CN106485150A - A kind of foundation for security system of credible and secure simulation computer - Google Patents
A kind of foundation for security system of credible and secure simulation computer Download PDFInfo
- Publication number
- CN106485150A CN106485150A CN201510547640.9A CN201510547640A CN106485150A CN 106485150 A CN106485150 A CN 106485150A CN 201510547640 A CN201510547640 A CN 201510547640A CN 106485150 A CN106485150 A CN 106485150A
- Authority
- CN
- China
- Prior art keywords
- module
- secure
- bios
- credible
- foundation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of foundation for security system of credible and secure simulation computer, including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.The foundation for security system of the credible and secure simulation computer of the present invention, is the source of the foundation of system trust chain and transmission, is the basis that computer has credible and secure function.
Description
Technical field
The present invention relates to a kind of simulation computer, and in particular to a kind of foundation for security system of credible and secure simulation computer, belong to computer equipment technical field.
Background technology
Digital simulating computer is the basis of modern analogue system and core, plays huge effect in the real-time semi-physical emulation of the great model task such as guided missile, rocket;At present, digital simulating computer mainly includes two classes, i.e., based on polyprocessor dedicated emulated computer system and the common simulation computer system based on top-grade computer and work station;Compared with dedicated emulated computer system, software and hardware resources that common simulation computer system is supported are abundant, low price, friendly interface, be easy to extend and use.With computer technology, the developing rapidly of microelectric technique, the extensive concern of people is received based on the research of the simulation computer of universal computer platform, development and application.
The most prominent feature of digital simulating computer is real-time, and this is the problem that must be focused first in common simulation Computer System Study and solve.At present, the Study on real-time performance of common simulation computer mainly includes frame time stability control, frame circulation Real-Time Scheduling, Memory control, four aspects of I/O driver real-time control.The research of real-time has promoted common simulation computer application, is that realization of the dedicated emulated computer repertoire on common simulation computer platform provides preferable technical foundation, is the research emphasis that simulation computer researcher pays close attention to always.However, used as the nucleus equipment in analogue system, the safety research of common simulation computer is but not affected by the attention of respective degrees, which is caused to be faced with many potential safety hazards:User identity lacks effectively reliable authentication mechanism, and user can enter simulation computer easily;The access of critical data file and program lacks effectively mandate, can arbitrarily be accessed modification by user;Confidential information does not implement protection, is easily stolen and distorts;Data storage device is lost and can be illegally used after stolen.For solving above-mentioned safety problem, this paper presents a kind of collection terminal security protection, data safety are stored in the foundation for security system of the credible and secure simulation computer of one.
Content of the invention
(One)Technical problem to be solved
For solving the above problems, the present invention proposes a kind of foundation for security system of credible and secure simulation computer, is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
(Two)Technical scheme
The foundation for security system of the credible and secure simulation computer of the present invention, including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.
Further, the trust computing service module includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
Further, the terminal security protection module includes authentication module and One-key recovery module.
(Three)Beneficial effect
Compared with prior art, the foundation for security system of the credible and secure simulation computer of the present invention, TPM safety chip drive module are used for carrying out the funcalls such as test initialization, read and write access and encryption and deciphering to TPM safety chip;Hardware integrity metric module is that system will be unable to start for being measured to the integrality of the key hardware such as safe hard disk, network interface card, device PCI, PCI-E device and being verified, after key hardware is illegally replaced;Software integrity metric module be for carrying out integrity measurement and verification to expansion ROM program, operating system nucleus etc. based on transitive trust mechanism, ensureing the secure and trusted of subsequent load software;Authentication module makes to verify circumscribed USB Key and user PIN, only works as USB
In the case of Key legal and user PIN input is correct, just allow to execute follow-up start-up operation, it is ensured that the legitimacy of terminal user;System One-key recovery module be in secure BIOS start-up course, by specific keys (as F2 key) by operating system recovery to default conditions, it is ensured that operating system attack destroy after fast quick-recovery;In credible and secure simulation computer, secure BIOS is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
Description of the drawings
Fig. 1 is the overall structure diagram of the present invention.
Specific embodiment
The foundation for security system of a kind of credible and secure simulation computer as shown in Figure 1, including secure BIOS 1, and the safe motherboard platform 2 that electrically connect with secure BIOS 1 and the operating system with the communication of secure BIOS 1 and upper level applications 3;The secure BIOS 1 is by BIOS infrastructure service module 11, and the trust computing service module 12 that is connected with BIOS infrastructure service module 11, terminal security protection module 13 are constituted;The trust computing service module 12 is electrically connected with terminal security protection module 13.
The trust computing service module 12 includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
The terminal security protection module 13 includes authentication module and One-key recovery module.
TPM safety chip drive module is used for carrying out the funcalls such as test initialization, read and write access and encryption and deciphering to TPM safety chip;Hardware integrity metric module is that system will be unable to start for being measured to the integrality of the key hardware such as safe hard disk, network interface card, device PCI, PCI-E device and being verified, after key hardware is illegally replaced;Software integrity metric module be for carrying out integrity measurement and verification to expansion ROM program, operating system nucleus etc. based on transitive trust mechanism, ensureing the secure and trusted of subsequent load software;Authentication module makes to verify circumscribed USB Key and user PIN, only works as USB
In the case of Key legal and user PIN input is correct, just allow to execute follow-up start-up operation, it is ensured that the legitimacy of terminal user;System One-key recovery module be in secure BIOS start-up course, by specific keys (as F2 key) by operating system recovery to default conditions, it is ensured that operating system attack destroy after fast quick-recovery;In credible and secure simulation computer, secure BIOS is the source that system trust chain is set up and transmitted, and is the basis that computer has credible and secure function.
