatus and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510700374.9A CN105354497A (en) | 2015-10-26 | 2015-10-26 | Computer protection apparatus and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105354497A true CN105354497A (en) | 2016-02-24 |
Family
ID=55330468
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510700374.9A Pending CN105354497A (en) | 2015-10-26 | 2015-10-26 | Computer protection apparatus and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105354497A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107346393A (en) * | 2017-06-30 | 2017-11-14 | 浪潮(北京)电子信息产业有限公司 | A kind of system start method and system based on TCM |
| CN107766734A (en) * | 2017-11-03 | 2018-03-06 | 浪潮(北京)电子信息产业有限公司 | Clean boot RAID card method, apparatus, equipment and computer-readable recording medium |
| CN109214187A (en) * | 2017-06-29 | 2019-01-15 | 龙芯中科技术有限公司 | A kind of method, apparatus and electronic equipment controlling computer starting |
| CN110197073A (en) * | 2019-05-30 | 2019-09-03 | 苏州浪潮智能科技有限公司 | A kind of method and system based on self checking mechanism protected host integrality |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1952885A (en) * | 2005-10-19 | 2007-04-25 | 联想(北京)有限公司 | A computer system and method to check completely |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
-
2015
- 2015-10-26 CN CN201510700374.9A patent/CN105354497A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1952885A (en) * | 2005-10-19 | 2007-04-25 | 联想(北京)有限公司 | A computer system and method to check completely |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109214187A (en) * | 2017-06-29 | 2019-01-15 | 龙芯中科技术有限公司 | A kind of method, apparatus and electronic equipment controlling computer starting |
| CN107346393A (en) * | 2017-06-30 | 2017-11-14 | 浪潮(北京)电子信息产业有限公司 | A kind of system start method and system based on TCM |
| CN107766734A (en) * | 2017-11-03 | 2018-03-06 | 浪潮(北京)电子信息产业有限公司 | Clean boot RAID card method, apparatus, equipment and computer-readable recording medium |
| CN110197073A (en) * | 2019-05-30 | 2019-09-03 | 苏州浪潮智能科技有限公司 | A kind of method and system based on self checking mechanism protected host integrality |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3226169B1 (en) | Antivirus signature distribution with distributed ledger | |
| US9596250B2 (en) | System and method for protecting against point of sale malware using memory scraping | |
| KR101928908B1 (en) | Systems and Methods for Using a Reputation Indicator to Facilitate Malware Scanning | |
| KR102307534B1 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| KR102116573B1 (en) | Dynamic reputation indicators for optimizing computer security operations | |
| CN108073821B (en) | Data security processing method and device | |
| JP2013532866A (en) | Hacker virus security integrated management machine | |
| CN105354497A (en) | Computer protection apparatus and method | |
| CN101833621A (en) | Terminal safety audit method and system | |
| US20070250547A1 (en) | Log Preservation Method, and Program and System Thereof | |
| CN112039894A (en) | Network access control method, device, storage medium and electronic equipment | |
| US20220027471A1 (en) | Advanced ransomware detection | |
| CN112035843A (en) | Vulnerability processing method and device, electronic equipment and storage medium | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN107563198B (en) | Host virus prevention and control system and method for industrial control system | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| JP7123488B2 (en) | File access monitoring method, program and system | |
| JP2015052951A (en) | Security strengthening device | |
| US20240163264A1 (en) | Real-time data encryption/decryption security system and method for network-based storage | |
| KR101614809B1 (en) | Practice control system of endpoint application program and method for control the same | |
| JP6442649B1 (en) | File access monitoring method, program, and system | |
| CN108345804B (en) | Storage method and device in trusted computing environment | |
| US20230020873A1 (en) | Device driver for contactless payments | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| CN113127141B (en) | Container system management method and device, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160224 |