CN116796332A - Trusted computing platform system based on double-system architecture - Google Patents
Trusted computing platform system based on double-system architecture Download PDFInfo
- Publication number
- CN116796332A CN116796332A CN202310580632.9A CN202310580632A CN116796332A CN 116796332 A CN116796332 A CN 116796332A CN 202310580632 A CN202310580632 A CN 202310580632A CN 116796332 A CN116796332 A CN 116796332A
- Authority
- CN
- China
- Prior art keywords
- trusted
- module
- computing platform
- access control
- computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007246 mechanism Effects 0.000 claims abstract description 94
- 238000000034 method Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 claims abstract description 9
- 230000002452 interceptive effect Effects 0.000 claims abstract description 4
- 238000005259 measurement Methods 0.000 claims description 40
- 238000007726 management method Methods 0.000 claims description 39
- 230000008569 process Effects 0.000 claims description 36
- 238000012550 audit Methods 0.000 claims description 24
- 238000012544 monitoring process Methods 0.000 claims description 23
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 claims description 14
- 230000009977 dual effect Effects 0.000 claims description 13
- 230000003068 static effect Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000011217 control strategy Methods 0.000 claims description 9
- 206010048669 Terminal state Diseases 0.000 claims description 4
- 230000036039 immunity Effects 0.000 claims description 4
- 108090000623 proteins and genes Proteins 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 7
- 241000700605 Viruses Species 0.000 abstract description 5
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 abstract description 4
- 238000010276 construction Methods 0.000 abstract description 3
- 230000008447 perception Effects 0.000 abstract description 3
- 230000009466 transformation Effects 0.000 abstract description 3
- 230000007547 defect Effects 0.000 description 8
- 230000006399 behavior Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000009434 installation Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 239000010410 layer Substances 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000002147 killing effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002829 reductive effect Effects 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 238000013474 audit trail Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000001149 cognitive effect Effects 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000004659 sterilization and disinfection Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to the technical field of Internet security, in particular to a trusted computing platform system based on a double-system architecture, which comprises a protection part and a computing part, wherein the protection part and the computing part are in interactive communication through a secure channel constructed by a trust management mechanism. The application changes from passive defense to active defense to realize the credibility verification; the application range is wide, and the method is suitable for servers, storage systems, terminals, embedded systems and the like; the safety intensity is high, and the unknown virus Trojan attack and intelligent perception can be resisted; for the precaution position, the source of the behavior can be accurately positioned, and the network platform is automatically managed; the cost is low, and the trusted node can be realized in the multi-core processor; the method is easy to implement, and can be suitable for the construction of a new system and the transformation of an old system; the original application is not required to be modified, active real-time protection/service is carried out by formulating a strategy, and the performance influence is controlled below 3%.
Description
Technical Field
The application belongs to the technical field of Internet security, and particularly relates to a trusted computing platform system based on a double-system architecture.
Background
With the rapid development of informatization of various industries, service application information systems are more and more, and security threats facing computing equipment terminals serving as main carriers of the service application information systems and information data are more and more, and attacks from an operating system to CPU logic and based on loopholes are continuously upgraded. In the face of increasingly complex, concealed and organized attackers, the defects of the traditional matching disinfection and interception mode based on the feature library are more and more obvious: the method is difficult to cope with unknown and new malicious code attacks, can not cope with behavior attacks from organizations, can not effectively ensure the safety of service applications, and is easy to cause a large number of safety events such as attacked information assets, interrupted services and the like.
For industry users with a large number of service information systems, the primary aim is to ensure the continuity of the service systems, the integrity and confidentiality of information data and ensure the normal, safe and stable operation of service applications. However, the operation of the service application system depends on the service environment formed by the operating system and the hardware platform. The lack of a protection part in the current computer architecture results in endless vulnerability layers of an operating system, and attacks against hardware also occur. Because of the limitation of people on IT cognitive logic in development, all logic combinations cannot be exhausted, and only the completion of calculation tasks to design a business IT system is limited, the defect of logic insufficiency is necessarily existed, and therefore network security attack by using the defects artificially cannot be avoided. Therefore, the security of the software and hardware platform for bearing the business application system is also required to be greatly concerned, and the establishment of a trusted environment is a key for solving the security of the system.
