CN113127873A - Credible measurement system of fortress machine and electronic equipment - Google Patents

Credible measurement system of fortress machine and electronic equipment Download PDF

Info

Publication number
CN113127873A
CN113127873A CN202110454865.5A CN202110454865A CN113127873A CN 113127873 A CN113127873 A CN 113127873A CN 202110454865 A CN202110454865 A CN 202110454865A CN 113127873 A CN113127873 A CN 113127873A
Authority
CN
China
Prior art keywords
trusted
measurement
operating system
module
software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110454865.5A
Other languages
Chinese (zh)
Inventor
廖渊
李北川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Postal Savings Bank of China Ltd
Original Assignee
Postal Savings Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Postal Savings Bank of China Ltd filed Critical Postal Savings Bank of China Ltd
Priority to CN202110454865.5A priority Critical patent/CN113127873A/en
Publication of CN113127873A publication Critical patent/CN113127873A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a credibility measuring system of a bastion machine and electronic equipment. The credibility measuring system of the bastion machine comprises: the trusted control module is deployed in a server of the bastion machine and is used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system; and the software trusted module is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result. The invention solves the technical problem that the existing financial bastion machine system is difficult to prevent the attack and damage of malicious programs to the system.

Description

Credible measurement system of fortress machine and electronic equipment
Technical Field
The invention relates to the field of financial bastion machines, in particular to a credible measuring system of a bastion machine and electronic equipment.
Background
The starting process of the conventional financial bastion machine system is the same as that of other servers, and the attack of a malicious program to the system guide phase and the damage to the system guide behavior cannot be identified, so that the attack of the malicious program to the system guide phase and the damage to the system guide behavior are difficult to prevent.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a credible measuring system of a bastion machine and electronic equipment, which at least solve the technical problem that the existing financial bastion machine system is difficult to prevent the attack and damage of a malicious program to the system.
According to an aspect of the embodiment of the invention, a credibility measuring system of a bastion machine is provided, and comprises: the trusted control module is deployed in a server of the bastion machine and is used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system; and the software trusted module is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result.
Optionally, the software trusted module is further configured to perform a first trusted measurement on a core file and an application program of the operating system when the operating system is started, so as to obtain a first trusted measurement result; and when the first credibility measurement result indicates that the core file and/or the application program is tampered, outputting alarm information and controlling the operating system to stop starting or isolating tampered content.
Optionally, the software trusted module is further configured to calculate a first hash value of a first metric object by using a static integrity measurement method, and check whether the integrity of the first metric object is damaged based on the first hash value, where the first metric object includes at least one of: executable program, dynamic library, kernel module.
Optionally, the software trusted module is further configured to calculate a second hash value of a second metric object by using a dynamic integrity measurement method, and detect whether the operating state of the operating system is trusted based on the second hash value, where the second metric object includes at least one of: the system comprises a code segment of a kernel module, a read-only data segment, a key jump table and a process code segment of an application layer.
Optionally, the software trusted module is further configured to perform development adaptation based on a kernel layer of the operating system, and perform mandatory access control on the operating system, where the content of the mandatory access control includes at least one of: files, directories, processes, registries, and services.
Optionally, the operating system includes: the trusted management platform is deployed in the operating system and used for deploying a hardware trusted root and a software trusted base component on a terminal node of the bastion machine, wherein the hardware trusted root comprises the trusted cryptography module and the trusted control module, and the hardware trusted root is built in a hardware mode or is inserted into the terminal node; the trusted management platform is further configured to push a trusted base client to the terminal node through the software trusted base component, and the terminal node is configured to locally install and deploy the trusted base client.
Optionally, a basic establishing idea of the trust chain is to measure one level and trust one level at a previous level of a startup chain to ensure credibility of the operating system in a startup process, wherein in the startup process, all nodes in the startup chain are subjected to trust verification based on a hardware root of trust and the startup chain is subjected to level-by-level measurement to form a complete trust chain, and the trust chain is used to ensure that the operating system enters a trusted computing environment after being started.
Optionally, the static integrity measurement mode is configured to prevent unauthorized code execution and to implement a static measurement function by using a predetermined mechanism, where the predetermined mechanism includes at least one of: measuring, judging and controlling; the static integrity measurement method is also used for providing an executive credibility measurement by adopting an active immune system defense mechanism so as to prevent the running of unauthorized applications and unexpected applications.
