摘要
GP TEE PP在CC3.1框架下给出了TEE的安全功能组件集合。将GP TEE PP与国家标准GB/T30284-2013进行对比分析,对七大类的安全要求进行了对比,并结合移动金融等应用场景对GP TEEPP的安全要求进行了分析,提出GP TEEPP不是完善的移动金融安全解决方案,需要与TUI、SE等配合使用;与国家标准相比,GP TEE PP存在降低安全要求的情况。在对TEE进行标准化的过程中,应当参照国家标准进行有针对性的强化。
TEE (Trusted Execution Environment) is an available secure architecture for mobile terminals.The security requirements are descripted in GP TEE PP according to CC 3.1.In this paper,those security requirements in GP TEE PP are compared with the national standard GB/T 30284-2013,which is also under the frame of CC 3.1.After seven classes are compared and Analyzed,a conclusion is drawn that TEE is not the “perfect solution” of mobile terminal security,especially to mobile financial applications.Furthermore,some requirements in GP TEE PP are loosen than GB/T 30284-2013.If TEE would be accepted to become an industrial or national standard,the weakness of GP TEE PP should be fixed.
作者
朱鹏飞
张利琴
李伟
于华章
Zhu Pengfei;Zhang Liqin;Li Wei;Yu Huazhang(Beijing Engineering Laboratory of Smart Network Authentication, Beijing 100085;Feitian Technologies Co., Ltd., Beijing 100085)
出处
《网络空间安全》
2018年第9期24-28,共5页
Cyberspace Security
关键词
TEE
安全要求
国家标准
TEE
security requirement
national standard
