CN105468978A - Trusted computing cryptogram platform suitable for general computation platform of electric system - Google Patents
Trusted computing cryptogram platform suitable for general computation platform of electric system Download PDFInfo
- Publication number
- CN105468978A CN105468978A CN201510782795.0A CN201510782795A CN105468978A CN 105468978 A CN105468978 A CN 105468978A CN 201510782795 A CN201510782795 A CN 201510782795A CN 105468978 A CN105468978 A CN 105468978A
- Authority
- CN
- China
- Prior art keywords
- platform
- trusted
- module
- software
- creditable calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention provides a trusted computing cryptogram platform suitable for a general computation platform of an electric system. The cryptogram platform comprises a trusted computing cryptogram module and a trusted software system, wherein the trusted computing cryptogram module comprises a trusted measurement root, a trusted storage root and a trusted report root and is a transferring starting point of a platform trust chain; and the trusted software system comprises a trusted computing cryptogram driving module, a measurement module and an auditing module and provides an interface which uses the trusted computing cryptogram platform for an operating system and application software. The trusted computing cryptogram module is the trusted root which provides trusted environment for the operation of the trusted computing cryptogram platform, and the trusted software system is a core for realizing the functions and the service of the trusted computing cryptogram platform and provides guarantee for the management of the trusted computing cryptogram platform. The trusted computing cryptogram platform can provide functions including static measurement, dynamic measurement, white lists, access control and the like for a business system, and manages the sources and the operation of the system software to guarantee that the software is trusted, recognizable and controllable.
Description
Technical field
The present invention relates to reliable computing technology field, be specifically related to a kind of creditable calculation password platform being applicable to electric system universal computing platform.
Background technology
The unsafe root of infosystem is the simplification due to PC structure, process in system, program are not verified, executable program, process is caused to perform arbitrarily in unauthorized situation, implement malicious act, and traditional fire wall, anti-virus, IDS, seal beyond being all stifled, afterwards upgrade viral code storehouse be main, can not Initiative Defense, active defense.
Trust computing by introducing credible chip on hardware, solve personal computer architecture from structure and simplify the fragility problem brought, based on hardware chip, from platform powers up, to the execution of application program, build complete trust chain, one-level certification one-level, one-level trusts one-level, and the program not obtaining certification can not perform, thus make infosystem realize autoimmunity, build the infosystem of high safety grade.
Summary of the invention
For overcoming above-mentioned the deficiencies in the prior art, the invention provides a kind of creditable calculation password platform being applicable to electric system universal computing platform.For operation system provides the operation system malicious code immunologic mechanism based on white list, provide operating system trusted bootstrap mechanism, self possess the protect and manage mechanism of security strategy simultaneously.By managing the source of system software and operation, ensure credible, the identifiable design of software and controlled, according to the collocation strategy preset, the key modules of program and the resource access of process are controlled, realize the Initiative Defense to known/unknown malicious code, reduce executable program and be destroyed the risk be tampered, ensure executable program safe and stable operation.
Realizing the solution that above-mentioned purpose adopts is:
Be applicable to a creditable calculation password platform for electric system universal computing platform, described password platform comprises: creditable calculation password module and trusted software system;
Described creditable calculation password module comprises credible tolerance root, trusted storage root, credible report root, is the starting point of platform transitive trust;
Described trusted software system comprises: creditable calculation password driver module, metric module and Audit Module, for operating system and application software provide the interface using creditable calculation password platform.
Preferably, described creditable calculation password module comprises hardware board form and software forms;
Described hardware board form comprises: enforcement engine, non-volatile memory cells, volatile memory cell, randomizer, cryptographic algorithm engine, key generator and timer, for trusted software system provides cryptographic algorithm and policy store, the Conservation and regeneration mechanism of hardware;
Described software forms provides the cryptographic algorithm of software forms and policy store, Conservation and regeneration mechanism for trusted software system.
Preferably, described creditable calculation password driver module provides driving for described creditable calculation password module;
Described metric module is used for the integrity measurement to described creditable calculation password platform subsequent software;
Described subsequent software comprises: core dlm (dynamic loading module), dynamic base, uncontrollable operating system kernel, and the application program in uncontrollable operating system;
Described Audit Module, for intercepting and capturing the specific behavior of upper layer application or uncontrollable operating system, carries out behavior auditing and analysis, and triggers predetermined response action.
Further, described integrity measurement comprises staticametric and dynamic measurement;
The content of described staticametric comprises executable program, dynamic base and kernel module in system, staticametric carries out the Hash calculation of file content to this three class file, and result of calculation and expected results are compared, judge whether the integrality of measure object wrecks with this;
Described dynamic measurement is the collection completed before measure object starts measure object desired value, and according to the desired value of collecting, verifies in system cloud gray model to measure object.
Preferably, described creditable calculation password platform provides white list mechanism and the forced symmetric centralization based on safety label;
Described white list mechanism is generate white list storehouse by scan interface scanning in software installation process, judges whether that permission program is run when program is run according to described white list storehouse;
The described forced symmetric centralization based on safety label comprises:
(1) man-machine initiation service access request;
(2) the trusted software system be deployed on SCADA server intercepts and captures this request;
(3) from first packet of request, main body safety label is extracted;
(4) in port and service corresponding lists, corresponding service name is found according to the port numbers of service;
(5) corresponding object label is found according to service name in object list of labels;
(6) authority credentials in main body safety label and object label is carried out XOR;
(7) if authority judges to pass through, clearance packet;
(8) follow-up data of this request will directly be let pass, and not carry out authority judgement.
