CN106940769A - operating system security remote loading method - Google Patents
operating system security remote loading method Download PDFInfo
- Publication number
- CN106940769A CN106940769A CN201710116649.3A CN201710116649A CN106940769A CN 106940769 A CN106940769 A CN 106940769A CN 201710116649 A CN201710116649 A CN 201710116649A CN 106940769 A CN106940769 A CN 106940769A
- Authority
- CN
- China
- Prior art keywords
- operating system
- computer
- loaded
- server
- uefi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000005259 measurement Methods 0.000 claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 6
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 9
- 238000012546 transfer Methods 0.000 claims description 7
- 102100033668 Cartilage matrix protein Human genes 0.000 claims description 6
- 101001018382 Homo sapiens Cartilage matrix protein Proteins 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 2
- 230000007613 environmental effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 9
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 230000006399 behavior Effects 0.000 description 4
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of operating system security remote loading method, including:(1) the legitimate verification step of computer to be loaded;(2) the remote loading step of operating system;(3) in loading procedure, the integrity measurement step of operating system.The problem of present invention can not solve operating system grade rogue program for current fail-safe software, can carry out integrity measurement before os starting to operating system, so as to ensure the Environmental security before starting.
Description
Technical field
It is long-range more specifically to a kind of operating system security the present invention relates to the remote loading method of operating system
Loading method.
Background technology
The today developed rapidly in cloud computing, the safety problem of data is also increasingly severe, ensures using fail-safe software
It is also a critically important task for the security protection that operating system is loaded while computer security.Behaviour is realized at present
Make the technology of system safeguard protection to enrich very much, however for operating system loading environment and operating system loading procedure with
And the security safeguard measure of remote loading is still not perfect enough.During remote loading operating system, operating system
Security and integrality are all difficult to ensure that, simultaneously because network transmission is dangerous, may cause operating system in transmitting procedure
In be tampered, once operating system is tampered, it is possible to the problems such as cause client computer to be held as a hostage.
The method that current computer is taken Malware is to add malicious code resistance technology, this kind of skill in systems
Art is mainly is swept by signature scan, integrity checking, access control technology etc. to the program code run in system
Retouch and monitor, so as to prevent the destructive behavior of malicious code.Malicious code keeps in order to chronically stop in systems
To the control of system, the killing of safety precaution software can be escaped using various concealing technologies, or even some Malwares are used
System-level Rootkit technologies get the jump on startup before fail-safe software, so as to obtain operating system nucleus in bootstrap process
Control, destroy operating system nucleus, or even terminate fail-safe software execution so that operating system is unprotected
State.And these Malwares are difficult to be recognized by existing security precautions technology.
With the rapid development of Malware, Malware will start path and be used as preferred target of attack.It is such to attack
It is difficult to take precautions against to hit, because Malware can disable the product of anti-malware, thoroughly prevents loading anti-malware.It is existing
Remote loading pattern, the danger that there is rogue program attack, it is impossible to which the security to server verifies, so that in the presence of being disliked
The danger for server attack of anticipating.
And by clean boot architecture and its root of trust of foundation, by ensuring before loading operating system, only
Be able to carry out having signed and access authentication " known safe " code and boot loader, can prevent user in root path
Perform malicious code.In unified Extensible Firmware Interface (Unified Extensible Firmware Interface, UEFI)
In agreement, clean boot supports reliability demonstration of the firmware to component as a kind of its function, and original equipment manufacturer can
It is self-defined to be carried out by the self-defined certificate of its platform and supervisory level to firmware, so as to meet the demand of client.Exist simultaneously
In UEFI, firmware strategy with high safety is supported, UEFI clean boot agreement is to realize the basis of cross-platform and firmware safety, with
Architecture is unrelated, before firmware image is performed, and clean boot is based on public key infrastructure (Public Key
Infrastructure, PKI) flow verifies firmware image, helps to reduce the risk attacked by boot loader.But
It is, although during UEFI startup stages bring clean boot into os starting as optional function, not having
Come to carry out integrity measurement to operating system from the angle of server, therefore there are still the danger that operating system is tampered.
The content of the invention
In view of the shortcomings of the prior art, it is an object of the invention to provide a kind of operating system security remote loading method,
Ensure the security and integrality of operating system in loading procedure.