Optionally, the operating system is further configured to perform feature acquisition on an executable program on the operating system to obtain feature acquisition information, and generate a reference library based on the feature acquisition information, where an acquisition object of the feature acquisition includes: the system comprises a binary executable file, a dynamic library and a kernel module, wherein a collection object in the reference library is a loading object capable of normally running.
Optionally, the dynamic integrity measurement mode is configured to select a corresponding measurement opportunity and a measurement method for different second metric objects to measure the operating conditions of the second metric objects, report the changed metric objects according to a measurement policy and characteristics of the different metric objects, send an obtained measurement result to a control mechanism, and take a measure for updating a metric expected value or a measure for recovering confidence.
Optionally, the dynamic integrity measurement mode is further configured to monitor the operating system in real time, and perform real-time measurement and control on a resource access behavior of a process, where the monitored content includes at least one of: all key processes, modules, execution code, data structures, jump tables.
Optionally, the trusted control module is integrated in a trusted computing platform, and is configured to establish and guarantee a basic core module of a trusted source, and is configured to provide at least one of the following functions for the trusted computing platform: active measurement, active control, credible authentication, encryption protection and credible report;
the trusted computing platform is also provided with a trusted password module, and the trusted password module is adopted to provide a password operation function for the trusted computing platform.
Optionally, the software trusted base component is configured to dynamically analyze a trusted policy and perform trusted verification on the operating system by using the trusted policy, where the software trusted base is configured to run in a trusted system and a computing system at the same time; the third measurement object of the software trusted base component mainly comprises at least one of the following objects: operating system environment, application process environment, execution code for other security mechanisms, and associated operating states.
According to another aspect of the embodiment of the invention, the electronic equipment comprises any of the bastion trusted measuring systems of the bastion machines.
In the embodiment of the invention, the trusted control module is deployed in a server of the bastion machine and is used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system; and the software trusted module is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result, so that the purpose of preventing the system from being attacked and damaged by a malicious program by the financial bastion machine system is achieved, the technical effect of ensuring the trusted running state of the financial bastion machine system is achieved, and the technical problem that the existing financial bastion machine system is difficult to prevent the system from being attacked and damaged by the malicious program is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a credibility measuring system of a bastion machine according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an alternative chain of trust construction and delivery in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram of an alternative process for performing measurement using static integrity measurement according to an embodiment of the present invention;
FIG. 4 is a flow chart of an alternative method of dynamic integrity measurement for measurement according to an embodiment of the present invention;
figure 5 is a schematic diagram of an alternative trusted bastion system according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, in order to facilitate understanding of the embodiments of the present invention, some terms or nouns referred to in the present invention will be explained as follows:
trusted Computing (TC) is a technology that is driven and developed by the Trusted Computing group (previously known as TCPA). Trusted computing is a trusted computing platform widely used in computing and communication systems and based on the support of a hardware security module, so as to improve the security of the whole system.
Example 1
According to an embodiment of the invention, an embodiment of a credibility measuring system of a bastion machine is provided, fig. 1 is a structural schematic diagram of the credibility measuring system of the bastion machine according to the embodiment of the invention, and as shown in fig. 1, the credibility measuring system of the bastion machine comprises: a trusted control module 10 and a software trusted module 12, wherein:
the trusted control module 10 is deployed in a server of the bastion machine and used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system; and the software trusted module 12 is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result.
In the embodiment of the invention, the trusted control module is deployed in a server of the bastion machine and is used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system; and the software trusted module is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result, so that the purpose of preventing the system from being attacked and damaged by a malicious program by the financial bastion machine system is achieved, the technical effect of ensuring the trusted running state of the financial bastion machine system is achieved, and the technical problem that the existing financial bastion machine system is difficult to prevent the system from being attacked and damaged by the malicious program is solved.
Optionally, in the embodiment of the application, a trusted control module is deployed on a server motherboard of the financial bastion machine, and a software trusted module is deployed on an operating system of the financial bastion machine, so that trusted guidance of the operating system by the trusted control module (hardware trusted root) can be realized, a trust chain is conducted to the operating system from a trusted cryptography module, starting safety of the operating system is ensured to transition to a system running state, trust of the system running state is ensured, and support is provided for an access control mechanism and a trusted certification mechanism. By verifying the system boot data, attacks to the system boot stage and damages to the system boot behavior by malicious programs are prevented.