Compared with prior art, the present invention has following beneficial effect:
(1) by managing the source of system software and operation, credible, the identifiable design of software and controlled is ensured.
(2) according to the collocation strategy preset, the key modules of program and the resource access of process can be controlled.
(3) realize the Initiative Defense to known/unknown malicious code, reduce executable program and be destroyed the risk be tampered, ensure executable program safe and stable operation.
Accompanying drawing explanation
Accompanying drawing 1: creditable calculation password platform system assumption diagram of the present invention;
Accompanying drawing 2: creditable calculation password module composition of the present invention;
Accompanying drawing 3: staticametric system assumption diagram of the present invention;
Accompanying drawing 4: the overall implementation framework of dynamic measurement of the present invention;
Accompanying drawing 5: kernel critical data tolerance block diagram of the present invention;
Accompanying drawing 6: running state of process tolerance block diagram of the present invention;
Accompanying drawing 7: processes of the present invention calls the tolerance block diagram of behavior;
Accompanying drawing 8: controlling mechanism installed by white list of the present invention-software;
Accompanying drawing 9: creditable calculation password platform of the present invention and process force access relation figure;
Accompanying drawing 10: the forced symmetric centralization based on safety label of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
Upon power-up of the system, first credible chip measures the integrality of BIOS, measurement results with gather during system initial launch, the desired value row be kept in credible chip compares.If result is consistent, then showing that BIOS is not tampered, is believable, and the tolerance code in BIOS will be measured OSLoader (comprising Master boot sector MBR, booting operating system sector etc.), under judgement OSLoader is believable situation, the loading procedure of executive operating system.OSLoader, before load operation system, first measures operating system and creditable calculation password platform, when judgement its credible after, load and executive operating system and creditable calculation password platform.After os starting, creditable calculation password platform obtains control, and application programs starts and the integrality of associated profile is measured, if application and important configuration file are believable, operating system loads and performs this application program.Pass through aforesaid operations, credible calculating platform is that system starts and establishes the complete trust chain be made up of BIOS, OSLoader, operating system, creditable calculation password platform and application, fundamentally eliminates the implanted virus of system, wooden horse carries out the possibility destroyed.
In system operation, whether be in believable state to system and process to detect in real time, to the system call behavior of process, and the kernel critical data (such as subsystem call table, interrupt-descriptor table, key operation collection pointer etc.), kernel code section, process code section, the list of process shared library etc. in running status is measured, whether the integrality of detection system and the process space is tampered.If destroy integrity, the system call behavior of process will be prevented from, thus effectively take precautions against in the mode of Initiative Defense and utilize system vulnerability that malicious code injected system and the process space are carried out the security risk of perviousness attack to system.
● creditable calculation password platform composition and working principle:
Creditable calculation password platform take cryptographic technique as basis of formation, and be made up of creditable calculation password module and trusted software system, architecture as shown in Figure 1.Wherein creditable calculation password module is root of trust, and for the operation of creditable calculation password platform provides trusted context, trusted software system is the core that creditable calculation password platform function and service realize, and provides safeguard for the management of creditable calculation password platform.
Creditable calculation password platform, by the successively transmission of credible support from bottom to top and trust, is set up the chain-of-trust running through system, is built trusted computation environment.Creditable calculation password module newly-increased on terminal mainboard is the root of trust of credible platform, and comprising credible tolerance root, trusted storage root, credible report root, is the starting point of platform transitive trust.Credible tolerance root is the trusted root of integrity measurement, and trusted storage root is the trusted root of data memory protection, and credible report root is the trusted root of integrity report; Creditable calculation password platform for core component realizes integrity measurement and memory mechanism, and realizes the foundation of trusted bootstrap and trust chain with the autonomous trusted root of creditable calculation password module (RT).Trusted software system is the support programs of creditable calculation password platform, and for operating system and application software provide an interface using creditable calculation password platform, meanwhile, it also assures that the transmission of trust chain in software systems.Run on the trusted service that the application on credible calculating platform provides by means of creditable calculation password platform, in trusted computation environment, complete believable application function and service.
● creditable calculation password module
Creditable calculation password module has hardware board and software two kinds of forms, adopts the creditable calculation password module of different shape according to the demand for security rank of server, as shown in the table:
Table 1 creditable calculation password component form
The creditable calculation password module of hardware board form provides cryptographic algorithm and policy store, the Conservation and regeneration mechanism of hardware for trusted software system:
(1) cryptographic algorithm: for trusted software system provides high-performance SM2 and SM3 algorithm;
(2) strategy protection: the digest value storing trusted software document of strategy system, for strategy file provides integrity protection, avoids malice to distort;
(3) the credible startup of operating system: the driving providing CPU real pattern, for the System guides stage provides the staticametric for kernel to support.
The creditable calculation password module of software forms provides cryptographic algorithm and policy store, the Conservation and regeneration mechanism of software forms for trusted software system:
(1) cryptographic algorithm: for trusted software system provides high-performance SM2 and SM3 algorithm;
(2) strategy protection: the digest value of protection trusted software document of strategy system, for strategy file provides integrity protection, avoids malice to distort.
