《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 其他 > 設(shè)計應(yīng)用 > 可信技術(shù)在國產(chǎn)化嵌入式平臺的應(yīng)用研究
可信技術(shù)在國產(chǎn)化嵌入式平臺的應(yīng)用研究
2021年電子技術(shù)應(yīng)用第12期
孟祥斌,劉笑凱,郝克林
華北計算機系統(tǒng)工程研究所,北京100083
摘要: 國產(chǎn)化嵌入式平臺的安全威脅依舊嚴峻,為了提高國產(chǎn)化平臺的安全性與可控性,可信技術(shù)的應(yīng)用十分關(guān)鍵。在基于龍芯2K-1000CPU的國產(chǎn)化嵌入式平臺上,采用可信平臺控制模塊(Trusted Platform Control Module,TPCM),應(yīng)用可信啟動、可信軟件基、可信文件存儲和I/O口的可信訪問等技術(shù),實現(xiàn)了國產(chǎn)化嵌入式平臺的可信運行。TPCM可信模塊基于CCP903T密碼芯片實現(xiàn)。此平臺已在某安全項目中通過測試投入使用,對可信技術(shù)在國產(chǎn)化平臺的應(yīng)用以及標準化形成留下參考性意義。
中圖分類號: TN918;TP309
文獻標識碼: A
DOI:10.16157/j.issn.0258-7998.211350
中文引用格式: 孟祥斌,劉笑凱,郝克林. 可信技術(shù)在國產(chǎn)化嵌入式平臺的應(yīng)用研究[J].電子技術(shù)應(yīng)用,2021,47(12):94-99.
英文引用格式: Meng Xiangbin,Liu Xiaokai,Hao Kelin. Research on application of trusted technology in localized embedded platform[J]. Application of Electronic Technique,2021,47(12):94-99.
Research on application of trusted technology in localized embedded platform
Meng Xiangbin,Liu Xiaokai,Hao Kelin
National Computer System Engineering Research Institute of China,Beijing 100083,China
Abstract: The security threats of localized embedded platforms are still severe. In order to improve the security and controllability of localized platforms, the application of trusted technology is critical. This article uses a trusted platform control module(TPCM) on a localized embedded platform based on the Godson 2K-1000CPU, using trusted boot, trusted software base, trusted file storage and I/O ports. Technology such as trusted access realizes the trusted operation of the localized embedded platform. The TPCM trusted module is implemented based on the CCP903T cryptographic chip. This platform has been tested and put into use in a security project, leaving a reference for the application of trusted technology in the localization platform and the formation of standardization.
Key words : trusted boot;trusted platform control module(TPCM);localization platform;I/O port trusted access

0 引言

    近些年計算機技術(shù)飛速發(fā)展,同時信息安全威脅事件大量爆發(fā),信息安全問題被國內(nèi)外各研究人員廣泛關(guān)注。傳統(tǒng)的信息安全防御技術(shù)有防火墻、堵漏洞以及入侵檢測等方式,很難有較大突破。沈昌祥院士提出:網(wǎng)絡(luò)安全最重要的是“安全可信”[1]。我國在“自主研發(fā)”方面實現(xiàn)了信息系統(tǒng)從硬件到軟件的自主研發(fā)、生產(chǎn)、升級、維護的全程可控,但是由于計算機體系結(jié)構(gòu)固有的缺點以及軟件可能存在的缺陷,在自主研發(fā)的平臺下,仍然存在各種不可避免的未知的軟硬件漏洞。因此,本文將運用可信技術(shù),遵照可信計算規(guī)范,自主設(shè)計可信硬件模塊,擴展可信BIOS和操作系統(tǒng)。以可信密碼模塊為信任根,構(gòu)建貫穿硬件層、固件層、操作系統(tǒng)層和應(yīng)用層全過程的信任鏈解決方案,能夠為國產(chǎn)化嵌入式計算平臺提供有效完整的全信任鏈保護,實現(xiàn)了信息系統(tǒng)基礎(chǔ)平臺裝備的“安全可信”。




本文詳細內(nèi)容請下載:http://www.ihrv.cn/resource/share/2000003879




作者信息:

孟祥斌,劉笑凱,郝克林

(華北計算機系統(tǒng)工程研究所,北京100083)




wd.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。