CN106485150A - A kind of foundation for security system of credible and secure simulation computer - Google Patents

A kind of foundation for security system of credible and secure simulation computer Download PDF

Info

Publication number
CN106485150A
CN106485150A CN201510547640.9A CN201510547640A CN106485150A CN 106485150 A CN106485150 A CN 106485150A CN 201510547640 A CN201510547640 A CN 201510547640A CN 106485150 A CN106485150 A CN 106485150A
Authority
CN
China
Prior art keywords
module
secure
bios
credible
foundation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510547640.9A
Other languages
Chinese (zh)
Inventor
李淑范
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Guangkai Technology Development Co Ltd
Original Assignee
Harbin Guangkai Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Guangkai Technology Development Co Ltd filed Critical Harbin Guangkai Technology Development Co Ltd
Priority to CN201510547640.9A priority Critical patent/CN106485150A/en
Publication of CN106485150A publication Critical patent/CN106485150A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of foundation for security system of credible and secure simulation computer, including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.The foundation for security system of the credible and secure simulation computer of the present invention, is the source of the foundation of system trust chain and transmission, is the basis that computer has credible and secure function.

Description

A kind of foundation for security system of credible and secure simulation computer
Technical field
The present invention relates to a kind of simulation computer, and in particular to a kind of foundation for security system of credible and secure simulation computer, belong to computer equipment technical field.
Background technology
Digital simulating computer is the basis of modern analogue system and core, plays huge effect in the real-time semi-physical emulation of the great model task such as guided missile, rocket;At present, digital simulating computer mainly includes two classes, i.e., based on polyprocessor dedicated emulated computer system and the common simulation computer system based on top-grade computer and work station;Compared with dedicated emulated computer system, software and hardware resources that common simulation computer system is supported are abundant, low price, friendly interface, be easy to extend and use.With computer technology, the developing rapidly of microelectric technique, the extensive concern of people is received based on the research of the simulation computer of universal computer platform, development and application.
The most prominent feature of digital simulating computer is real-time, and this is the problem that must be focused first in common simulation Computer System Study and solve.At present, the Study on real-time performance of common simulation computer mainly includes frame time stability control, frame circulation Real-Time Scheduling, Memory control, four aspects of I/O driver real-time control.The research of real-time has promoted common simulation computer application, is that realization of the dedicated emulated computer repertoire on common simulation computer platform provides preferable technical foundation, is the research emphasis that simulation computer researcher pays close attention to always.However, used as the nucleus equipment in analogue system, the safety research of common simulation computer is but not affected by the attention of respective degrees, which is caused to be faced with many potential safety hazards:User identity lacks effectively reliable authentication mechanism, and user can enter simulation computer easily;The access of critical data file and program lacks effectively mandate, can arbitrarily be accessed modification by user;Confidential information does not implement protection, is easily stolen and distorts;Data storage device is lost and can be illegally used after stolen.For solving above-mentioned safety problem, this paper presents a kind of collection terminal security protection, data safety are stored in the foundation for security system of the credible and secure simulation computer of one.
Content of the invention
(One)Technical problem to be solved
For solving the above problems, the present invention proposes a kind of foundation for security system of credible and secure simulation computer, is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
(Two)Technical scheme
The foundation for security system of the credible and secure simulation computer of the present invention, including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.
Further, the trust computing service module includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
Further, the terminal security protection module includes authentication module and One-key recovery module.
(Three)Beneficial effect
Compared with prior art, the foundation for security system of the credible and secure simulation computer of the present invention, TPM safety chip drive module are used for carrying out the funcalls such as test initialization, read and write access and encryption and deciphering to TPM safety chip;Hardware integrity metric module is that system will be unable to start for being measured to the integrality of the key hardware such as safe hard disk, network interface card, device PCI, PCI-E device and being verified, after key hardware is illegally replaced;Software integrity metric module be for carrying out integrity measurement and verification to expansion ROM program, operating system nucleus etc. based on transitive trust mechanism, ensureing the secure and trusted of subsequent load software;Authentication module makes to verify circumscribed USB Key and user PIN, only works as USB In the case of Key legal and user PIN input is correct, just allow to execute follow-up start-up operation, it is ensured that the legitimacy of terminal user;System One-key recovery module be in secure BIOS start-up course, by specific keys (as F2 key) by operating system recovery to default conditions, it is ensured that operating system attack destroy after fast quick-recovery;In credible and secure simulation computer, secure BIOS is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
Description of the drawings
Fig. 1 is the overall structure diagram of the present invention.
Specific embodiment
The foundation for security system of a kind of credible and secure simulation computer as shown in Figure 1, including secure BIOS 1, and the safe motherboard platform 2 that electrically connect with secure BIOS 1 and the operating system with the communication of secure BIOS 1 and upper level applications 3;The secure BIOS 1 is by BIOS infrastructure service module 11, and the trust computing service module 12 that is connected with BIOS infrastructure service module 11, terminal security protection module 13 are constituted;The trust computing service module 12 is electrically connected with terminal security protection module 13.
The trust computing service module 12 includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
The terminal security protection module 13 includes authentication module and One-key recovery module.
TPM safety chip drive module is used for carrying out the funcalls such as test initialization, read and write access and encryption and deciphering to TPM safety chip;Hardware integrity metric module is that system will be unable to start for being measured to the integrality of the key hardware such as safe hard disk, network interface card, device PCI, PCI-E device and being verified, after key hardware is illegally replaced;Software integrity metric module be for carrying out integrity measurement and verification to expansion ROM program, operating system nucleus etc. based on transitive trust mechanism, ensureing the secure and trusted of subsequent load software;Authentication module makes to verify circumscribed USB Key and user PIN, only works as USB In the case of Key legal and user PIN input is correct, just allow to execute follow-up start-up operation, it is ensured that the legitimacy of terminal user;System One-key recovery module be in secure BIOS start-up course, by specific keys (as F2 key) by operating system recovery to default conditions, it is ensured that operating system attack destroy after fast quick-recovery;In credible and secure simulation computer, secure BIOS is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
Embodiment described above is only that the preferred embodiment of the present invention is described, and not the spirit and scope of the present invention is defined.On the premise of without departing from design concept of the present invention; various modifications and improvement that this area ordinary person is made to technical scheme; protection scope of the present invention all should be dropped into, the technology contents that the present invention is claimed, all record in detail in the claims.