Hardware board form creditable calculation password module chip is made up of parts such as enforcement engine, non-volatile memory cells, volatile memory cell, randomizer, cryptographic algorithm engine, key generator, timers, as shown in Figure 2, and by input and output bridge-jointing unit the address space these functional modules being mapped to CPU in sheet.
The electric power system independent of CPU is devised in creditable calculation password module scheme, so creditable calculation password module can start prior to CPU as main equipment, thus can run as main equipment, become the starting point of the credible tolerance of whole system, tolerance comprises all parts of BIOS, the trust chain that to set up with creditable calculation password module be starting point.
Creditable calculation password inside modules enforcement engine is the computing performance element of creditable calculation password module.The non-volatile memory cells of creditable calculation password inside modules is divided into program storage unit (PSU), data storage cell and trusted register group three part, designs the NV register of 1280 bytes altogether.Wherein, program storage unit (PSU) storing firmware and control program " data storage cell storage key, certificate, daily record and other private datas.Trusted register group comprises: module id register, version number's register, power supply and condition managing register, using state register, current user identities identification register, platform configuration register, platform bind register, user management register, nonvolatile memory (NV).
The volatile memory cell of creditable calculation password inside modules comprises: the data buffer of opening up in platform configuration register and calculating process.During user log off, significant data is stored into nonvolatile memory, resets user's space in volatile memory cell.Wherein platform configuration register PCR is an one group of register being arranged on creditable calculation password inside modules, has 128 256 shielded platform configuration register (PCR), for store integrity metrics value, extends to 256.
Creditable calculation password module, by controlling ruling engine, realizes the ruling function of the access control to hardware resource.Ruling result or signal, send to credible calculating platform by GPIO signal wire.
● trusted software system
Trusted software system, as a part for creditable calculation password platform, is made up of following assemblies: creditable calculation password driver module, metric module and Audit Module.Trusted software system mainly realizes the transmission of trust chain and the tolerance of application software and uncontrollable operating system and audit.Creditable calculation password driver module completes the management function of creditable calculation password module device and provides driving, and by creditable calculation password module chip, manufacturer provides.Metric module in trusted software system mainly realizes the integrity measurement of creditable calculation password platform to subsequent software, these softwares comprise: core dlm (dynamic loading module), application program, dynamic base, uncontrollable operating system kernel, and the application program etc. in uncontrollable operating system.
The integrity measurement of software comprises following three processes:
1) software vendor is while release application program or its upgrade, and provides the inventory of the hashed value that the executable file (referring to comprise the file of code) of this application program of composition is corresponding, and signs to each hashed value." file-hashed value to " by signature verification, after application program is installed or upgraded, is synchronized to application program summary database (ADDB) by operating system.This database should use and store master key protection.
2) operating system kernel is before program file or shared library file are performed, and calls creditable calculation password module request creditable calculation password module tolerance corresponding document.Creditable calculation password module does hash operations to specified file, and returns result of calculation.If need for the integrity report of this application program, then also need above-mentioned calculating gained hashed value to be stored in specific PCR, and record tolerance storing daily record (SML).
3) creditable calculation password module calculating gained hashed value compares with the desired value be kept in ADDB by operating system, if conform to, performs respective code, otherwise stops the execution of application program.
The Main Function of the Audit Module in trusted software system is the specific behavior intercepting and capturing upper layer application or uncontrollable OS, and carries out behavior auditing and analysis, and triggers predetermined response action.
When upper layer application or uncontrollable operating system need carry out start-up routine, loading dynamic base or load the behaviors such as kernel module, Audit Module (comprises executable program to object of action, dynamic base, kernel module) code segment, carry out Hash operation, and verify that whether its cryptographic hash is identical with desired value, judge whether to allow the behavior to proceed according to the result of checking.
For the application program run directly in trusted kernel, audit point is set directly in core, for uncontrollable operating system, can realize audit by intercepting and capturing the modes such as its system call (general by weaken rock mode), interruption.
● staticametric
Staticametric be by tolerance agency under predetermined Metric policy support by the characterization that suitable algorithm carries out based on integrality to measure object.As shown in Figure 3, the main task of staticametric is:
(1) determine that expection is asserted.Appropriate statement is carried out to the result desired by measure object, namely by the integrality of object of measuring.
(2) Metric policy is formulated.Formulate feasible measure and integrality judgement is carried out to measure object.
(3) carry out tolerance to pass judgment on.According to measurement results, credibility is carried out to measure object and judges, provide judged result.
The content of staticametric comprises executable program, dynamic base and kernel module in system.Staticametric carries out the Hash calculation of file content to above-mentioned three files, and result of calculation and expected results is compared, and ensures that it is credible.
Adopt code segment to measure object (comprising executable program, dynamic base, kernel module), carry out Hash operation, and verify identical whether with expection of its cryptographic hash, judge whether the integrality of measure object wrecks with this.
The measure of executable program: when the program is started, first intercepts and captures the information of this program, calls the cryptographic hash that algorithm calculates this program code segments, and the cryptographic hash after calculating and desired value is compared, and judges whether this executable program is tampered with this.