As an alternative embodiment, a schematic diagram of trust chain construction and delivery is shown in fig. 2, and the embodiment of the present application is implemented based on a trust chain technology of trusted computing, a static metric technology, and a dynamic metric technology. In the embodiment of the application, the basic idea of establishing the trust chain is that the first-level measurement is one-level, and the first-level trust is one-level, so that the starting credibility of the system is ensured. All nodes in the starting process should be subjected to credibility verification based on the credible root. The starting process comprises the step-by-step measurement of the whole starting chain, a complete trust chain is formed, and the trusted computing environment is ensured to enter after the starting.
In an optional embodiment, the software trusted module is further configured to perform a first trust measurement on a core file and an application program of the operating system when the operating system is started, so as to obtain a first trust measurement result; and when the first credibility measurement result indicates that the core file and/or the application program is tampered, outputting alarm information and controlling the operating system to stop starting or isolating tampered content.
Optionally, a software trusted module is deployed in the bastion machine operating system, and the software trusted module can be used for developing adaptation based on an operating system kernel layer, and implementing forced access control on files, directories, processes, registries and services by adopting a system kernel reinforcement technology, that is, the software trusted module can be used for implementing a first trusted measurement of a bastion machine operating system starting process and an application program, dynamically protecting the bastion machine operating system and the application, preventing an unauthorized program from running in the bastion machine, and controlling user rights.
According to the method and the device, the software trusted module carries out first trusted measurement on the core file and the application program of the bastion machine operating system when the bastion machine operating system is started, records a first trusted measurement result, and gives an alarm to a user when tampering is detected and stops starting or isolates the tampered file. By the aid of the method and the device, the financial bastion machine can be enabled to start the operating system and then to be trusted to be verified when the application program is started, trusted verification is carried out on the execution environment of the application program in all execution links of the application program, and unauthorized programs are prevented from running in the bastion machine.
In an alternative embodiment, the software trusted module is further configured to compute a first hash value of a first metric object by using a static integrity measurement, and check whether the integrity of the first metric object is damaged based on the first hash value, where the first metric object includes at least one of: executable program, dynamic library, kernel module.
Optionally, in the above embodiment, as shown in fig. 3, a schematic flow chart of performing measurement in a static integrity measurement manner is shown, where a first hash value of a measured object (i.e., a first measurement object, which includes an executable program, a dynamic library, and a kernel module) is calculated in the static integrity measurement manner, and whether the integrity of the measured object is damaged is checked based on the first hash value, so as to ensure that an initial state of a system operating object is trusted.
In an optional embodiment, the software trusted module is further configured to compute a second hash value of a second metric object by using a dynamic integrity measurement method, and detect whether the operating state of the operating system is trusted based on the second hash value, where the second metric object includes at least one of: the system comprises a code segment of a kernel module, a read-only data segment, a key jump table and a process code segment of an application layer.
Optionally, in the foregoing embodiment, as shown in fig. 4, a flowchart for performing measurement in a dynamic integrity measurement manner is used, and a second hash value of a measured object (that is, a second metric object, which includes a code segment of a system kernel, a read-only data segment, a key jump table, and a process code segment of an application layer) is calculated in the dynamic integrity measurement manner, and an operation status of the measured object is detected based on the second hash value, so as to ensure a trust of an operation state of a system, and provide a support for an access control mechanism and a trust certification mechanism.
In an optional embodiment, the software trusted module is further configured to perform development adaptation based on a kernel layer of the operating system, and perform mandatory access control on the operating system, where the content of the mandatory access control includes at least one of: files, directories, processes, registries, and services.
In an alternative embodiment, the operating system includes: the trusted management platform is deployed in the operating system and used for deploying a hardware trusted root and a software trusted base component on a terminal node of the bastion machine, wherein the hardware trusted root comprises the trusted cryptography module and the trusted control module, and the hardware trusted root is built in a hardware mode or is inserted into the terminal node; the trusted management platform is further configured to push a trusted base client to the terminal node through the software trusted base component, and the terminal node is configured to locally install and deploy the trusted base client.
Optionally, in this embodiment of the application, the trusted management platform (trusted management center) is a platform that performs policy, benchmark, and log unified management on the TSB and the TPCM, and is also a service platform based on trusted data, and is capable of providing trusted state evaluation support trusted connection, performing data analysis and mining based on trusted log data, and presenting a trusted situation to provide trusted service to enhance the immunity of the trusted computing node. In the embodiment of the application, a pure software mode can be adopted to deploy the trusted management platform.
Optionally, the hardware root of trust includes: the Trusted Cryptography Module (TCM) and the Trusted Platform Control Module (TPCM) are combined. The trusted platform control module is a basic core module which can be integrated in a trusted computing platform and is used for establishing and guaranteeing a trusted source point, and functions of active measurement, active control, trusted authentication, encryption protection, trusted reporting and the like are provided for the trusted computing platform. The Trusted Cryptography Module (TCM) is a hardware module of the trusted computing platform, provides cryptographic operation function for the trusted computing platform, and has protected storage space. The TCM cryptographic module adopts domestic cryptographic algorithms SM2, SM3 and SM4, provides a cryptographic service and key management system according to TCM national standards, and is used for supporting cryptographic services in trusted computing identity authentication, state measurement and secret storage processes.
As an optional embodiment, the trusted cryptography module is deployed on a motherboard of a computing platform in a plug-in card manner, stores important files such as certificates, algorithms, keys, configuration information and the like, avoids illegal reading and damage through hardware protection, and provides cryptographic calculation services and active measurement functions, thereby establishing a trust chain from start to operation for the whole terminal as a root of trust. In the embodiment of the application, the processor, the special physical memory, the persistent storage space, the TCM and the like of the TPCM are integrated into the PCI-E board card or the module to obtain the TPCM. The persistent storage area may store a TPCM operating system, a TSB program, a key, and the like, and the TCM cryptographic module is mainly used to provide an encryption service for the TPCM.
In an optional embodiment, a basic establishing idea of the trust chain is to measure one level at a previous stage of a boot chain and trust one level at a previous stage of the boot chain to ensure the credibility of the operating system in the boot process, wherein in the boot process, all nodes in the boot chain are subjected to trusted verification based on a hardware root of trust and the boot chain is measured step by step to form a complete trust chain, and the trust chain is used for ensuring that the operating system enters a trusted computing environment after being booted.
In an alternative embodiment, the static integrity measurement mode is used for preventing the unauthorized code from executing and for implementing the static measurement function by adopting a predetermined mechanism, wherein the predetermined mechanism comprises at least one of the following mechanisms: measuring, judging and controlling; the static integrity measurement method is also used for providing an executive credibility measurement by adopting an active immune system defense mechanism so as to prevent the running of unauthorized applications and unexpected applications.
In the above alternative embodiment, the static integrity measurement manner is implemented by using a static measurement technology, and is used to prevent unauthorized code execution, and is the most important function for the runtime trust of the system. The technical scheme of the static measurement adopts a measurement, judgment and control mechanism to complete the static measurement function, in the embodiment of the application, the trusted computing technology is combined, an active immune system defense mechanism is adopted, the trusted measurement of the execution program is provided, the unauthorized and unexpected execution program is prevented from running, the active defense of known/unknown malicious codes is realized, and the risk that the integrity and the usability of an operating system are damaged is reduced.
In an optional embodiment, the operating system is further configured to perform feature collection on an executable program on the operating system to obtain feature collection information, and generate a reference library based on the feature collection information, where a collection object of the feature collection includes: the system comprises a binary executable file, a dynamic library and a kernel module, wherein a collection object in the reference library is a loading object capable of normally running.
Optionally, in this embodiment of the application, the operating system (trusted computing system) may collect features of an executable program in the operating system of the bastion machine in the deployment process, and the collection object includes: binary executable files, dynamic libraries, kernel modules (drivers), and the like. In the embodiment of the application, after information acquisition is completed, a strategy reference library is generated based on feature acquisition information, wherein a program in the reference library can be normally executed, a dynamic library can be normally linked, and a driving module can be normally loaded, so that the protection effect of preventing malicious codes and unauthorized software from running is achieved.
In an optional embodiment, the dynamic integrity measurement mode is used to select a corresponding measurement opportunity and a measurement method for different second measurement objects to measure the operating conditions of the second measurement objects, report the changed measurement objects according to a measurement policy and characteristics of the different measurement objects, and send the obtained measurement result to a control mechanism and take a measure expected value or a reliable recovery measure.
In the embodiment of the application, the trusted software base can ensure that the system operation object is initially trusted through the static measurement function. On the basis, the dynamic measurement function selects a proper measurement opportunity for different measurement objects, adopts a reasonable measurement method to measure the operation condition of the measurement objects in the system, reports the measurement objects which change according to the strategy and the characteristics of the different measurement objects, sends the measurement result to the control mechanism, and simultaneously adopts a measure for updating the measurement expected value or a measure for recovering the reliability, thereby ensuring the reliability of the operation state of the system and providing support for accessing the control mechanism.
In an optional embodiment, the dynamic integrity measurement mode is further configured to monitor the operating system in real time, and measure and control resource access behavior of the process in real time, where the monitored content includes at least one of: all key processes, modules, execution code, data structures, jump tables.
Optionally, the above dynamic integrity measurement mode is used for monitoring all key processes, modules, execution codes, data structures, important jump tables, and the like in the system in real time, and measures and controls resource access behaviors of the processes in real time, and is a core component that ensures safe operation of the system and that a safety mechanism is not bypassed and tampered.
According to the embodiment of the application, the dynamic measurement module is adopted to aim at different measurement objects, a reasonable measurement method is adopted, and a proper measurement opportunity is selected to comprehensively measure the operation of the system, so that the safety and the credibility of the system are ensured. The dynamic measurement is the core guarantee of the system and is the key for monitoring the running state of the system, measuring the process behavior and analyzing the credibility of the system. The operation mechanism of the dynamic measurement realizes monitoring on important nodes of the system and effectively blocks intrusion of malicious codes on the system.
In an optional embodiment, the trusted control module is integrated in a trusted computing platform, and is configured to establish and secure a basic core module of a trusted origin, and is configured to provide at least one of the following functions for the trusted computing platform: active measurement, active control, credible authentication, encryption protection and credible report; the trusted computing platform is also provided with a trusted password module, and the trusted password module is adopted to provide a password operation function for the trusted computing platform.
In this embodiment of the application, as shown in fig. 5, based on the above-mentioned trusted computing technology, a trusted management platform may be deployed first, and a hardware trusted root and a software trusted base TSB component are deployed at a terminal node of a bastion machine, and the hardware trusted root is built in a hardware manner or is inserted in a card on the node, and the TSB software trusted base realizes unified remote pushing, installing and deploying a TSB client to the terminal through the trusted management platform.
In an optional embodiment, the software trusted base component is configured to dynamically analyze a trusted policy and perform trusted verification on the operating system by using the trusted policy, where the software trusted base is configured to run in a trusted system and a computing system at the same time; the third measurement object of the software trusted base component mainly comprises at least one of the following objects: operating system environment, application process environment, execution code for other security mechanisms, and associated operating states.
Optionally, the software trusted base component may be a TSB trusted software base, which is a core mechanism of a software layer, and is capable of dynamically analyzing a trusted policy, intercepting a system and an application behavior, and performing trusted verification under the support of the TPCM according to the policy. The TSB agent mainly realizes interception and control embedded in an operating system of the computing system and usually exists in a kernel module form; the TSB runs in the TPCM, is an application layer of the TPCM, and is calculated by using the resources of the isolation guarantee provided by the TPCM.
As an optional embodiment, the trusted software base provides important measurement on a system, an application and a security mechanism during operation for the terminal, provides a security protection function, ensures the integrity of the security of the terminal and the security mechanism of the terminal through the interaction between the trusted software base and the TPCM, and transmits trust to an application program. The TSB product is matched according to different TPCM construction modes, and the difference of different TPCM construction modes is compensated by adopting part of computing resources for dynamic adjustment.
As another alternative embodiment, the measurement object of the trusted software base mainly includes several types, including operating system environments (e.g., key data structures such as kernel code segment, kernel module code segment, interrupt table, syscal l, important function jump table, kernel module table and related execution code segment), application process environments (e.g., main program code segment, shared library table and related function jump table, service-defined key data area, etc.), and execution codes and related operation states of other security mechanisms.
There is also provided, in accordance with an embodiment of the present invention, an electronic device including any of the above-described trusted metrics systems of bastion machines.
It should be noted that any of the above-mentioned optional or preferred credibility measurement systems of the bastion machine can be implemented or realized in the electronic device provided in the present embodiment.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable non-volatile storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a non-volatile storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned nonvolatile storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (14)

1. A trusted metrics system for bastion machines, comprising:
the trusted control module is deployed in a server of the bastion machine and used for conducting trusted boot on an operating system of the bastion machine, wherein the trusted boot is used for conducting a trust chain from a trusted password module in the bastion machine to the operating system;
and the software trusted module is deployed in the operating system and used for performing trusted measurement on the starting process of the operating system and the application program running on the bastion machine based on the trusted boot to obtain a trusted measurement result.
2. The system of claim 1,
the software trusted module is further used for performing first trusted measurement on the core file and the application program of the operating system when the operating system is started to obtain a first trusted measurement result; and when the first credibility measurement result indicates that the core file and/or the application program is tampered, outputting alarm information and controlling the operating system to stop starting or isolating tampered content.
3. The system of claim 1,
the software trusted module is further configured to compute a first hash value of a first metric object using a static integrity metric, and verify whether the integrity of the first metric object is corrupted based on the first hash value, wherein the first metric object includes at least one of: executable program, dynamic library, kernel module.
4. The system of claim 1,
the software trusted module is further configured to compute a second hash value of a second metric object in a dynamic integrity measurement manner, and detect whether the operating state of the operating system is trusted based on the second hash value, where the second metric object includes at least one of: the system comprises a code segment of a kernel module, a read-only data segment, a key jump table and a process code segment of an application layer.
5. The system of claim 1,
the software trusted module is further used for performing development adaptation based on a kernel layer of the operating system, and performing mandatory access control on the operating system, wherein the content of the mandatory access control includes at least one of the following: files, directories, processes, registries, and services.
6. The system of claim 1, wherein the operating system comprises:
the trusted management platform is deployed in the operating system and used for deploying a hardware trusted root and a software trusted base component on a terminal node of the bastion machine, wherein the hardware trusted root comprises the trusted cryptography module and the trusted control module, and the hardware trusted root is built in a hardware mode or is inserted into the terminal node in a card mode;
the trusted management platform is further used for pushing a trusted base client to the terminal node through the software trusted base component, and the terminal node is used for installing and deploying the trusted base client locally.
7. The system of claim 1,
the basic establishing idea of the trust chain is that the first level of measurement and the first level of trust are performed on the starting chain to ensure the credibility of the operating system in the starting process, wherein in the starting process, all nodes on the starting chain are subjected to credibility verification and the starting chain is subjected to step-by-step measurement based on a hardware credible root to form a complete trust chain, and the trust chain is used for ensuring that the operating system enters a credible computing environment after being started.
8. The system of claim 3,
the static integrity measurement mode is used for preventing the execution of the unlicensed codes and adopting a predetermined mechanism to complete the static measurement function, wherein the predetermined mechanism comprises at least one of the following mechanisms: measuring, judging and controlling;
the static integrity measurement mode is also used for providing execution program credibility measurement by adopting an active immune system defense mechanism so as to prevent the running of unauthorized application programs and application programs which do not accord with expectation.
9. The system of claim 1, wherein the operating system is further configured to perform feature collection on an executable program on the operating system, obtain feature collection information, and generate a reference library based on the feature collection information, wherein the collection object of feature collection includes: the system comprises a binary executable file, a dynamic library and a kernel module, wherein a collection object in the reference library is a loading object capable of normally running.
10. The system of claim 4,
the dynamic integrity measurement mode is used for selecting corresponding measurement opportunity and measurement method for different second measurement objects to measure the operating conditions of the second measurement objects, reporting the changed measurement objects according to measurement strategies and the characteristics of different measurement objects, sending the obtained measurement results to a control mechanism, and taking measures for updating measurement expected values or credible recovery measures.
11. The system of claim 4,
the dynamic integrity measurement mode is also used for monitoring the operating system in real time and measuring and controlling the resource access behavior of the process in real time, wherein the monitoring content comprises at least one of the following contents: all key processes, modules, execution code, data structures, jump tables.
12. The system of claim 4,
the trusted control module is integrated in a trusted computing platform, is used for establishing and guaranteeing a basic core module of a trusted source point, and is used for providing at least one of the following functions for the trusted computing platform: active measurement, active control, credible authentication, encryption protection and credible report;
the trusted computing platform is also provided with a trusted password module, and the trusted password module is adopted to provide a password operation function for the trusted computing platform.
13. The system of claim 12,
the software trusted base component is used for dynamically analyzing a trusted strategy and performing trusted verification on the operating system by adopting the trusted strategy, wherein the software trusted base is used for simultaneously operating in a trusted system and a computing system; the third measurement object of the software trusted base component mainly comprises at least one of the following objects: operating system environment, application process environment, execution code for other security mechanisms, and associated operating states.
14. An electronic device, characterized in that it comprises a trusted metrics system of the bastion machine of any of claims 1 to 13.
CN202110454865.5A 2021-04-26 2021-04-26 Credible measurement system of fortress machine and electronic equipment Pending CN113127873A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110454865.5A CN113127873A (en) 2021-04-26 2021-04-26 Credible measurement system of fortress machine and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110454865.5A CN113127873A (en) 2021-04-26 2021-04-26 Credible measurement system of fortress machine and electronic equipment

Publications (1)

Publication Number Publication Date
CN113127873A true CN113127873A (en) 2021-07-16

Family

ID=76780036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110454865.5A Pending CN113127873A (en) 2021-04-26 2021-04-26 Credible measurement system of fortress machine and electronic equipment

Country Status (1)

Country Link
CN (1) CN113127873A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001703A (en) * 2022-05-25 2022-09-02 深圳市证通电子股份有限公司 Security promotion method for bastion machine based on national security encryption machine
CN115618364A (en) * 2022-12-16 2023-01-17 飞腾信息技术有限公司 Method for realizing safe and trusted start, safety architecture system and related equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103679015A (en) * 2012-09-04 2014-03-26 江苏中科慧创信息安全技术有限公司 Attacking control method for protecting kernel system
CN105468978A (en) * 2015-11-16 2016-04-06 国网智能电网研究院 Trusted computing cryptogram platform suitable for general computation platform of electric system
CN111950014A (en) * 2020-08-27 2020-11-17 英业达科技有限公司 Security measurement method and device for starting server system and server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103679015A (en) * 2012-09-04 2014-03-26 江苏中科慧创信息安全技术有限公司 Attacking control method for protecting kernel system
CN105468978A (en) * 2015-11-16 2016-04-06 国网智能电网研究院 Trusted computing cryptogram platform suitable for general computation platform of electric system
CN111950014A (en) * 2020-08-27 2020-11-17 英业达科技有限公司 Security measurement method and device for starting server system and server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001703A (en) * 2022-05-25 2022-09-02 深圳市证通电子股份有限公司 Security promotion method for bastion machine based on national security encryption machine
CN115001703B (en) * 2022-05-25 2023-09-01 深圳市证通电子股份有限公司 Fort security improvement method based on national cryptographic machine
CN115618364A (en) * 2022-12-16 2023-01-17 飞腾信息技术有限公司 Method for realizing safe and trusted start, safety architecture system and related equipment
CN115618364B (en) * 2022-12-16 2023-06-23 飞腾信息技术有限公司 Method for realizing safe and reliable starting, safe architecture system and related equipment

Similar Documents

Publication Publication Date Title
US11176255B2 (en) Securely booting a service processor and monitoring service processor integrity
US11503030B2 (en) Service processor and system with secure booting and monitoring of service processor integrity
US11606211B2 (en) Secured system operation
US8028172B2 (en) Systems and methods for updating a secure boot process on a computer with a hardware security module
KR101066727B1 (en) Secure booting a computing device
JP4855679B2 (en) Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem
US7506380B2 (en) Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
WO2011146305A2 (en) Extending an integrity measurement
WO2012064171A1 (en) A method for enabling a trusted platform in a computing system
JP2008503014A (en) Ensuring software security
Böck et al. Towards more trustable log files for digital forensics by means of “trusted computing”
CN102880828B (en) Intrusion detection and recovery system aiming at virtualization support environment
CN113127873A (en) Credible measurement system of fortress machine and electronic equipment
JP2019057167A (en) Computer program, device and determining method
CN113647053A (en) Method for configuring a security module with at least one derived key
EP3563548B1 (en) Historic data breach detection
Frazelle Securing the boot process
Galanou et al. Matee: Multimodal attestation for trusted execution environments
CN111858114A (en) Equipment start exception handling method, device start control method, device and system
Risto Forensics from trusted computing and remote attestation
CN117494232B (en) Method, device, system, storage medium and electronic equipment for executing firmware
CN117610025B (en) Embedded operating system safety guiding method based on electric power intelligent terminal
WO2019137614A1 (en) Apparatus and method for runtime integrity protection for execution environments
KR102211846B1 (en) Ransomware detection system and operating method thereof
CN117667301A (en) Protection container ecosystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination