[1]易平,庄毅.基于龙芯处理器的嵌入式可信解决方案[J].计算机技术与发展,2018,28(05):112-116.[doi:10.3969/ j. issn.1673-629X.2018.05.026]
 YI Ping,ZHUANG Yi.Design and Implementation of Embedded Trusted Platform Based on LOONGSON Processor[J].,2018,28(05):112-116.[doi:10.3969/ j. issn.1673-629X.2018.05.026]
点击复制

基于龙芯处理器的嵌入式可信解决方案()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
28
期数:
2018年05期
页码:
112-116
栏目:
安全与防范
出版日期:
2018-05-10

文章信息/Info

Title:
Design and Implementation of Embedded Trusted Platform Based on LOONGSON Processor
文章编号:
1673-629X(2018)05-0112-05
作者:
易平庄毅
南京航空航天大学 计算机科学与技术学院,江苏 南京 211106
Author(s):
YI PingZHUANG Yi
School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics.Nanjing 211106,China
关键词:
 可信计算龙芯处理器虚拟技术SHA-1安全性
Keywords:
trusted computingLOONGSONvirtual technologySHA-1security
分类号:
TP309.1
DOI:
10.3969/ j. issn.1673-629X.2018.05.026
文献标志码:
A
摘要:
针对嵌入式系统的安全问题,在充分考虑嵌入式系统的设计约束条件的基础上,借鉴可信计算的思想,提出一种基于虚拟技术的嵌入式可信平台构建方案。 该平台基于分层内核架构,采用龙芯国产化处理平台,由增加 SHA-1 引擎的可信引导程序及可信内核模块构建核心度量根,其中可信内核是一个内嵌 vTPM(virtualized trusted platform module)的精简操作系统,并依据该信任根设计了信任链传递模型。 为缩短信任链的长度,采用联合度量方式对引导加载程序及可信内核进行完整性校验,用户内核是经过设计裁剪的嵌入式操作系统,运行在虚拟机上,实现了基于国产处理器的嵌入式平台可信计算环境的建立。 实验结果表明,该方案在启动过程中完成从信任根到操作系统的完整性校验,且在不添加额外硬件的基础上,使系统的安全性得到了很大提高。
Abstract:
Aiming at the security of embedded platform,based on the idea of trusted computing,fully considering the design constraints of embedded platform,we propose a method of constructing embedded trusted platform on account of virtual technology. It employs the domestic processor of LOONGSON based on the layered kernel architecture and establishes the core measure root by trusted bootloader that increases the SHA-1 engine and trusted kernel modules. Trusted kernel contains virtual trusted platform module (vTPM) which can pro-
vide cryptographic functions. In order to shorten the length of the trusted chain,boot loader and trusted kernel together can be measured as a whole to guarantee the integrity. The embedded operating system is designed and tailored to be user kernel,running on the virtual machine,and the establishment of embedded platform trusted computing environment based on domestic processor is realized. The experiments show that this method has built a trusted computing environment for embedded applications without additional hardware and improves the security of systems largely.

相似文献/References:

[1]李超 王红胜 陈军广 孙蕊.加强计算机终端信息安全的两种解决方案[J].计算机技术与发展,2009,(01):165.
 LI Chao,WANG Hong-sheng,CHEN Jun-guang,et al.Two Solutions to Strengthen Computer's Terminal Information Security[J].,2009,(05):165.
[2]陈建勋 侯方勇 李磊.可信计算研究[J].计算机技术与发展,2010,(09):1.
 CHEN Jian-xun,HOU Fang-yong,LI Lei.A Review of Trusted Computing[J].,2010,(05):1.
[3]张珂.新型可信计算平台体系结构研究[J].计算机技术与发展,2011,(07):153.
 ZHANG Ke.New Trusted Computing Platform Architecture[J].,2011,(05):153.
[4]禹蒲阳 康国胜.可信计算的研究与发展[J].计算机技术与发展,2011,(08):233.
 YU Pu-yang,KANG Guo-sheng.Research and Development of Trusted Computing[J].,2011,(05):233.
[5]费稼轩 张涛 林为民 陈亚东 曾荣.基于动态可信度量的敏感信息安全控制模型[J].计算机技术与发展,2012,(05):237.
 FEI Jia-xuan,ZHANG Tao,LIN Wei-min,et al.Secure Control Model of Sensitive Information Based on Dynamic Trust Measurement[J].,2012,(05):237.
[6]陈亚东,张涛,曾荣,等.输电线路在线监测可信接入系统设计[J].计算机技术与发展,2013,(05):113.
 CHEN Ya-dong,ZHANG Tao,ZENG Rong,et al.Design of Trusted Access System for Transmission Line Monitoring[J].,2013,(05):113.
[7]张丽娟,吴振强.一种可控可信匿名的物联网查询机制[J].计算机技术与发展,2013,(06):122.
 ZHANG Li-juan,WU Zhen-qiang.A Controllable Trusted and Anonymous Query Mechanism of Internet of Things[J].,2013,(05):122.
[8]张弢,任帅,张德刚[].基于可信计算的Ad Hoc网络直接匿名证明[J].计算机技术与发展,2014,24(04):147.
 ZHANG Tao[],REN Shuai[],ZHANG De-gang[].Direct Anonymous Attestation to Ad Hoc Networks Based on Trusted Computing[J].,2014,24(05):147.
[9]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(05):1.
[10]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(05):5.
[11]周毅[],贾佳[],廖军[],等. 基于进化理论的可信计算环境实现[J].计算机技术与发展,2014,24(07):99.
 ZHOU Yi[],JIA Jia[],LIAO Jun[],et al. Implementation of Trusted Computing Environment Based on Evolutionary Theory[J].,2014,24(05):99.
[12]赵斌[],杨明华[],柳伟[],等. 基于龙芯处理器的自主可信计算机研究[J].计算机技术与发展,2015,25(03):126.
 ZHAO Bin[],YANG Ming-hua[],LIU Wei[],et al. Research on Security & Trust Computer Based on Loongson CPU[J].,2015,25(05):126.

更新日期/Last Update: 2018-07-04