Dynamic base measure: (comprise program when loading dynamic base and start necessary dynamic base, and run time dynamic load dynamic base etc.), dynamic base can be mapped in internal memory by mapping function by system, if dynamic base is in internal memory, then do not need to reload, and then can not measure yet.When first loading dynamic base, first intercept and capture the information of this dynamic base, call the cryptographic hash that algorithm calculates this program code segments, and the cryptographic hash after calculating and desired value are compared, judge whether this executable program was tampered with this.When program exits, the dynamic base that some use self can be discharged, but still have some dynamic base resident system internal memories, for other program, can not be released, so when restart routine, these the dynamic base of terminate-and-stay-resident do not need again to measure.
Modularity metering method: module loading comprises two kinds of situations: the first, when linux system starts, need the necessary module of load operation system startup optimization.The second, after system starts, when system has demand (such as, when insertion USB flash disk), the module of operating system meeting needed for dynamic load.Both of these case is treated not distinguishing Linux system kernel, no matter i.e., which kind of mode load-on module, is all called by same system and processes (i.e. sys_init_module () system call).So module tolerance is namely in this system call place, when load-on module, the information such as code segment, length of this system call meeting interception module, again these information are passed to tolerance agency, tolerance agency is had to calculate the cryptographic hash of this module, and compare with desired value, judge whether this module was tampered with this.
● dynamic measurement
Ensure on the believable basis of system cloud gray model object initial state in staticametric function, dynamic measurement mechanism completes the collection to measure object desired value before measure object starts, and according to the desired value of collecting, verifies in system cloud gray model to its state.As shown in Figure 4, dynamic measurement mechanism can to the kernel critical data in running status and process status process tolerance.Wherein, measure object comprises the process code section of the code segment of operating system nucleus, read-only data section, crucial jump list and application layer.Except providing support for credible proof mechanism, kernel metric function serves primarily in the autoprotection mechanism of trusted software system, and application metric function serves primarily in access control mechanisms.
(1) kernel critical data tolerance
Kernel critical data tolerance as shown in Figure 5.
Measure object: static constant data in the operating system normal course of operation such as code segment, read-only data section, crucial jump list of default metric kernel.The caller of tolerance mechanism can specify own measure object by registration interface.
Tolerance opportunity: acquiescence adopts the method for timing metric, at interval of certain time slot tolerance once; Also tolerance is triggered by query interface.
Measure: start kernel thread by TSB, the integrity check value of the Hash function interface computation measure object provided by using TCM, and compare with reference value.
(2) process tolerance flow process
Process context tolerance as shown in Figure 6.
Measure object: the code segment of application process and relevant shared library.
Tolerance opportunity: timing metric; Also can be measured by user's manual triggers.
Measure: record is specified the system call stream of application and association process thereof by dynamic measurement module, and carry out analyzing and learning, generate describe legal calling rule, the execution figure (ExecutionGraph) of system call level, thus by execution figure, tolerance report is carried out to the abnormal behaviour of process.
(3) process behavior tolerance
Process behavior tolerance as shown in Figure 7.
Measure object: the system call that process sends.
Tolerance opportunity: the real-time metrics when system call occurs.
Measure: call behavior by tolerance engine real-time monitoring system, system call behavior is each time judged, if meet executing rule, then allows this to call; If run counter to executing rule, then this is stoped to call.
● white list
Creditable calculation password platform provides software mounting interface (being directed to the mode of software installation kit), by this interface set up applications.Generate white list storehouse by scan interface scanning in software installation process, allow the executive routine installing release to run, software is installed white list and is generated as shown in Figure 8.
Client software is provided with two kinds of modes, is respectively the software gathering authority and installs and install without the software gathering authority.Varigrained control can be carried out to installation authority by these two kinds of modes.
The software gathering authority is had to install: when client is as acquisition terminal, client " software collection " authority can be authorized by administrative center, then the program mounting interface of client is used to carry out installation operation, the executive routine installed by interface will be automatically added to local white list storehouse, and can perform immediately.The software white list (except system white list) simultaneously installed can export as strategy file by interface, then reports administrative center's issued for approval to other clients.
Install without the software gathering authority: under default situations, client is without collection authority.At this moment only allow the masterplate software issued by software mounting interface installation administrative center, network white list storehouse will be automatically added to by the executive routine of model sheetinstallat, and can perform immediately.
● based on the forced symmetric centralization of safety label
As shown in Figure 9, the green part indicated controls to increase flow process for enforcing the compulsory execution controlling functions that creditable calculation password platform function basis increases.
In conjunction with the business characteristic of power scheduling control system safety label and the functional characteristics of trusted software system pressure access schemes, safety label in power scheduling control system is judged that system combines with the forced symmetric centralization system of trusted software system, to the dual judgement of system access request through two kinds of access control, form a kind of forced symmetric centralization system of double copies.Wherein trusted software system provides the access control of kernel level high strength, and safety label system provides the access control of the second gradient of application layer.The potential safety hazard that thorough solution safety label system faces at present.
Add the forced symmetric centralization system operation flow of trusted software system as shown in Figure 10.
(1) man-machine initiation service access request
(2) the trusted software system be deployed on SCADA server intercepts and captures this request
(3) from first packet of request, main body safety label is extracted
(4) in port and service corresponding lists, corresponding service name is found according to the port numbers of service
(5) corresponding object label is found according to service name in object list of labels
(6) authority credentials in main body safety label and object label is carried out XOR
(7) if authority judges to pass through, clearance packet
(8) follow-up data of this request will directly be let pass, and not carry out authority judgement.
