摘要
通过对可信执行技术和虚拟化技术的研究,提出了一种增强存储保护的可信计算架构。通过对平台地址空间的划分,加入了支持动态度量启动的专用配置空间,保证了平台配置的正确性和加载过程的安全性;通过动态地度量加载可信虚拟机管理器,保证虚拟执行环境的安全性;利用虚拟化技术实现内存多域的安全隔离,分割域独立运行,从而保证了软件的安全运行环境;加入了直接存取访问(direct memory access,DMA)保护硬件,从而从硬件上实现了DMA访问的合法性认证。
A kind of trusted computing architecture of enhanced memory protection through the research on the trusted execution technology and virtual technology is put forward. The correct configuration and safety loading process of the platform is ensured by dividing the address space and joining the special configuration space which support the dynamic measurement launch the se- curity of the virtual execution environment is ensured by dynamically loading and measuring the trusted virtual machine manager; virtualization technology is used to achieve the safe isolation of memory multiple domains, every domain operates independently, thus the safety of the software operating environment is ensured~ DMA protection hardware is joined, thus the validity authenti- cation of DMA access from hardware implementation is achieved.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第9期3107-3113,共7页
Computer Engineering and Design
关键词
可信计算
存储保护
动态度量
虚拟化
直接存取访问保护
trust computing memory protectionl dynamic measurement ~ virtualization~ DMA protect