Claims (3)

1. a kind of foundation for security system of credible and secure simulation computer, it is characterised in that:Including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.
2. the foundation for security system of credible and secure simulation computer according to claim 1, it is characterised in that:The trust computing service module includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
3. the foundation for security system of credible and secure simulation computer according to claim 1, it is characterised in that:The terminal security protection module includes authentication module and One-key recovery module.
CN201510547640.9A 2015-08-31 2015-08-31 A kind of foundation for security system of credible and secure simulation computer Pending CN106485150A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510547640.9A CN106485150A (en) 2015-08-31 2015-08-31 A kind of foundation for security system of credible and secure simulation computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510547640.9A CN106485150A (en) 2015-08-31 2015-08-31 A kind of foundation for security system of credible and secure simulation computer

Publications (1)

Publication Number Publication Date
CN106485150A true CN106485150A (en) 2017-03-08

Family

ID=58236117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510547640.9A Pending CN106485150A (en) 2015-08-31 2015-08-31 A kind of foundation for security system of credible and secure simulation computer

Country Status (1)

Country Link
CN (1) CN106485150A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106856481A (en) * 2017-03-17 2017-06-16 湖南新云网科技有限公司 A kind of Network Isolation method based on lucidification disposal, system, network interface card and application
CN109214187A (en) * 2017-06-29 2019-01-15 龙芯中科技术有限公司 A kind of method, apparatus and electronic equipment controlling computer starting

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106856481A (en) * 2017-03-17 2017-06-16 湖南新云网科技有限公司 A kind of Network Isolation method based on lucidification disposal, system, network interface card and application
CN106856481B (en) * 2017-03-17 2017-12-26 湖南新云网科技有限公司 A kind of Network Isolation method, system, network interface card and application based on lucidification disposal
CN109214187A (en) * 2017-06-29 2019-01-15 龙芯中科技术有限公司 A kind of method, apparatus and electronic equipment controlling computer starting

Similar Documents

Publication Publication Date Title
CN101436247B (en) Biological personal identification method and system based on UEFI
Cooijmans et al. Analysis of secure key storage solutions on android
CN101523401B (en) Secure use of user secrets on a computing platform
TWI498736B (en) Data storage device, method for security management provisioning at a data storage device, and computer readable storage medium
US10536274B2 (en) Cryptographic protection for trusted operating systems
CN101881997B (en) Trusted safe mobile storage device
CN105453102A (en) Systems and methods for identifying private keys that have been compromised
CN104102876A (en) Device for safeguarding operational security of client side
CN105608385A (en) Trusted starting method of embedded equipment based on embedded trusted computing module
US10691627B2 (en) Avoiding redundant memory encryption in a cryptographic protection system
TWI735475B (en) Method, apparatus and computer readable storage medium for detecting program evasion of virtual machines or emulators
CN201126581Y (en) Biological personal identification apparatus based on UEFI
CN107704308B (en) Virtual platform vTPM management system, trust chain construction method and device, and storage medium
WO2006033531A1 (en) Random keycode security
CN107209840B (en) Secure transactions with connected peripherals
CN110245495A (en) BIOS method of calibration, configuration method, equipment and system
CN106375095A (en) Method of protecting integrity of APK
CN105975872A (en) Method for testing TPM (trusted platform Module) under Windows
CN106485150A (en) A kind of foundation for security system of credible and secure simulation computer
CN202372990U (en) USB (Universal Serial Bus) key with fingerprint identifying function
CN104361280A (en) Method for carrying out credible certification on USB storage device through SMI interrupt
Efendy et al. Exploring the possibility of usb based fork bomb attack on windows environment
CN106484493A (en) A kind of credible and secure simulation computer
CN110543769B (en) Trusted starting method based on encrypted TF card
CN106485149A (en) A kind of security component of credible and secure simulation computer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170308

WD01 Invention patent application deemed withdrawn after publication