Embodiment described above is only that the preferred embodiment of the present invention is described, and not the spirit and scope of the present invention is defined.On the premise of without departing from design concept of the present invention; various modifications and improvement that this area ordinary person is made to technical scheme; protection scope of the present invention all should be dropped into, the technology contents that the present invention is claimed, all record in detail in the claims.
Claims (3)
1. a kind of foundation for security system of credible and secure simulation computer, it is characterised in that:Including secure BIOS, and the safe motherboard platform that electrically connects with secure BIOS and the operating system with secure BIOS communication and upper level applications;The secure BIOS by BIOS infrastructure service module, and be connected with BIOS infrastructure service module trust computing service module, terminal security protection module composition;The trust computing service module is electrically connected with terminal security protection module.
2. the foundation for security system of credible and secure simulation computer according to claim 1, it is characterised in that:The trust computing service module includes hardware integrity metric module, software integrity metric module and TPM safety chip drive module;The TPM safety chip drive module is connected with hardware integrity metric module, software integrity metric module is included.
3. the foundation for security system of credible and secure simulation computer according to claim 1, it is characterised in that:The terminal security protection module includes authentication module and One-key recovery module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510547640.9A CN106485150A (en) | 2015-08-31 | 2015-08-31 | A kind of foundation for security system of credible and secure simulation computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510547640.9A CN106485150A (en) | 2015-08-31 | 2015-08-31 | A kind of foundation for security system of credible and secure simulation computer |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106485150A true CN106485150A (en) | 2017-03-08 |
Family
ID=58236117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510547640.9A Pending CN106485150A (en) | 2015-08-31 | 2015-08-31 | A kind of foundation for security system of credible and secure simulation computer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106485150A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106856481A (en) * | 2017-03-17 | 2017-06-16 | 湖南新云网科技有限公司 | A kind of Network Isolation method based on lucidification disposal, system, network interface card and application |
CN109214187A (en) * | 2017-06-29 | 2019-01-15 | 龙芯中科技术有限公司 | A kind of method, apparatus and electronic equipment controlling computer starting |
-
2015
- 2015-08-31 CN CN201510547640.9A patent/CN106485150A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106856481A (en) * | 2017-03-17 | 2017-06-16 | 湖南新云网科技有限公司 | A kind of Network Isolation method based on lucidification disposal, system, network interface card and application |
CN106856481B (en) * | 2017-03-17 | 2017-12-26 | 湖南新云网科技有限公司 | A kind of Network Isolation method, system, network interface card and application based on lucidification disposal |
CN109214187A (en) * | 2017-06-29 | 2019-01-15 | 龙芯中科技术有限公司 | A kind of method, apparatus and electronic equipment controlling computer starting |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101436247B (en) | Biological personal identification method and system based on UEFI | |
Cooijmans et al. | Analysis of secure key storage solutions on android | |
CN101523401B (en) | Secure use of user secrets on a computing platform | |
TWI498736B (en) | Data storage device, method for security management provisioning at a data storage device, and computer readable storage medium | |
US10536274B2 (en) | Cryptographic protection for trusted operating systems | |
CN101881997B (en) | Trusted safe mobile storage device | |
CN105453102A (en) | Systems and methods for identifying private keys that have been compromised | |
CN104102876A (en) | Device for safeguarding operational security of client side | |
CN105608385A (en) | Trusted starting method of embedded equipment based on embedded trusted computing module | |
US10691627B2 (en) | Avoiding redundant memory encryption in a cryptographic protection system | |
TWI735475B (en) | Method, apparatus and computer readable storage medium for detecting program evasion of virtual machines or emulators | |
CN201126581Y (en) | Biological personal identification apparatus based on UEFI | |
CN107704308B (en) | Virtual platform vTPM management system, trust chain construction method and device, and storage medium | |
WO2006033531A1 (en) | Random keycode security | |
CN107209840B (en) | Secure transactions with connected peripherals | |
CN110245495A (en) | BIOS method of calibration, configuration method, equipment and system | |
CN106375095A (en) | Method of protecting integrity of APK | |
CN105975872A (en) | Method for testing TPM (trusted platform Module) under Windows | |
CN106485150A (en) | A kind of foundation for security system of credible and secure simulation computer | |
CN202372990U (en) | USB (Universal Serial Bus) key with fingerprint identifying function | |
CN104361280A (en) | Method for carrying out credible certification on USB storage device through SMI interrupt | |
Efendy et al. | Exploring the possibility of usb based fork bomb attack on windows environment | |
CN106484493A (en) | A kind of credible and secure simulation computer | |
CN110543769B (en) | Trusted starting method based on encrypted TF card | |
CN106485149A (en) | A kind of security component of credible and secure simulation computer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170308 |
|
WD01 | Invention patent application deemed withdrawn after publication |