Finally should be noted that: above embodiment is only for illustration of the technical scheme of the application but not the restriction to its protection domain; although with reference to above-described embodiment to present application has been detailed description; those of ordinary skill in the field are to be understood that: those skilled in the art still can carry out all changes, amendment or equivalent replacement to the embodiment of application after reading the application; but these change, revise or be equal to replacement, all applying within the claims awaited the reply.
Claims (5)
1. be applicable to a creditable calculation password platform for electric system universal computing platform, it is characterized in that, described password platform comprises: creditable calculation password module and trusted software system;
Described creditable calculation password module comprises credible tolerance root, trusted storage root, credible report root, is the starting point of platform transitive trust;
Described trusted software system comprises: creditable calculation password driver module, metric module and Audit Module, for operating system and application software provide the interface using creditable calculation password platform.
2. creditable calculation password platform as claimed in claim 1, it is characterized in that, described creditable calculation password module comprises hardware board form and software forms;
Described hardware board form comprises: enforcement engine, non-volatile memory cells, volatile memory cell, randomizer, cryptographic algorithm engine, key generator and timer, for trusted software system provides cryptographic algorithm and policy store, the Conservation and regeneration mechanism of hardware;
Described software forms provides the cryptographic algorithm of software forms and policy store, Conservation and regeneration mechanism for trusted software system.
3. creditable calculation password platform as claimed in claim 1, is characterized in that, described creditable calculation password driver module provides driving for described creditable calculation password module;
Described metric module is used for the integrity measurement to described creditable calculation password platform subsequent software;
Described subsequent software comprises: core dlm (dynamic loading module), dynamic base, uncontrollable operating system kernel, and the application program in uncontrollable operating system;
Described Audit Module, for intercepting and capturing the specific behavior of upper layer application or uncontrollable operating system, carries out behavior auditing and analysis, and triggers predetermined response action.
4. creditable calculation password platform as claimed in claim 3, it is characterized in that, described integrity measurement comprises staticametric and dynamic measurement;
The content of described staticametric comprises executable program, dynamic base and kernel module in system, staticametric carries out the Hash calculation of file content to this three class file, and result of calculation is compared with expected results, to judge whether the integrality of measure object wrecks;
Described dynamic measurement is the collection completed before measure object starts measure object desired value, and according to the desired value of collecting, in system cloud gray model, verifies measure object.
5. creditable calculation password platform as claimed in claim 1, it is characterized in that, described creditable calculation password platform provides white list mechanism and the forced symmetric centralization based on safety label;
Described white list mechanism is generate white list storehouse by scan interface scanning in software installation process, judges whether that permission program is run when program is run according to described white list storehouse;
The described forced symmetric centralization based on safety label comprises:
(1) man-machine initiation service access request;
(2) the trusted software system be deployed on SCADA server intercepts and captures this request;
(3) from first packet of request, main body safety label is extracted;
(4) in port and service corresponding lists, corresponding service name is found according to the port numbers of service;
(5) corresponding object label is found according to service name in object list of labels;
(6) authority credentials in main body safety label and object label is carried out XOR;
(7) if authority judges to pass through, clearance packet;
(8) follow-up data of this request will directly be let pass, and not carry out authority judgement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510782795.0A CN105468978B (en) | 2015-11-16 | 2015-11-16 | A kind of creditable calculation password platform suitable for electric system universal computing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510782795.0A CN105468978B (en) | 2015-11-16 | 2015-11-16 | A kind of creditable calculation password platform suitable for electric system universal computing platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105468978A true CN105468978A (en) | 2016-04-06 |
| CN105468978B CN105468978B (en) | 2019-11-01 |
Family
ID=55606664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510782795.0A Active CN105468978B (en) | 2015-11-16 | 2015-11-16 | A kind of creditable calculation password platform suitable for electric system universal computing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105468978B (en) |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909835A (en) * | 2016-12-28 | 2017-06-30 | 中软信息系统工程有限公司 | A kind of method that kernel integrity measurement is realized based on CPU space-time isolation mech isolation tests |