To achieve these goals, the technical scheme is that:A kind of operating system security remote loading method, bag
Include:(1) the legitimate verification step of computer to be loaded;(2) the remote loading step of operating system;(3) in loading procedure, behaviour
Make the integrity measurement step of system.
As a modification of the present invention, in step (1), including:(101) credible row are set up on the dhcp server
Table, the Trusted List is used to preserve system data trusty, host information trusty and user program trusty
Information;(102) computer starting trawl performance to be loaded, and send IP address request to Dynamic Host Configuration Protocol server;Dynamic Host Configuration Protocol server pair
Computer to be loaded carries out authentication, and the solicited message received is contrasted with the information in the Trusted List,
If the same represent that computer to be loaded is credible, continue step (2), it is otherwise insincere and terminate loading procedure.
As a modification of the present invention, the IP address request includes:In the non-disk startup Rom based on ICP/IP protocol
Interface carries out selftest before obtaining control, physical address of the information obtained by test including main frame, CPU, internal memory, network interface card
Information, described information is encapsulated as DHCP message, and the DHCP message is sent to Dynamic Host Configuration Protocol server.
As a modification of the present invention, in step (102), described contrast step includes:(102a) DHCP service
Device reads the Chaddr fields of DHCP message, and the hardware address of computer to be loaded is read out therefrom;(102b) reads DHCP
The Options fields of message, obtain the identifier of main frame;(102c) carries out the content got in (102a) and (102b)
Hash computings, and the value that the value after computing is preserved with Trusted List contrasted.
As a modification of the present invention, in step (2), including:(201) legitimate verification of computer to be loaded leads to
Later, Dynamic Host Configuration Protocol server is that computer to be loaded distributes dynamic IP addressing, and provides tftp server to computer to be loaded
Address;(202) computer to be loaded obtains os starting file and start-up loading process, the operation from tftp server
Configuration file BOOTX64.conf, UEFI of System startup files including GRUB startup image file BOOTX64.efi and
UEFI starts menu facility splash.xpm.gz;(203) computer loading UEFI to be loaded drives and set up with ftp server
Network connection, the SHA1 values of operating system and operating system are obtained from ftp server;(204) control of operating system is handed over
PEI kernels are given, computer is transformed into comprising pattern by the control right transfer from real pattern first, and is sought in UEFI firmwares
Look for BFV and SEC mirror images are found from BFV, then call SEC entrance functions, stack and IDT are initialized first in SEC function
And EFI_SEC_PEI_HAND_OFF, EFI_SEC_PEI_HAND_OFF is passed into PEI after the completion of initialization, now control
Transfer PEI to.
As a modification of the present invention, in step (3), integrity measurement is started by UEFI firmwares and acted on behalf of, it is described
The step of integrity measurement, specifically includes:(301) start TPM chips, the PCR in system is reset;(302) calculate CRTM's
SHA1 values, the value of obtained result and PCR is done or computing;(303) using the value obtained in step (302) successively with GRUB's
SHA1 values, the SHA1 values of operating system are carried out or computing, and the value is saved in security measure list;(304) will currently it obtain
The GRUB and operating system code taken and CRTM does SHA1 computings, and is compared with the value in security measure list, if phase
Together, then operating system enters startup stage, otherwise the loading of interrupt operation system.
Compared with prior art, the present invention can not solve asking for operating system grade rogue program for current fail-safe software
Topic, can carry out integrity measurement before os starting to operating system, so as to ensure the Environmental security before starting;Separately
Outside, for current remote loading can not authentication server the problem of, the present invention start with from UEFI firmwares, in UEFI firmwares write
Proving program, being set up in start-up course according to the trusted root of safety chip (Trusted Platform Module, TPM) can
Chain is believed, so as to solve to ensure the safety in bootstrap process.
Brief description of the drawings
With reference to the accompanying drawings and detailed description, the structure and its Advantageous Effects to the present invention are carried out specifically
It is bright.
Fig. 1 is operating system security remote loading method flow diagram of the present invention.
Fig. 2 is hardware connection diagram used in operating system security remote loading method of the present invention.
Fig. 3 is UEFI framework execution flow chart of the invention.
Embodiment
In order that goal of the invention, technical scheme and its Advantageous Effects of the present invention become apparent from, below in conjunction with accompanying drawing
And embodiment, the present invention will be described in further detail.It should be appreciated that the specific reality described in this specification
Apply mode to explain the present invention, be not intended to limit the present invention.
