摘要
引导过程的安全是计算机系统安全的基点,安全的引导系统需要保证系统加电后引导执行链条中的实体未受篡改.当前,基于可信平台模块(TPM)开展的可信引导工作,仅能可信地记录并报告系统引导的证据链,无法进行验证以及进一步的处理.提出一种可配置的可信引导系统,可以配置认证引导和安全引导,支持细粒度的文件验证,以及操作系统内核的可信恢复.给出了系统的设计思想,并介绍了其原型工作,实验表明该系统能够有效实现其设计目标.
Security of the booting process in a computing system is a starting point of the security of the overall system. Secure booting system will guarantee that entities in the booting chain have not been tampered. On the other hand, trusted booting system based on TPM can only record evident chain during system booting without further processing. This paper presents a configurable trusted booting system which can be configured to boot the system in secure mode or trusted mode and can further support fine-grained file verification and kernel recovery. Prototype shows that the system can reach its design goals.
出处
《中国科学院研究生院学报》
CAS
CSCD
2008年第5期626-630,共5页
Journal of the Graduate School of the Chinese Academy of Sciences
基金
国家863基金(2007AA0Z412)
国家自然科学基金(60603017)资助
关键词
可信平台模块
可信引导
可信计算
trusted platform module, trusted boot, trusted computing