| CN107403097A (en) * | 2017-08-10 | 2017-11-28 | 清远博云软件有限公司 | A kind of core system software running guard method |
| CN108632243A (en) * | 2018-03-13 | 2018-10-09 | 全球能源互联网研究院有限公司 | Trustable network communication means based on safety chip hardware algorithm module and device |
| CN110414244A (en) * | 2018-04-28 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Encrypted card, electronic equipment and cryptographic services method |
| CN110674494A (en) * | 2018-07-02 | 2020-01-10 | 阿里巴巴集团控股有限公司 | Process protection method, system and data processing method |
| CN110851837A (en) * | 2019-11-04 | 2020-02-28 | 中电长城(长沙)信息技术有限公司 | Self-service equipment based on trusted computing, and security management system and method thereof |
| CN111126804A (en) * | 2019-12-11 | 2020-05-08 | 广东电科院能源技术有限责任公司 | Safety management and control system with kernel-level dynamic measurement function |
| CN111339533A (en) * | 2020-02-14 | 2020-06-26 | 北京工业大学 | Application layer-oriented trusted cryptographic module interface design method |
| CN111639307A (en) * | 2020-05-28 | 2020-09-08 | 全球能源互联网研究院有限公司 | Trusted resource authorization system, software trusted authentication system and method thereof |
| CN111709036A (en) * | 2020-06-16 | 2020-09-25 | 全球能源互联网研究院有限公司 | Cross-platform application compatibility guarantee system of trusted operating system |
| CN111723379A (en) * | 2020-06-18 | 2020-09-29 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal |
| CN111737701A (en) * | 2020-06-19 | 2020-10-02 | 全球能源互联网研究院有限公司 | Server trusted root system and trusted starting method thereof |
| WO2020231418A1 (en) * | 2019-05-15 | 2020-11-19 | Hewlett-Packard Development Company, L.P. | Update signals |
| CN112181756A (en) * | 2019-07-04 | 2021-01-05 | 上海泰宇信息技术股份有限公司 | Data monitoring and security method |
| CN112184439A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Decentralized transaction method and device based on node sequencing and related products |
| CN112187475A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Method and device for performing multi-center accounting based on trusted computing and related products |
| CN112187476A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Method and device for synchronizing block chain state based on trusted computing and related product |
| CN112199682A (en) * | 2020-11-03 | 2021-01-08 | 上海思赞博微信息科技有限公司 | Trusted computing based white list library file protection method |
| CN112214759A (en) * | 2020-10-21 | 2021-01-12 | 北京八分量信息科技有限公司 | Behavior authority distribution method and device for application program based on credible root measurement and related products |
| CN112214769A (en) * | 2020-10-30 | 2021-01-12 | 国家电网有限公司信息通信分公司 | Active measurement system of Windows system based on SGX architecture |
| CN112214760A (en) * | 2020-10-21 | 2021-01-12 | 北京八分量信息科技有限公司 | Application program management method and device based on credible root measurement and related products |
| CN112269995A (en) * | 2020-08-07 | 2021-01-26 | 国网河北省电力有限公司信息通信分公司 | Trusted computing platform for parallel computing and protection of smart power grid environment |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112446029A (en) * | 2019-08-29 | 2021-03-05 | 杭州中软安人网络通信股份有限公司 | Trusted computing platform |
| CN112511306A (en) * | 2020-11-03 | 2021-03-16 | 中国航空工业集团公司西安航空计算技术研究所 | Safe operation environment construction method based on mixed trust model |
| CN112615845A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Edge credible device of energy Internet and big data processing method |
| CN112668026A (en) * | 2020-12-31 | 2021-04-16 | 兴唐通信科技有限公司 | Anti-irradiation satellite-borne TCM device |
| CN112685779A (en) * | 2020-12-31 | 2021-04-20 | 天津南大通用数据技术股份有限公司 | Static credibility judgment method for executing main keywords of select statement based on database |
| CN112887674A (en) * | 2021-01-22 | 2021-06-01 | 深圳可信计算技术有限公司 | Video monitoring system |
| CN112910861A (en) * | 2021-01-19 | 2021-06-04 | 浙江大学 | Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things |
| CN113037779A (en) * | 2021-04-19 | 2021-06-25 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113127873A (en) * | 2021-04-26 | 2021-07-16 | 中国邮政储蓄银行股份有限公司 | Credible measurement system of fortress machine and electronic equipment |
| CN113329008A (en) * | 2021-05-26 | 2021-08-31 | 深圳聚创致远科技有限公司 | Intelligent power grid environment computing and protection parallel trusted computing platform |
| CN113536317A (en) * | 2021-06-17 | 2021-10-22 | 杭州加速科技有限公司 | Method and system for enhancing safety of ATE (automatic test equipment) testing machine |
| US11163865B2 (en) | 2019-03-22 | 2021-11-02 | Advanced New Technologies Co., Ltd. | Trusted computing method, and server |
| CN114710319A (en) * | 2022-03-04 | 2022-07-05 | 可信计算科技(无锡)有限公司 | Arbitration judgment method and system based on trusted computing |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
| CN103093150A (en) * | 2013-02-18 | 2013-05-08 | 中国科学院软件研究所 | Dynamic integrity protection method based on credible chip |
| CN104504340A (en) * | 2014-12-25 | 2015-04-08 | 国家电网公司 | Power system security tag based mandatory access control method |
| CN104933354A (en) * | 2014-12-30 | 2015-09-23 | 国家电网公司 | Trusted computing based white list static measurement method |
-
2015
- 2015-11-16 CN CN201510782795.0A patent/CN105468978B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
| CN103093150A (en) * | 2013-02-18 | 2013-05-08 | 中国科学院软件研究所 | Dynamic integrity protection method based on credible chip |
