摘要
传统TCG可信计算技术旨在提高计算平台自身安全免疫能力,其平台主模块TPM作为外部设备挂载于通用计算平台外部总线。该技术对计算平台上可以使用的应用软件、静态文件等采用被动防御方式,仅能监管符合TCG可信服务接口规范的程序,尤其对APT攻击及0day攻击的防御能力较弱,影响了平台的可扩展性和整体安全性。为此,文章提出一种抗APT攻击的可信软件基,利用可信软件基对安全芯片TCM的信任链扩展能力,主动植入操作系统内核,实时校验可执行程序的运行和对静态文件的操作,实现操作系统、业务软件的安全可信运行。实验结果表明,抗APT攻击的可信软件基可以动态、主动度量业务处理系统,适用于构建自主可控的Linux可信计算平台。
Traditional TCG trusted computing technology aims to improve the computingplatform's own safety and immunity.The main module of TCG is mounted on the external bus ofgeneral-purpose computing platform,using passive defense on application software,static filesand others,programs that only comply with the TCG trusted service interface specification can bemonitored,which makes it lack of supervision,especially weak on defensing APT and0day attack,weakened the overall security of the platform.In this paper,we put forward an Anti APT Attack TrustedSoftware Base using white list of strong access control technology.With the trust chain expansioncapability,TSB can extend trust chain from TCM chip to make sure the operation of operating systemand business software safe and reliable.Experimental results shows that the Anti APT Attack TrustedSoftware Base can dynamically and actively measure the business processing system,and it is suitablefor constructing autonomous controllable Linux trusted computing platform.
作者
张家伟
张冬梅
黄琪
ZHANG Jiawei;ZHANG Dongmei;HUANG Siqi(School of Cyber Space Security, Beijing University of Posts and Telecommunications, Beijing 100876, China)
出处
《信息网络安全》
CSCD
2017年第6期49-55,共7页
Netinfo Security
基金
国家自然科学基金[61602052]