In the present embodiment, tftp server and ftp server use Ubuntu14.04 as operating system, and database is
MySQL;Client (computer to be loaded) is desktop computer, and operating system to be loaded is Windows7 operating systems.
Fig. 1, Fig. 2 and Fig. 3 are referred to, the present embodiment operating system security remote loading method comprises the following steps:
Step 1. be configured with DHCP (Dynamic Host Configuration Protocol,
DHCP Trusted List is set up on server), the Trusted List is used to preserve system data trusty, main frame trusty
Information and user program information trusty.
The Dynamic Host Configuration Protocol server refers to that being one in the server for being configured with DHCP, this example is mounted with
The computer of Windows 2000Server/Advanced Server systems, one section of IP scope of the server controls, client computer
IP address will be obtained automatically by logging in the server.
Step 2. computer starting trawl performance to be loaded, and Address requests request is sent to Dynamic Host Configuration Protocol server, it is described to ask
Seeking content includes the physical address (Medium Access Control, MAC) and hardware information of main frame to be loaded, hardware information
Mainly include the MAC information of network interface card.The method of IP address request:In the non-disk startup Rom interfaces based on ICP/IP protocol
(Bootrom) can carry out selftest before obtaining control, test gained information be include the physical address of main frame, it is CPU, interior
Deposit, the information such as network interface card, these information can be encapsulated as DHCP message.Then message is sent to Dynamic Host Configuration Protocol server by Bootprom,
If server receives the requirement and carries out authentication to client, BOOTP/DHCP responses, content can be sent back to by being proved to be successful
IP address including client, presets gateway, and start image file.Otherwise, server can ignore this requirement.
Step 3.DHCP servers verify that verification process is as follows to the information in step 2:
A1. the Chaddr fields of DHCP message are read, the hardware address of client is read out therefrom;
A2. Options fields are read, the identifier of main frame is obtained;
A3. the content got in A1 and A2 is subjected to Hash computings, and by Trusted List in the value after computing and step 1
The value of preservation is contrasted, and is if the same represented that client is credible, is gone to step 4, otherwise client is insincere, terminates loading
Process.
Step 4.DHCP servers are that computer to be loaded distributes dynamic IP addressing, and provide TFTP to computer to be loaded
The address of server;The tftp server refers to be configured with plain text host-host protocol (Trivial File Transfer
Protocol, TFTP) server, the loading being mainly used to as operating system provide guiding file.
Step 5. computer to be loaded obtains os starting file and start-up loading process from tftp server, described
Os starting file includes the configuration file of unified bootloader (GRand Unified Bootloader, GRUB)
BOOTX64.conf, UEFI startup image file BOOTX64.efi and UEFI start menu facility splash.xpm.gz.
Step 6. computer loading UEFI to be loaded drives and sets up network connection with ftp server, is obtained from ftp server
The SHA1 values of extract operation system and operating system;
Step 7:Preset Extensible Firmware Interface initialization (Pre-EFI is given by the control of operating system
Initialization, PEI) kernel, computer is transformed into comprising pattern by the control right transfer from real pattern first, and
Found in UEFI firmwares and start firmware volume (Boot Firmware Volume, BFV) and find SEC mirror images from BFV, then
Safety (Security, SEC) entrance function is called, stack and IDT and EFI_SEC_PEI_ is initialized first in SEC function
HAND_OFF, PEI is passed to after the completion of initialization by EFI_SEC_PEI_HAND_OFF, and now control transfers PEI to.
Step 8:Start integrity measurement by UEFI firmwares to act on behalf of, the operating system to step 4 carries out integrity measurement,
The integrity measurement is comprised the following steps that:
A1. start TPM chips, the PCR in system is reset.
A2. CRTM SHA1 values are calculated, the value of obtained result and platform status register (PCR) is done or computing;
A3. SHA1 values, the progress of the SHA1 values of operating system or the computing using the value obtained in A2 successively with GRUB, and will
The value is saved in security measure list.
A4. by the GRUB currently obtained and operating system code and credible measurement root (Core Root of Trust for
Measurement, CRTM) SHA1 computings are done, and be compared with the value in security measure list, if identical, go to step
Rapid 9, the otherwise loading of interrupt operation system.
Step 9:Into startup stage, identical with legacy operating system Starting mode after the stage, this specification is no longer
Repeat.
The present invention is a kind of operating system security remote loading method based on UEFI, by way of UEFI firmwares write
The integrality of remote operating system is verified, to ensure being safely loaded with for operating system.The present invention ensure that computer to be launched
Security, checking of the existing technology to computer to be launched be compared, therefore only by the MAC Address of its network interface card
The danger attacked by rogue program is there is, the present invention sets up Trusted List in Dynamic Host Configuration Protocol server, so that only in list
Computer provides IP services;The security in operating system loading procedure is ensure that, present invention employs TPM chain-of-trust skills
Art, during operating system is loaded, integrity measurement is carried out to operating system;Loading velocity can be improved, using UEFI
Firmware validation technology, solves the problem of loading velocity present in existing BIOS is slow.
From the point of view of the load mode of operating system:For remote loading mode realization mainly by way of PXE come
Realize, the loading to operating system by way of PXE is mainly by loading operating system mirror image, is installed by distance host
Method to client provide service support;Angle of the invention from UEFI, by loading UEFI firmwares so as to be loaded directly into behaviour
Make system, be loaded into operating system locally by streaming on UEFI firmware programs.For safety perspective:Grasp at present
The loading for making system completes the detection to operating system merely by the Malicious Code Detection instrument after start completion,
Although starting security in UEFI startup stages during bringing os starting into as optional function, still do not have
To have come from the angle of server and integrity measurement is carried out to operating system, therefore there are still the danger that operating system is tampered;;
It is of the invention main by remote server offer operating system summary, and integrality is carried out to operating system in loading procedure
Measurement, it is ensured that the integrality and security of operating system.
The announcement and teaching of book according to the above description, those skilled in the art in the invention can also be to above-mentioned embodiment party
Formula carries out appropriate change and modification.Therefore, the invention is not limited in embodiment disclosed and described above, to this
Some modifications and changes of invention should also be as falling into the scope of the claims of the present invention.Although in addition, this specification
In used some specific terms, but these terms are merely for convenience of description, do not constitute any limitation to the present invention.
Claims (6)
1. a kind of operating system security remote loading method, it is characterised in that including:
(1) the legitimate verification step of computer to be loaded;
(2) the remote loading step of operating system;
(3) in loading procedure, the integrity measurement step of operating system.
2. operating system security remote loading method according to claim 1, it is characterised in that in step (1), bag
Include:
(101) Trusted List is set up on the dhcp server, the Trusted List is used to preserving system data trusty, credible
The host information appointed and user program information trusty;
(102) computer starting trawl performance to be loaded, and send IP address request to Dynamic Host Configuration Protocol server;Dynamic Host Configuration Protocol server is treated
Load computer and carry out authentication, the solicited message received is contrasted with the information in the Trusted List, such as
It is really identical, represent that computer to be loaded is credible, continue step (2), it is otherwise insincere and terminate loading procedure.
3. operating system security remote loading method according to claim 2, it is characterised in that the IP address request bag
Include:Selftest, the information obtained by test are carried out before the non-disk startup Rom interfaces based on ICP/IP protocol obtain control
Physical address, CPU, internal memory including main frame, the information of network interface card, described information are encapsulated as DHCP message, the DHCP message
It is sent to Dynamic Host Configuration Protocol server.
4. operating system security remote loading method according to claim 3, it is characterised in that in step (102), institute
The contrast step stated includes:
(102a) Dynamic Host Configuration Protocol server reads the Chaddr fields of DHCP message, the hardware of computer to be loaded is read out therefrom
Location;
(102b) reads the Options fields of DHCP message, obtains the identifier of main frame;
The content got in (102a) and (102b) is carried out Hash computings by (102c), and by the value and Trusted List after computing
The value of preservation is contrasted.
5. operating system security remote loading method according to claim 1, it is characterised in that in step (2), bag
Include:
(201) legitimate verification of computer to be loaded is by rear, and Dynamic Host Configuration Protocol server is computer to be loaded distribution dynamic IP
Location, and to computer to be loaded provide tftp server address;
(202) computer to be loaded obtains os starting file and start-up loading process, the operation from tftp server
Configuration file BOOTX64.conf, UEFI of System startup files including GRUB startup image file BOOTX64.efi and
UEFI starts menu facility splash.xpm.gz;
(203) computer loading UEFI to be loaded drives and sets up network connection with ftp server, obtains and grasps from ftp server
Make the SHA1 values of system and operating system;
(204) PEI kernels are given by the control of operating system, the control right transfer first changes computer from real pattern
To comprising pattern, and find BFV in UEFI firmwares and SEC mirror images are found from BFV, then call SEC entrance functions,
Stack and IDT and EFI_SEC_PEI_HAND_OFF are initialized in SEC function first, by EFI_SEC_PEI_ after the completion of initialization
HAND_OFF passes to PEI, and now control transfers PEI to.