| CN104504340A (en) * | 2014-12-25 | 2015-04-08 | 国家电网公司 | Power system security tag based mandatory access control method |
| CN104933354A (en) * | 2014-12-30 | 2015-09-23 | 国家电网公司 | Trusted computing based white list static measurement method |
Non-Patent Citations (1)
| Title |
|---|
| 辛思远: "操作系统可信证明体系结构与模型研究", 《中国博士学位全文数据库 信息科技辑》 * |
Cited By (53)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909835A (en) * | 2016-12-28 | 2017-06-30 | 中软信息系统工程有限公司 | A kind of method that kernel integrity measurement is realized based on CPU space-time isolation mech isolation tests |
| CN106909835B (en) * | 2016-12-28 | 2020-02-07 | 中软信息系统工程有限公司 | Method for realizing kernel integrity measurement based on CPU (Central processing Unit) space-time isolation mechanism |
| CN107403097A (en) * | 2017-08-10 | 2017-11-28 | 清远博云软件有限公司 | A kind of core system software running guard method |
| CN108632243A (en) * | 2018-03-13 | 2018-10-09 | 全球能源互联网研究院有限公司 | Trustable network communication means based on safety chip hardware algorithm module and device |
| CN110414244A (en) * | 2018-04-28 | 2019-11-05 | 阿里巴巴集团控股有限公司 | Encrypted card, electronic equipment and cryptographic services method |
| CN110674494A (en) * | 2018-07-02 | 2020-01-10 | 阿里巴巴集团控股有限公司 | Process protection method, system and data processing method |
| CN110674494B (en) * | 2018-07-02 | 2023-04-11 | 阿里巴巴集团控股有限公司 | Process protection method, system and data processing method |
| US11163865B2 (en) | 2019-03-22 | 2021-11-02 | Advanced New Technologies Co., Ltd. | Trusted computing method, and server |
| TWI754219B (en) * | 2019-05-15 | 2022-02-01 | 美商惠普發展公司有限責任合夥企業 | Update signals |
| WO2020231418A1 (en) * | 2019-05-15 | 2020-11-19 | Hewlett-Packard Development Company, L.P. | Update signals |
| US11755739B2 (en) | 2019-05-15 | 2023-09-12 | Hewlett-Packard Development Company, L.P. | Update signals |
| CN112181756A (en) * | 2019-07-04 | 2021-01-05 | 上海泰宇信息技术股份有限公司 | Data monitoring and security method |
| CN112446029A (en) * | 2019-08-29 | 2021-03-05 | 杭州中软安人网络通信股份有限公司 | Trusted computing platform |
| CN110851837B (en) * | 2019-11-04 | 2023-04-11 | 中电长城(长沙)信息技术有限公司 | Self-service equipment based on trusted computing, and security management system and method thereof |
| CN110851837A (en) * | 2019-11-04 | 2020-02-28 | 中电长城(长沙)信息技术有限公司 | Self-service equipment based on trusted computing, and security management system and method thereof |
| CN111126804B (en) * | 2019-12-11 | 2022-07-19 | 南方电网电力科技股份有限公司 | Safety management and control system with kernel-level dynamic measurement function |
| CN111126804A (en) * | 2019-12-11 | 2020-05-08 | 广东电科院能源技术有限责任公司 | Safety management and control system with kernel-level dynamic measurement function |
| CN111339533A (en) * | 2020-02-14 | 2020-06-26 | 北京工业大学 | Application layer-oriented trusted cryptographic module interface design method |
| CN111339533B (en) * | 2020-02-14 | 2023-04-28 | 北京工业大学 | Application layer-oriented trusted cryptographic module interface design method |
| CN111639307A (en) * | 2020-05-28 | 2020-09-08 | 全球能源互联网研究院有限公司 | Trusted resource authorization system, software trusted authentication system and method thereof |
| CN111639307B (en) * | 2020-05-28 | 2023-09-19 | 全球能源互联网研究院有限公司 | Trusted resource authorization system, software trusted authentication system and method thereof |
| CN111709036B (en) * | 2020-06-16 | 2023-05-30 | 全球能源互联网研究院有限公司 | Cross-platform application compatibility guarantee system of trusted operating system |
| CN111709036A (en) * | 2020-06-16 | 2020-09-25 | 全球能源互联网研究院有限公司 | Cross-platform application compatibility guarantee system of trusted operating system |
| CN111723379A (en) * | 2020-06-18 | 2020-09-29 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal |
| CN111723379B (en) * | 2020-06-18 | 2024-03-19 | 中国电力科学研究院有限公司 | Trusted protection method, system, equipment and storage medium for trusted platform area intelligent terminal |
| CN111737701A (en) * | 2020-06-19 | 2020-10-02 | 全球能源互联网研究院有限公司 | Server trusted root system and trusted starting method thereof |
| CN112269995A (en) * | 2020-08-07 | 2021-01-26 | 国网河北省电力有限公司信息通信分公司 | Trusted computing platform for parallel computing and protection of smart power grid environment |
| CN112187475A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Method and device for performing multi-center accounting based on trusted computing and related products |
| CN112187476A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Method and device for synchronizing block chain state based on trusted computing and related product |
| CN112184439A (en) * | 2020-09-28 | 2021-01-05 | 北京八分量信息科技有限公司 | Decentralized transaction method and device based on node sequencing and related products |
| CN112214760A (en) * | 2020-10-21 | 2021-01-12 | 北京八分量信息科技有限公司 | Application program management method and device based on credible root measurement and related products |
| CN112214759A (en) * | 2020-10-21 | 2021-01-12 | 北京八分量信息科技有限公司 | Behavior authority distribution method and device for application program based on credible root measurement and related products |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112214769B (en) * | 2020-10-30 | 2023-05-26 | 国家电网有限公司信息通信分公司 | Active measurement system of Windows system based on SGX architecture |
| CN112214769A (en) * | 2020-10-30 | 2021-01-12 | 国家电网有限公司信息通信分公司 | Active measurement system of Windows system based on SGX architecture |
| CN112199682B (en) * | 2020-11-03 | 2022-08-02 | 上海思赞博微信息科技有限公司 | Trusted computing based white list library file protection method |
| CN112199682A (en) * | 2020-11-03 | 2021-01-08 | 上海思赞博微信息科技有限公司 | Trusted computing based white list library file protection method |