Currently, in a trusted environment, trusted computing has undergone two stages of development paths, respectively: trusted computing version 1.0 and trusted computing version 2.0.
The version 1.0 of trusted computing is represented by a world fault tolerant organization, and is mainly characterized by host reliability, and redundant backup and fault switching of computer components are realized through fault tolerant algorithm and fault diagnosis.
The version 2.0 of trusted computing is represented by TCG (Trusted Computing Group trusted computing group), and is mainly characterized by PC node security, and passive measurement is realized by calling an externally-hooked TPM (Trusted Platform Module trusted platform module) chip through a main program.
At present, hackers attack enterprises more and more under the driving of benefits, and the blocking and killing defending mode of the enterprises is difficult to cope with the attack using logic defects, passive and inadequately defended. At present, the loopholes using logic defects such as ghost and fuse are frequently exploded, and design defects exist in a CPU performance optimization mechanism, so that only the improvement of computing performance is considered, but the safety is not considered. The loopholes of the version 1.0 of the trusted computing or the version 2.0 of the trusted computing caused by the design defects of the trusted computing are difficult to repair, and the deployment difficulty of the trusted computing or the version 2.0 of the trusted computing is larger and larger even if the patch exists. Ghost and fused patches can degrade performance by 30% after deployment. The security protection of enterprises needs to combine the business characteristics of the enterprises, so a new trusted computing platform system is urgently needed to solve the above problems.
Disclosure of Invention
In order to achieve the above purpose, the application adopts the following technical scheme: the trusted computing platform system comprises a protection part and a computing part, wherein the protection part and the computing part are in interactive communication through a secure channel constructed by a trust management mechanism;
the protection part comprises a trusted software base TSB, a trusted hardware platform module and a trusted security management center module; the trusted software base TSB comprises a basic trust base, a trusted reference base, a supporting mechanism, an active monitoring mechanism and a cooperation mechanism, wherein the trusted reference base, the supporting mechanism, the active monitoring mechanism and the cooperation mechanism are connected; the trusted hardware platform module comprises a trusted root and password firmware; the trusted security management center module comprises a system management unit, a security management unit and an audit management unit;
the computing part comprises an access control mechanism collection module, an application process module and a data resource module; the access control mechanism set module comprises a plurality of access control mechanism units; the application process module comprises a plurality of application units; the data resource module comprises a plurality of data units.
Optionally, the trusted hardware platform module constructs a trusted root by setting an active measurement control chip TPCM, so as to realize the combination of calculation and trust, the active measurement control chip TPCM is internally provided with a trusted cryptographic module TCM, and a cryptographic firmware formed by a cryptographic system is adopted as an immunity gene so as to realize the combination of the password and control.
Optionally, the trusted reference library receives the reference information issued by the trusted security management center module and stores and uses the reference information;
the support mechanism accesses all resources of the trusted hardware platform module;
the collaboration mechanism is used for uploading the audit to the trusted security management center module and receiving the strategy issued by the trusted security management center module.
Optionally, the active monitoring mechanism is connected with the access control mechanism collection module through the trust management mechanism, receives the call command information of the application process module through the monitoring interface, verifies the received call command information, and transmits the verified information to the access control mechanism collection module.
Optionally, the active monitoring mechanism includes a control mechanism, a decision mechanism, and a measurement mechanism;
the control mechanism receives calling command information in the application process module through the monitoring interface; the measurement mechanism determines policy requirements according to the call command information; the supporting mechanism performs measurement verification on the policy requirement of the call command information by accessing the resources of the trusted hardware platform module, and compares the verified result with a trusted reference library; finally, the decision mechanism decides the disposal method and the trust management mechanism transmits the disposal method to the access control mechanism collection module.
Optionally, the trusted security management center module is configured to issue a control policy and a node to a trusted reference base TSB;
the system management unit is used for managing user identities, platform identity system resources and the like.
The audit management unit is used for making audit strategies and storing, backing up and inquiring audit records;
the security management unit is used for formulating, issuing, maintaining and storing the trusted security policy.