6. operating system security remote loading method according to claim 5, it is characterised in that in step (3), pass through
The step of UEFI firmwares start integrity measurement agency, the integrity measurement specifically includes:
(301) start TPM chips, the PCR in system is reset;
(302) CRTM SHA1 values are calculated, the value of obtained result and PCR is done or computing;
(303) SHA1 values, the progress of the SHA1 values of operating system or the fortune using the value obtained in step (302) successively with GRUB
Calculate, and the value is saved in security measure list;
(304) GRUB currently obtained and operating system code and CRTM are done into SHA1 computings, and with security measure list
Value is compared, if identical, and operating system enters startup stage, otherwise the loading of interrupt operation system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116649.3A CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116649.3A CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106940769A true CN106940769A (en) | 2017-07-11 |
| CN106940769B CN106940769B (en) | 2020-04-28 |
Family
ID=59469445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710116649.3A Active CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106940769B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566174A (en) * | 2017-09-05 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of network interface card identification and the realization method and system of bulk filling system |
| CN109992966A (en) * | 2018-01-02 | 2019-07-09 | 华邦电子股份有限公司 | Memory sub-system, security client end device and its authentication method |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
| CN112087294A (en) * | 2020-08-13 | 2020-12-15 | 中国电子科技集团公司第三十研究所 | Portable security computer architecture based on secret hash label protection |
| CN112487435A (en) * | 2020-11-06 | 2021-03-12 | 麒麟软件有限公司 | Secure starting method based on X86 architecture |
| CN113051584A (en) * | 2021-05-31 | 2021-06-29 | 武汉深之度科技有限公司 | System secure starting method and device, computing equipment and readable storage medium |
| CN116405316A (en) * | 2023-05-26 | 2023-07-07 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1334510A (en) * | 2001-09-07 | 2002-02-06 | 清华大学 | Remoteboot method of computer in network environment |
| CN101866295A (en) * | 2010-06-21 | 2010-10-20 | 清华大学 | Network installation method of operating system |
| CN101964821A (en) * | 2010-10-12 | 2011-02-02 | 北京中科院软件中心有限公司 | Method and system for loading operating environment of remote terminal |
| CN103037002A (en) * | 2012-12-21 | 2013-04-10 | 中标软件有限公司 | Method and system for arranging server cluster in cloud computing cluster environment |
| CN103164238A (en) * | 2011-12-12 | 2013-06-19 | 纬创资通股份有限公司 | Method for automatically and continuously installing operating system |
| US20140020096A1 (en) * | 2012-07-11 | 2014-01-16 | Clutch Mobile, Inc. | System to profile application software |
| CN103777981A (en) * | 2014-01-13 | 2014-05-07 | 中南大学 | Multi-operation-system remote loading implementation method suitable for X86 framework |
| CN104158857A (en) * | 2014-07-25 | 2014-11-19 | 中南大学 | Device and method for providing networking operating system service |
| CN105391762A (en) * | 2015-10-12 | 2016-03-09 | 中国人民解放军63811部队 | Method for remote automatic installation of bid-winning Kylin operating system |
-
2017
- 2017-03-01 CN CN201710116649.3A patent/CN106940769B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1334510A (en) * | 2001-09-07 | 2002-02-06 | 清华大学 | Remoteboot method of computer in network environment |
| CN101866295A (en) * | 2010-06-21 | 2010-10-20 | 清华大学 | Network installation method of operating system |
| CN101964821A (en) * | 2010-10-12 | 2011-02-02 | 北京中科院软件中心有限公司 | Method and system for loading operating environment of remote terminal |
| CN103164238A (en) * | 2011-12-12 | 2013-06-19 | 纬创资通股份有限公司 | Method for automatically and continuously installing operating system |
| US20140020096A1 (en) * | 2012-07-11 | 2014-01-16 | Clutch Mobile, Inc. | System to profile application software |
| CN103037002A (en) * | 2012-12-21 | 2013-04-10 | 中标软件有限公司 | Method and system for arranging server cluster in cloud computing cluster environment |
| CN103777981A (en) * | 2014-01-13 | 2014-05-07 | 中南大学 | Multi-operation-system remote loading implementation method suitable for X86 framework |
| CN104158857A (en) * | 2014-07-25 | 2014-11-19 | 中南大学 | Device and method for providing networking operating system service |
| CN105391762A (en) * | 2015-10-12 | 2016-03-09 | 中国人民解放军63811部队 | Method for remote automatic installation of bid-winning Kylin operating system |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566174A (en) * | 2017-09-05 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of network interface card identification and the realization method and system of bulk filling system |
| CN109992966A (en) * | 2018-01-02 | 2019-07-09 | 华邦电子股份有限公司 | Memory sub-system, security client end device and its authentication method |
| CN109992966B (en) * | 2018-01-02 | 2023-06-27 | 华邦电子股份有限公司 | Memory subsystem, secure client device, and authentication method thereof |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
| CN112087294A (en) * | 2020-08-13 | 2020-12-15 | 中国电子科技集团公司第三十研究所 | Portable security computer architecture based on secret hash label protection |
| CN112087294B (en) * | 2020-08-13 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Portable safety computer system based on secret hash label protection |
| CN112487435A (en) * | 2020-11-06 | 2021-03-12 | 麒麟软件有限公司 | Secure starting method based on X86 architecture |
| CN113051584A (en) * | 2021-05-31 | 2021-06-29 | 武汉深之度科技有限公司 | System secure starting method and device, computing equipment and readable storage medium |
| CN116405316A (en) * | 2023-05-26 | 2023-07-07 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
| CN116405316B (en) * | 2023-05-26 | 2023-08-25 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106940769B (en) | 2020-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106940769A (en) | operating system security remote loading method | |
| KR101359841B1 (en) | Methods and apparatus for trusted boot optimization | |
| CN109669734B (en) | Method and apparatus for starting a device | |
| US9087188B2 (en) | Providing authenticated anti-virus agents a direct access to scan memory | |
| US7937575B2 (en) | Information processing system, program product, and information processing method | |
| Heasman | Implementing and detecting a pci rootkit | |
| US9319380B2 (en) | Below-OS security solution for distributed network endpoints | |
| US7962738B2 (en) | Hypervisor runtime integrity support | |
| US9471780B2 (en) | System, method, and computer program product for mounting an image of a computer system in a pre-boot environment for validating the computer system | |
| US9836601B2 (en) | Protecting anti-malware processes | |
| US20150288659A1 (en) | Systems and Methods for Mutual Integrity Attestation Between A Network Endpoint And A Network Appliance | |
| US8086835B2 (en) | Rootkit detection | |
| WO2008085447A2 (en) | Securely recovering a computing device | |
| US8522003B2 (en) | Software loading method and apparatus to a computing platform | |
| US20140325659A1 (en) | Malware risk scanner | |
| US10019577B2 (en) | Hardware hardened advanced threat protection | |
| Schiffman et al. | Network-based root of trust for installation | |
| US11392700B1 (en) | System and method for supporting cross-platform data verification | |
| Kovah et al. | How Many Million BIOSes Would you Like to Infect? | |
| Cutler et al. | Trusted disk loading in the Emulab network testbed | |
| Installation | Network-Based Root of Trust for Installation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: GUANGZHOU DAWEI COMMUNICATION CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980024622 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221202 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: Shenzhen Maiqi Big Data Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980024931 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221207 |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: SHENZHEN VKSANTONG ELECTRONIC TECHNOLOGY Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025183 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221208 Application publication date: 20170711 Assignee: Shenzhen yunkong Automation Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025165 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221208 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: SHENZHEN QIJIAN TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980027510 Denomination of invention: Safe remote loading method of operating system Granted publication date: 20200428 License type: Common License Record date: 20230105 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: HUAYUAN ELECTRIC Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2023980030232 Denomination of invention: Safe remote loading method of operating system Granted publication date: 20200428 License type: Common License Record date: 20230110 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: Guangzhou Baoxintong Information Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2023980047563 Denomination of invention: Secure Remote Loading Method for Operating System Granted publication date: 20200428 License type: Common License Record date: 20231120 |
|
| EE01 | Entry into force of recordation of patent licensing contract |