| CN112511306A (en) * | 2020-11-03 | 2021-03-16 | 中国航空工业集团公司西安航空计算技术研究所 | Safe operation environment construction method based on mixed trust model |
| CN112615845A (en) * | 2020-12-11 | 2021-04-06 | 辽宁电力能源发展集团有限公司 | Edge credible device of energy Internet and big data processing method |
| CN112615845B (en) * | 2020-12-11 | 2022-11-18 | 辽宁电力能源发展集团有限公司 | Edge credible device of energy Internet and big data processing method |
| CN112685779A (en) * | 2020-12-31 | 2021-04-20 | 天津南大通用数据技术股份有限公司 | Static credibility judgment method for executing main keywords of select statement based on database |
| CN112668026B (en) * | 2020-12-31 | 2023-12-22 | 兴唐通信科技有限公司 | Anti-irradiation satellite-borne TCM (TCM) device |
| CN112668026A (en) * | 2020-12-31 | 2021-04-16 | 兴唐通信科技有限公司 | Anti-irradiation satellite-borne TCM device |
| CN112910861A (en) * | 2021-01-19 | 2021-06-04 | 浙江大学 | Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things |
| CN112887674A (en) * | 2021-01-22 | 2021-06-01 | 深圳可信计算技术有限公司 | Video monitoring system |
| CN112887674B (en) * | 2021-01-22 | 2023-09-22 | 深圳可信计算技术有限公司 | Video monitoring system |
| CN113037779A (en) * | 2021-04-19 | 2021-06-25 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113127873A (en) * | 2021-04-26 | 2021-07-16 | 中国邮政储蓄银行股份有限公司 | Credible measurement system of fortress machine and electronic equipment |
| CN113329008A (en) * | 2021-05-26 | 2021-08-31 | 深圳聚创致远科技有限公司 | Intelligent power grid environment computing and protection parallel trusted computing platform |
| CN113329008B (en) * | 2021-05-26 | 2022-04-08 | 深圳聚创致远科技有限公司 | Intelligent power grid environment computing and protection parallel trusted computing platform |
| CN113536317A (en) * | 2021-06-17 | 2021-10-22 | 杭州加速科技有限公司 | Method and system for enhancing safety of ATE (automatic test equipment) testing machine |
| CN114710319A (en) * | 2022-03-04 | 2022-07-05 | 可信计算科技(无锡)有限公司 | Arbitration judgment method and system based on trusted computing |
| CN114710319B (en) * | 2022-03-04 | 2024-04-12 | 可信计算科技(无锡)有限公司 | Decision judging method and system based on trusted computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105468978B (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105468978A (en) | Trusted computing cryptogram platform suitable for general computation platform of electric system | |
| US11176255B2 (en) | Securely booting a service processor and monitoring service processor integrity | |
| US11503030B2 (en) | Service processor and system with secure booting and monitoring of service processor integrity | |
| De Benedictis et al. | Integrity verification of Docker containers for a lightweight cloud environment | |
| US9436827B2 (en) | Attesting a component of a system during a boot process | |
| Hendricks et al. | Secure bootstrap is not enough: Shoring up the trusted computing base | |
| US20110246778A1 (en) | Providing security mechanisms for virtual machine images | |
| US20140325644A1 (en) | Operating system-independent integrity verification | |
| CN105095768A (en) | Virtualization-based credible server trust chain construction method | |
| WO2012084837A1 (en) | Virtual machine validation | |
| WO2012038211A1 (en) | Attesting use of an interactive component during a boot process | |
| CN105069352A (en) | Method for constructing operating environment of trusted application program on server | |
| CN110109710B (en) | Method and system for establishing OS (operating system) trust chain without physical root of trust | |
| TW202044022A (en) | Update signals | |
| Zhan et al. | TPTVer: A trusted third party based trusted verifier for multi-layered outsourced big data system in cloud environment | |
| Bohling et al. | Subverting Linux'integrity measurement architecture | |
| England | Practical techniques for operating system attestation | |
| Kai et al. | The secure boot of embedded system based on mobile trusted module | |
| Clair et al. | Establishing and sustaining system integrity via root of trust installation | |
| CN103795905A (en) | Trusted starting method of web camera | |
| US20190163458A1 (en) | Managing Removal and Modification of Installed Programs on a Computer Device | |
| US20190311117A1 (en) | Employing code signing as a tool in cyber-security deception | |
| Zhao et al. | White list security management mechanism based on trusted computing technology | |
| WO2021169106A1 (en) | Trusted startup method and apparatus, electronic device and readable storage medium | |
| Pirker et al. | Dynamic enforcement of platform integrity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 102209 Beijing City, Changping District science and Technology Park in the future smart grid research institute hospital Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Applicant after: Jiangsu Electric Power Company Applicant after: State Grid Corporation of China Applicant after: State Grid Jibei Electric Power Company Limited Applicant after: State Grid Tianjin Electric Power Company Applicant after: Nantong Power Supply Company, Jiangsu Electric Power Co., Ltd. Address before: 102211 Beijing city Changping District Xiaotangshan town big East Village Road No. 270 (future technology city) Applicant before: State Grid Smart Grid Institute Applicant before: Jiangsu Electric Power Company Applicant before: State Grid Corporation of China Applicant before: State Grid Jibei Electric Power Company Limited Applicant before: State Grid Tianjin Electric Power Company Applicant before: Nantong Power Supply Company, Jiangsu Electric Power Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |