服务器操作系统可信加固技术研究

Research on Trusted Reinforcement Technology of Server Operating System

基于硬件的可信技术是一种能够对操作系统与上层应用环境进行可信度量、可信报告的安全加固技术,但是硬件的能力受制于成本、制造工艺等局限,其加固的能力是有限的。针对基于硬件的可信加固能力不足,立足国家电网公司的现实需求,提出一种面向服务器可信启动技术和面向服务器动态度量技术相结合的加固方法,设计了可部署在重要业务系统服务器中的可信度量方案,扩展了硬件保护能力,实现了对服务器操作系统的可信加固。

Hardware-based trusted technology is a security reinforcement technology that can be used to measure the reliability of the operating system and the upper application environment. How.ever, the capability of hardware is limited by cost, manufacturing process and other limitations, so its capability to strengthen is limited. Aiming at the lack of hardware-based trusted capability, a re.inforcement method is proposed in this paper based on server trusted start-up technology and serv.er-oriented dynamic measurement technology, which can be deployed in the important business sys.tem server and extend the hardware protection capabilities, to achieve a security reinforcement of the server operating system.