Optionally, the trusted security policy includes a static metric, a dynamic metric, a trusted report, and access control;
the static measurement is carried out by adopting an active measurement control chip TPCM;
the dynamic measurement is actively measured in real time, and the running state and the process state of the trusted computing platform system are monitored;
the trusted report carries out trusted root signature through data generated by static measurement and dynamic measurement; acquiring terminal identity information and terminal state information;
the access control is used for configuring a corresponding access control strategy by the application process module, and determining the access rule of the application process module to the resource of the data resource module according to the access control strategy.
Optionally, after the guard portion monitors and receives the call command information of the computing portion, the guard portion can be started before the processor of the computing portion, the configuration is initialized for the computing portion, the resources of the trusted hardware platform module are accessed, static measurement and dynamic measurement are carried out on the call command information, trusted verification is achieved, and whether execution or interruption is continued is determined through the verified computing portion.
Alternatively, the guard portion can access all resources of the computing portion that cannot access the guard portion's resources.
The application provides a trusted computing platform system based on a double-system architecture, which is used for converting passive defense into active defense and realizing trusted verification; the application range is wide, and the method is suitable for servers, storage systems, terminals, embedded systems and the like; the safety intensity is high, and the unknown virus Trojan attack and intelligent perception can be resisted; for the precaution position, the source of the behavior can be accurately positioned, and the network platform is automatically managed; the cost is low, and the trusted node can be realized in the multi-core processor; the method is easy to implement, and can be suitable for the construction of a new system and the transformation of an old system; the original application is not required to be modified, active real-time protection/service is carried out by formulating a strategy, and the performance influence is controlled below 3%.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a structural framework diagram of a trusted computing platform system based on a dual architecture;
fig. 2 is a structural framework diagram of a trusted security policy.
Detailed Description
In order to make the technical problems, technical schemes and beneficial effects to be solved more clear, the application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The trusted computing platform system based on the dual architecture provided by the embodiment of the application is now described. A trusted computing platform system based on a dual architecture, see fig. 1, includes a guard portion and a computing portion. The guard portion can access all resources of the computing portion, but the computing portion cannot access the resources of the guard portion. The protection part and the computing part carry out interactive communication through a safety channel constructed by a trust management mechanism, an active immune protection system of the trusted computing platform system is constructed, the safety exposure surface is greatly reduced, the defending capability is further improved, and the safety protection capability is greatly enhanced.
The guard includes a trusted software base TSB, a trusted hardware platform module, and a trusted security management center module.
The computing part comprises an access control mechanism collection module, an application process module and a data resource module. The access control mechanism collection module comprises a plurality of access control mechanism units; the application process module is a main body and comprises a plurality of application units, namely an application 1, an application 2 and an application 3; the data resource module is an object and comprises a plurality of data units, namely data 1, data 2 and data n; the data resource module has read-only permission for the added protected pipe fitting resource, limits the modification permission, and ensures that the related data of the application process module is not illegally tampered and injected.
After the protection part monitors and receives the call command information of the calculation part, the protection part can be started before the processor of the calculation part, the resources and buses of the calculation part are initialized and configured, all the resources of a host in the trusted hardware platform module are accessed, static measurement and dynamic measurement are carried out on the call command information, trusted verification is realized, the calculation part can be started or continuously executed after verification, otherwise, alarm and control are carried out, and intrusion behavior is actively resisted.
The trust management mechanism is a method for cooperatively protecting the trusted software base TSB and the access control mechanism collection module, and the trusted credentials are transferred to the access control mechanism collection module through the trust management mechanism to realize systematic cooperative protection.
Specifically, the trusted hardware platform module includes a trusted root and cryptographic firmware. The trusted hardware platform module constructs a trusted root by setting an active measurement control chip TPCM, realizes the fusion of calculation and trust, and is mainly realized by CPU built-in, onboard, card insertion and the like or the combination of the modes. The active measurement control chip TPCM is internally provided with a trusted cipher module TCM, adopts cipher firmware formed by a cipher system as an immunity gene, and realizes the combination of cipher and control.
