摘要
提出了面向安全SOC的可信体系结构,以解决其面临的诸多安全问题,可信体系结构的核心是安全域划分和安全审核硬件单元.安全域包括可信基、安全OS、可信应用以及非可信应用,各不同安全域具有静态和动态隔离性;安全SOC中的安全规则最终由安全审核单元在硬件层面来保障.在可信体系结构基础上,讨论了怎样进行安全扩展以获得更全面的安全性,即抗旁路攻击、物理攻击、防止芯片被复制伪造以及因被盗而造成安全危害.
The trusted computing architecture for secure system on chip (SOC) is presented to solve some complicated issues of information security. The keys of trusted computing architecture are security zones and security auditing module. The security zones include trusted base, secure operating system, trusted application and un-trusted application. The different security zones are statically and dynamically isolated. The predefined security rules are assured by security auditing module. Based on the architecture, the extension of the architecture is presented to resist side channel attacks and physical attacks and to avoid the risk of being fabricated and purloined.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2008年第11期44-47,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(60706026)
关键词
信息安全
可信计算
体系结构
单片系统
安全域
安全审核
information security
trusted computing
system on chip (SOC)
architecture
security zone
security auditing