The trusted root constructed by the active measurement control chip TPCM is internally provided with the trusted cryptography module TCM, so that the related requirements of the project on the trusted root can be met. The active measurement control chip TPCM adopts an external PCIE interface form, supports a C9000 PowerPC kernel and supports SM1, SM2, SM3, SM4 and other cryptographic algorithms; support trusted execution environment isolation, proactive metrics, trusted cryptography modules, trusted reporting, and the like.
The trusted software base TSB ensures the behavior credibility of the application process module through an active monitoring mechanism, ensures the safety mechanism and the resource environment credibility of the trusted computing node of the application process module, and realizes the active safety immune protection of the computing node.
The trusted software base TSB comprises a basic trust base, a trusted reference base, a supporting mechanism, an active monitoring mechanism and a cooperation mechanism, wherein the trusted reference base, the supporting mechanism, the active monitoring mechanism and the cooperation mechanism are connected.
And the trusted reference library receives the reference information issued by the trusted security management center module, stores the use reference information, ensures the storage security of the reference information and controls the reference use authority.
And the supporting mechanism can access all resources of the trusted hardware platform module.
The collaboration mechanism is used for uploading the audit to the trusted security management center module, and the trusted security management center module strategy is issued to the collaboration mechanism; the collaboration mechanism is also connected with other node trusted mechanisms through trusted collaboration, so that trusted interconnection between the local trusted mechanism and the other node trusted mechanisms is realized, and further expansion of the trust mechanism is realized.
The active monitoring mechanism is connected with the access control mechanism collection module through the trust management mechanism, receives the calling command information of the application process module through the monitoring interface, verifies the received calling command information, and transmits the verified information to the access control mechanism collection module.
Still further, the active monitoring mechanism includes a control mechanism, a decision mechanism, and a measurement mechanism.
The control mechanism receives calling command information in the application process module through the monitoring interface; the measurement mechanism determines the policy requirement according to the calling command information; the support mechanism performs measurement verification on the policy requirement of the call command information by accessing the resources of the trusted hardware platform module, and compares the verified result with a trusted reference library; finally, determining a disposal method by a judging mechanism and transmitting the disposal method to an access control mechanism collection module by a trust management mechanism; the access control mechanism collection module decides whether the application in the application process module continues to support or terminate according to the treatment method made by the decision mechanism and gives an alarm.
The trusted security management center module transmits the control strategy and the designated node to the trusted reference base TSB; the control strategy can be issued in batches. The trusted security management center module supports various types of trusted nodes, supports heterogeneous environments, provides trusted support for monitoring of the trusted computing nodes, and improves self-immunity of the computing nodes. The trusted computing node uses a physical active measurement control chip TPCM and a trusted cryptography module TCM as a trust root to implement a trusted verification process using a trusted software base TSB as a core, so as to support business application. The trusted security management center module is used for storing the acquired software package and providing push service, so that a user can conveniently and quickly download and install trusted software; the trusted management center can also check the installation information (installation package name, size, uploading time, system type, system version and architecture) of the TSB, and support manual import of the local installation package; the method can check the information of the trusted node in the network, including node name, IP, operating system type, operating system version, architecture, installation time, online/offline state, CPU, memory, disk usage, process check and the like, and support searching according to the terminal name, checking and modifying the terminal information, terminal state cancellation and maintenance and the like. The node trusted state can be evaluated, and the terminal safe and trusted state information and the like can be checked. And supporting three types of strategy learning of files, programs and networks, and uploading learning results to a security management center. The file learning can be performed by performing strategy learning on the specified catalogue, and the content of the learning comprises writing operation of a program on the catalogue. Program learning may learn the program running for a specified time, and the mode may assist in program installation. The network learning can learn the IP address and the port accessed by the IP address of the local machine in the appointed time.
Specifically, the trusted security management center module comprises a system management unit, a security management unit and an audit management unit.
The system management unit is used for managing user identities, platform identity system resources and the like.
The security management unit is used for formulating, issuing, maintaining, storing and the like of the trusted security policy, and also used for defining security level, authorization and the like.
And the audit management unit is used for formulating audit strategies and storing, backing up, inquiring and the like audit records. Specifically, the audit management unit supports the functions of strategy editing, strategy issuing, log storage, log inquiry, log export and the like of the audit log; the self-defined audit log strategy is supported, and four types of success audit, failure audit, full audit and no audit can be selected; supporting log backup configuration and log export in the format of xlsx/. Xls; the audit management unit stores and maintains a reference library of all nodes, has the functions of storing and configuring the reference, and can issue the reference value to the Trusted Software Base (TSB) in the nodes for maintenance and use.
Referring to fig. 2, trusted security policies include static metrics, dynamic metrics, trusted reports, access control, mobile device control, and the like.
Static measurement, adapting trust chain establishment, and measuring objects mainly comprise executable programs, shared libraries, library functions, configuration files and other information, and mainly measure by using the modes of hash, signature verification and the like supported by an active measurement control chip TPCM. Executable programs include installation packages (deb, rpm), binaries, dynamic libraries, static libraries, and kernel modules.
The dynamic measurement is used for actively measuring key information in the memory in real time in the running process of the system, monitoring the running state and the process state of the system, and monitoring and measuring key information such as the system process, the module, the execution code segment and the like in a periodic mode.
And the trusted report is terminal trusted state data provided for the outside by the terminal trusted node, and comprises information of terminal identity and terminal state. Corresponding data is generated through static measurement and dynamic measurement, and then the relevant data is obtained and signed through the trusted root.
And the access control is used for configuring a corresponding access control strategy for the authorized subject (process level), and determining the access rule of the subject to the object (file, directory and the like) resource according to the access control strategy.
In the trusted security management center module, the system management unit, the security management unit and the audit management unit form a management mode of 'three rights separation', and the management mode of 'three rights separation' ensures that different roles in the system perform their roles respectively and restrict each other, so that the security of the information system can be commonly ensured.
The application can also prevent malicious codes, an active measurement control chip TPCM in a trusted hardware platform module and a trusted software base TSB can intercept all executable codes on a terminal system, judge the executable codes and reject the operation of unreliable executable codes, have the malicious code prevention capability, can timely identify 'own' and 'non-established' executable codes, and effectively defend malicious code behaviors such as invasion, viruses and the like under the conditions of no patch upgrade and no virus and Trojan searching and killing.
The application also has self-protection function, the trusted software base TSB realizes self-protection function, can hide self, prevent malicious unloading, prevent communication agents from killing commands (kill ) and the like by a hook system, protect the self process of the TSB program from being maliciously damaged, and prevent illegal tampering or stopping.
The application supports the white list and the black list of the network IP address to realize the control of the host in the access trusted hardware platform module. Ports and protocols are supported to control the resources accessed.
The application is a dual system comprising an operating system (i.e. a computing part) and a trusted software base TSB (i.e. a guard part). By connecting a trusted control software in parallel with a core layer of an operating system to take over system call, the trusted verification of a corresponding execution point is implemented on the premise of not changing an application process module, and the support of a control chip TPCM is required to be actively measured in the verification process, so that an active defense effect is achieved; the network layer adopts a three-layer ternary peer-to-peer trusted connection architecture, triple control and authentication are carried out among an access requester, an access connector and a manager (namely a policy arbiter), the manager realizes unified policy verification on the access requester and the access connector, a single node of a trust is transmitted to the network, and the trusted information system is constructed, so that the whole reliability of the system is improved.
In the application, the application process module is not interfered while trusted protection is performed, so that the requirement of computing task logic integrity can be correctly met, the correct application process module does not need to be patched, and the condition of introducing new loopholes in the patching process is reduced.
The information system security protection system is divided into three layers, namely a security computing environment, a security boundary and a security communication network, security design is carried out from two aspects of technology and management, and an active immune triple protection framework under the support of a security trusted management center is established. The framework realizes the national level protection standard requirements (GB/T25070-2019) and is credible, controllable and manageable.
On the basis of partition and domain division, the system is divided into three parts of a safe computing environment, a safe area boundary and a safe communication network according to the information system business processing process, the three parts are protected based on the safe of a trusted computing node, a triple protection system structure consisting of the computing environment safety, the area boundary safety and the communication network safety supported by a safety management center is formed, and a deep defending information system is constructed.
The security management center performs unified security policy management on the security computing environment, the security area boundary and the security communication network, ensures complete and reliable system configuration, determines user operation authority and implements whole-course audit trail.
The secure computing environment of the secure management center is the core and the foundation of the security of the trusted computing platform system. The secure computing environment ensures the security of the whole process processed by the application process module. Support and assurance is provided for normal operation and protection from vandalism of the trusted computing platform system.
The application provides a trusted computing platform system based on a double-system architecture, which is a trusted computing 3.0 version, has system immunity, and aims to protect a network dynamic chain with system nodes as centers, so as to form a 'host+trusted' double-node trusted immune architecture, and a host operates while a trusted machine carries out safety monitoring, thereby realizing active immune protection of a network information system. The trusted computing platform system is changed from passive defense to active defense, solves the problem that logic defects are not utilized by attackers, and ensures that logic combinations for completing computing tasks are not tampered and destroyed so as to effectively resist attacks. The application range is wide, and the method is suitable for servers, storage systems, terminals, embedded systems and the like; the safety intensity is high, and the unknown virus Trojan attack and intelligent perception can be resisted; the data information processing under the policy support of the unified management platform is reliable and the system service resources are reliable; technical means: for the precaution position, the source of the behavior can be accurately positioned, and the network platform is automatically managed; the cost is low, and the trusted node can be realized in the multi-core processor; the method is easy to implement, and can be suitable for the construction of a new system and the transformation of an old system; the original application is not required to be modified, active real-time protection/service is carried out by formulating a strategy, and the performance influence is controlled below 3%.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the application.
Claims (9)
1. A trusted computing platform system based on a dual architecture, characterized by: the trusted computing platform system comprises a protection part and a computing part, wherein the protection part and the computing part carry out interactive communication through a secure channel constructed by a trust management mechanism;
the protection part comprises a trusted software base TSB, a trusted hardware platform module and a trusted security management center module; the trusted software base TSB comprises a basic trust base, a trusted reference base, a supporting mechanism, an active monitoring mechanism and a cooperation mechanism, wherein the trusted reference base, the supporting mechanism, the active monitoring mechanism and the cooperation mechanism are connected; the trusted hardware platform module comprises a trusted root and password firmware; the trusted security management center module comprises a system management unit, a security management unit and an audit management unit;
the computing part comprises an access control mechanism collection module, an application process module and a data resource module; the access control mechanism set module comprises a plurality of access control mechanism units; the application process module comprises a plurality of application units; the data resource module comprises a plurality of data units.
2. The dual architecture based trusted computing platform system of claim 1, wherein: the trusted hardware platform module constructs a trusted root by setting an active measurement control chip TPCM, so as to realize the combination of calculation and trusted, the active measurement control chip TPCM is internally provided with a trusted cipher module TCM, and cipher firmware formed by a cipher system is adopted as an immunity gene, so that the combination of cipher and control is realized.
3. The dual architecture based trusted computing platform system of claim 1, wherein:
the trusted reference library receives the reference information issued by the trusted security management center module and stores and uses the reference information;
the support mechanism accesses all resources of the trusted hardware platform module;
the collaboration mechanism is used for uploading the audit to the trusted security management center module and receiving the strategy issued by the trusted security management center module.
4. The dual architecture based trusted computing platform system of claim 1, wherein: the active monitoring mechanism is connected with the access control mechanism collection module through the trust management mechanism, receives the call command information of the application process module through the monitoring interface, verifies the received call command information, and transmits the verified information to the access control mechanism collection module.
5. The dual architecture based trusted computing platform system as claimed in claim 4, wherein: the active monitoring mechanism comprises a control mechanism, a judging mechanism and a measuring mechanism;
the control mechanism receives calling command information in the application process module through the monitoring interface; the measurement mechanism determines policy requirements according to the call command information; the supporting mechanism performs measurement verification on the policy requirement of the call command information by accessing the resources of the trusted hardware platform module, and compares the verified result with a trusted reference library; finally, the decision mechanism decides the disposal method and the trust management mechanism transmits the disposal method to the access control mechanism collection module.
6. The dual architecture based trusted computing platform system of claim 2, wherein:
the trusted security management center module is used for issuing the control strategy and the nodes to the trusted reference base TSB;
the system management unit is used for managing user identities, platform identity system resources and the like.
The audit management unit is used for making audit strategies and storing, backing up and inquiring audit records;
the security management unit is used for formulating, issuing, maintaining and storing the trusted security policy.
7. The dual architecture based trusted computing platform system of claim 6, wherein: the trusted security policy includes static metrics, dynamic metrics, trusted reports, and access control;
the static measurement is carried out by adopting an active measurement control chip TPCM;
the dynamic measurement is actively measured in real time, and the running state and the process state of the trusted computing platform system are monitored;
the trusted report carries out trusted root signature through data generated by static measurement and dynamic measurement; acquiring terminal identity information and terminal state information;
the access control is used for configuring a corresponding access control strategy by the application process module, and determining the access rule of the application process module to the resource of the data resource module according to the access control strategy.
8. The dual architecture based trusted computing platform system of claim 1, wherein: after the guard part monitors and receives the calling command information of the calculation part, the guard part can be started before the calculation part processor, the calculation part is initialized and configured, the resource of the trusted hardware platform module is accessed, static measurement and dynamic measurement are carried out on the calling command information, trusted verification is achieved, and whether the execution or the interruption is continued is determined through the verified calculation part.
9. The dual architecture based trusted computing platform system of claim 1, wherein: the guard portion has access to all resources of the computing portion that cannot access the guard portion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310580632.9A CN116796332A (en) | 2023-05-19 | 2023-05-19 | Trusted computing platform system based on double-system architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310580632.9A CN116796332A (en) | 2023-05-19 | 2023-05-19 | Trusted computing platform system based on double-system architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116796332A true CN116796332A (en) | 2023-09-22 |
Family
ID=88033740
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310580632.9A Pending CN116796332A (en) | 2023-05-19 | 2023-05-19 | Trusted computing platform system based on double-system architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116796332A (en) |
-
2023
- 2023-05-19 CN CN202310580632.9A patent/CN116796332A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Panchal et al. | Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures | |
| El Kafhali et al. | Security threats, defense mechanisms, challenges, and future directions in cloud computing | |
| US8909930B2 (en) | External reference monitor | |
| CN110233817B (en) | Container safety system based on cloud computing | |
| Abou el Kalam | Securing SCADA and critical industrial systems: From needs to security mechanisms | |
| US9485271B1 (en) | Systems and methods for anomaly-based detection of compromised IT administration accounts | |
| KR101373542B1 (en) | System for Privacy Protection which uses Logical Network Division Method based on Virtualization | |
| Kumar et al. | Exploring security issues and solutions in cloud computing services–a survey | |
| Gupta et al. | Taxonomy of cloud security | |
| CN113726726B (en) | Electric power Internet of things credible immune system based on edge calculation and measurement method | |
| US8782809B2 (en) | Limiting information leakage and piracy due to virtual machine cloning | |
| CN112948086B (en) | Trusted PLC control system | |
| Banerjee et al. | Blockchain-based security layer for identification and isolation of malicious things in IoT: A conceptual design | |
| Huddleston et al. | How vmware exploits contributed to solarwinds supply-chain attack | |
| CN113039542A (en) | Secure counting in cloud computing networks | |
| US20220391506A1 (en) | Automated Interpreted Application Control For Workloads | |
| Alrasheed et al. | Cloud computing security and challenges: issues, threats, and solutions | |
| Sasi et al. | A comprehensive survey on IoT attacks: Taxonomy, detection mechanisms and challenges | |
| CN117494144A (en) | Cloud platform-based safety environment protection method | |
| Lee et al. | Assessment of the distributed ledger technology for energy sector industrial and operational applications using the mitre att&ck® ics matrix | |
| Faizi et al. | Secured Cloud for Enterprise Computing. | |
| Varadharajan et al. | Techniques for Enhancing Security in Industrial Control Systems | |
| Gu et al. | IoT security and new trends of solutions | |
| CN116796332A (en) | Trusted computing platform system based on double-system architecture | |
| Akello et al. | A literature survey of security issues in Cloud, Fog, and Edge IT infrastructure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |