[go: up one dir, main page]

CN105468978B - A kind of creditable calculation password platform suitable for electric system universal computing platform - Google Patents

A kind of creditable calculation password platform suitable for electric system universal computing platform Download PDF

Info

Publication number
CN105468978B
CN105468978B CN201510782795.0A CN201510782795A CN105468978B CN 105468978 B CN105468978 B CN 105468978B CN 201510782795 A CN201510782795 A CN 201510782795A CN 105468978 B CN105468978 B CN 105468978B
Authority
CN
China
Prior art keywords
trusted
module
platform
software
measurement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510782795.0A
Other languages
Chinese (zh)
Other versions
CN105468978A (en
Inventor
李钊
高翔
苏大威
霍雪松
李云鹏
郭子明
张昊
徐晓轶
王东升
张�浩
曹良晶
王志皓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Tianjin Electric Power Co Ltd
State Grid Jiangsu Electric Power Co Ltd
Global Energy Interconnection Research Institute Co Ltd
State Grid Jibei Electric Power Co Ltd
Nantong Power Supply Co of Jiangsu Electric Power Co Ltd
State Grid Corp of China SGCC
Original Assignee
State Grid Tianjin Electric Power Co Ltd
State Grid Jiangsu Electric Power Co Ltd
Global Energy Interconnection Research Institute Co Ltd
State Grid Jibei Electric Power Co Ltd
Nantong Power Supply Co of Jiangsu Electric Power Co Ltd
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Tianjin Electric Power Co Ltd, State Grid Jiangsu Electric Power Co Ltd, Global Energy Interconnection Research Institute Co Ltd, State Grid Jibei Electric Power Co Ltd, Nantong Power Supply Co of Jiangsu Electric Power Co Ltd, State Grid Corp of China SGCC filed Critical State Grid Tianjin Electric Power Co Ltd
Priority to CN201510782795.0A priority Critical patent/CN105468978B/en
Publication of CN105468978A publication Critical patent/CN105468978A/en
Application granted granted Critical
Publication of CN105468978B publication Critical patent/CN105468978B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供了一种适用于电力系统通用计算平台的可信计算密码平台,所述密码平台包括:可信计算密码模块和可信软件系统;所述可信计算密码模块包括可信度量根、可信存储根、可信报告根,是平台信任链传递的起点;所述可信软件系统包括:可信计算密码驱动模块、度量模块和审计模块,为操作系统和应用软件提供使用可信计算密码平台的接口。可信计算密码模块为信任根,为可信计算密码平台的运行提供可信环境,可信软件系统是可信计算密码平台功能及服务实现的核心,为可信计算密码平台的管理提供保障。本发明可为业务系统提供静态度量、动态度量、白名单和访问控制等功能,通过对系统软件的来源及运行进行管理,保证软件的可信、可识别和可控。

The present invention provides a trusted computing cryptographic platform suitable for a general computing platform in an electric power system. The cryptographic platform includes: a trusted computing cryptographic module and a trusted software system; the trusted computing cryptographic module includes a trusted measurement root, The trusted storage root and the trusted reporting root are the starting points of the platform trust chain transfer; the trusted software system includes: a trusted computing password driver module, a measurement module and an audit module, providing operating systems and application software with trusted computing An interface to the cryptographic platform. The trusted computing cryptographic module is the root of trust, which provides a trusted environment for the operation of the trusted computing cryptographic platform. The trusted software system is the core of the trusted computing cryptographic platform's functions and services, and provides protection for the management of the trusted computing cryptographic platform. The invention can provide functions such as static measurement, dynamic measurement, white list and access control for the business system, and ensures the credibility, identification and controllability of the software by managing the source and operation of the system software.

Description

一种适用于电力系统通用计算平台的可信计算密码平台A Trusted Computing Cryptographic Platform Applicable to the General Computing Platform of Electric Power System

技术领域technical field

本发明涉及可信计算技术领域,具体涉及一种适用于电力系统通用计算平台的可信计算密码平台。The invention relates to the technical field of trusted computing, in particular to a trusted computing cryptographic platform suitable for a general computing platform of an electric power system.

背景技术Background technique

信息系统不安全的根源是由于PC结构的简化,对系统中的进程、程序没有校验,导致可执行程序、进程在非授权情况下任意执行,实施恶意行为,而传统的防火墙、防病毒、IDS,都是以外围封堵、事后升级病毒代码库为主,不能主动防御、积极防御。The root cause of the insecurity of the information system is due to the simplification of the PC structure and the lack of verification of the processes and programs in the system, resulting in the arbitrary execution of executable programs and processes without authorization and the implementation of malicious behaviors, while traditional firewalls, anti-viruses, IDS are all based on peripheral blocking and post-event upgrade of the virus code base, and cannot actively defend and actively defend.

可信计算通过在硬件上引入可信芯片,从结构上解决了个人计算机体系结构简化带来的脆弱性问题,基于硬件芯片,从平台加电开始,到应用程序的执行,构建完整的信任链,一级认证一级,一级信任一级,未获认证的程序不能执行,从而使信息系统实现自身免疫,构建高安全等级的信息系统。Trusted computing structurally solves the vulnerability problem brought about by the simplification of the personal computer architecture by introducing a trusted chip on the hardware. Based on the hardware chip, a complete chain of trust is built from the power-on of the platform to the execution of the application program. , first-level authentication, first-level trust, and first-level trust. Uncertified programs cannot be executed, so that the information system can achieve self-immunity and build an information system with a high security level.

发明内容Contents of the invention

为克服上述现有技术的不足,本发明提供一种适用于电力系统通用计算平台的可信计算密码平台。为业务系统提供基于白名单的业务系统恶意代码免疫机制,提供操作系统可信引导机制,同时自身具备安全策略的保护和管理机制。通过对系统软件的来源及运行进行管理,保证软件的可信、可识别和可控,按照预设的配置策略对程序的关键模块和进程的资源访问进行控制,实现对已知/未知恶意代码的主动防御,降低可执行程序被破坏被篡改的风险,保障可执行程序安全稳定运行。In order to overcome the deficiencies of the above-mentioned prior art, the present invention provides a trusted computing and encryption platform suitable for the general computing platform of the electric power system. Provide business systems with a whitelist-based immune mechanism for malicious code in business systems, provide a trusted boot mechanism for operating systems, and have their own protection and management mechanisms for security policies. By managing the source and operation of the system software, the software is guaranteed to be credible, identifiable and controllable, and the resource access of the key modules and processes of the program is controlled according to the preset configuration strategy, so as to realize the detection of known/unknown malicious codes Active defense reduces the risk of executable programs being damaged or tampered with, and ensures the safe and stable operation of executable programs.

实现上述目的所采用的解决方案为:The solution adopted to achieve the above purpose is:

一种适用于电力系统通用计算平台的可信计算密码平台,所述密码平台包括:可信计算密码模块和可信软件系统;A trusted computing cryptographic platform applicable to a general computing platform of an electric power system, the cryptographic platform comprising: a trusted computing cryptographic module and a trusted software system;

所述可信计算密码模块包括可信度量根、可信存储根、可信报告根,是平台信任链传递的起点;The trusted computing cryptographic module includes a trusted measurement root, a trusted storage root, and a trusted reporting root, which are the starting point of the platform trust chain transmission;

所述可信软件系统包括:可信计算密码驱动模块、度量模块和审计模块,为操作系统和应用软件提供使用可信计算密码平台的接口。The trusted software system includes: a trusted computing cryptographic driver module, a measurement module and an audit module, which provide an interface for using a trusted computing cryptographic platform for the operating system and application software.

优选的,所述可信计算密码模块包括硬件板卡形态和软件形态;Preferably, the trusted computing cryptographic module includes a hardware board form and a software form;

所述硬件板卡形态包括:执行引擎、非易失性存储单元、易失性存储单元、随机数发生器、密码算法引擎、密钥生成器和定时器,为可信软件系统提供硬件的密码算法和策略存储、保护与更新机制;The form of the hardware board includes: an execution engine, a non-volatile storage unit, a volatile storage unit, a random number generator, a cryptographic algorithm engine, a key generator and a timer, providing hardware passwords for trusted software systems Algorithm and policy storage, protection and update mechanism;

所述软件形态为可信软件系统提供软件形态的密码算法和策略存储、保护与更新机制。The software form provides a password algorithm and policy storage, protection and update mechanism of the software form for the trusted software system.

优选的,所述可信计算密码驱动模块为所述可信计算密码模块提供驱动;Preferably, the trusted computing cryptographic driver module provides a driver for the trusted computing cryptographic module;

所述度量模块用于对所述可信计算密码平台后续软件的完整性度量;The measurement module is used to measure the integrity of subsequent software of the trusted computing cryptographic platform;

所述后续软件包括:核心动态加载模块、动态库、不可控操作系统核心,以及不可控操作系统上的应用程序;The follow-up software includes: a core dynamic loading module, a dynamic library, an uncontrollable operating system core, and an application program on the uncontrollable operating system;

所述审计模块用于截获上层应用或者不可控操作系统的特定行为,进行行为审计和分析,并触发预定的响应动作。The auditing module is used to intercept specific behaviors of upper-layer applications or uncontrollable operating systems, perform behavioral auditing and analysis, and trigger predetermined response actions.

进一步的,所述完整性度量包括静态度量和动态度量;Further, the integrity metrics include static metrics and dynamic metrics;

所述静态度量的内容包括系统中的可执行程序、动态库和内核模块,静态度量对该三类文件进行文件内容的哈希计算,并将计算结果与预期结果进行比较,以此来判断度量对象的完整性是否遭受破坏;The content of the static measurement includes executable programs, dynamic libraries and kernel modules in the system. The static measurement performs hash calculation of the file content on the three types of files, and compares the calculation result with the expected result to judge the measurement whether the integrity of the object has been compromised;

所述动态度量为在度量对象启动前完成对度量对象预期值的收集,并依据收集的预期值,在系统运行中对度量对象进行验证。The dynamic measurement is to complete the collection of the expected value of the measurement object before the start of the measurement object, and verify the measurement object during system operation according to the collected expected value.

优选的,所述可信计算密码平台提供白名单机制和基于安全标签的强制访问控制;Preferably, the trusted computing cryptographic platform provides a whitelist mechanism and mandatory access control based on security labels;

所述白名单机制为在软件安装过程中通过扫描接口扫描生成白名单库,程序运行时依据所述白名单库判断是否允许程序运行;The white list mechanism is to generate a white list library by scanning the scanning interface during the software installation process, and judge whether to allow the program to run according to the white list library when the program is running;

所述基于安全标签的强制访问控制包括:The security label-based mandatory access control includes:

(1)人机发起服务访问请求;(1) HMI initiates a service access request;

(2)部署在SCADA服务器上的可信软件系统截获此请求;(2) The trusted software system deployed on the SCADA server intercepts the request;

(3)从请求的第一个数据包中提取主体安全标签;(3) Extract the subject security label from the first data packet of the request;

(4)根据服务的端口号在端口和服务对应列表中寻找对应的服务名称;(4) Search for the corresponding service name in the port and service correspondence list according to the port number of the service;

(5)根据服务名称在客体标签列表找到相应的客体标签;(5) Find the corresponding object tag in the object tag list according to the service name;

(6)将主体安全标签与客体标签中的权限值进行异或运算;(6) Exclusive OR operation is performed on the subject security label and the authority value in the object label;

(7)如果权限判定通过,放行数据包;(7) If the authority judgment is passed, release the data packet;

(8)此请求的后续数据将直接放行,不在进行权限判定。(8) Subsequent data of this request will be released directly, and authority judgment will not be performed.

与现有技术相比,本发明具有以下有益效果:Compared with the prior art, the present invention has the following beneficial effects:

(1)通过对系统软件的来源及运行进行管理,保证软件的可信、可识别和可控。(1) Ensure the credibility, identification and controllability of the software by managing the source and operation of the system software.

(2)能够按照预设的配置策略对程序的关键模块和进程的资源访问进行控制。(2) It can control the resource access of key modules and processes of the program according to the preset configuration strategy.

(3)实现对已知/未知恶意代码的主动防御,降低可执行程序被破坏被篡改的风险,保障可执行程序安全稳定运行。(3) Realize active defense against known/unknown malicious codes, reduce the risk of executable programs being damaged or tampered with, and ensure the safe and stable operation of executable programs.

附图说明Description of drawings

附图1:本发明的可信计算密码平台体系结构图;Accompanying drawing 1: The architecture diagram of trusted computing cryptographic platform of the present invention;

附图2:本发明的可信计算密码模块组成;Accompanying drawing 2: Composition of trusted computing cryptographic module of the present invention;

附图3:本发明的静态度量体系结构图;Accompanying drawing 3: static measurement system structural diagram of the present invention;

附图4:本发明的动态度量总体实现框架;Accompanying drawing 4: the overall realization frame of dynamic measurement of the present invention;

附图5:本发明的内核关键数据度量框图;Accompanying drawing 5: kernel key data measurement block diagram of the present invention;

附图6:本发明的进程运行状态度量框图;Accompanying drawing 6: the block diagram of process running state measurement of the present invention;

附图7:本发明的进程系统调用行为的度量框图;Accompanying drawing 7: the measurement block diagram of the process system call behavior of the present invention;

附图8:本发明的白名单-软件安装控制机制;Accompanying drawing 8: white list of the present invention-software installation control mechanism;

附图9:本发明的可信计算密码平台和进程强制访问关系图;Accompanying drawing 9: Trusted computing cryptographic platform and process mandatory access relationship diagram of the present invention;

附图10:本发明的基于安全标签的强制访问控制。Accompanying drawing 10: Mandatory access control based on security label of the present invention.

具体实施方式Detailed ways

下面结合附图对本发明的具体实施方式做进一步的详细说明。The specific embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings.

当系统启动时,可信芯片首先对BIOS的完整性进行度量,把度量结果与系统初始运行时采集的、保存在可信芯片中的预期值行比较。若结果一致,则表明BIOS没有被篡改,是可信的,BIOS中的度量代码将对OS Loader(包括主引导扇区MBR、操作系统引导扇区等)进行度量,当判定OS Loader是可信的情况下,执行操作系统的加载程序。OS Loader在加载操作系统前,首先对操作系统和可信计算密码平台进行度量,当判定其可信后,加载并执行操作系统和可信计算密码平台。操作系统启动后,可信计算密码平台获得控制权,对应用程序启动和相关配置文件的完整性进行度量,若应用和重要配置文件是可信的,操作系统加载并执行该应用程序。通过上述操作,可信计算平台为系统启动建立了由BIOS、OS Loader、操作系统、可信计算密码平台和应用组成的完整的信任链,从根本上消除了系统被植入病毒、木马进行破坏的可能性。When the system starts, the trusted chip first measures the integrity of the BIOS, and compares the measurement result with the expected value collected during the initial operation of the system and stored in the trusted chip. If the results are consistent, it means that the BIOS has not been tampered with and is credible. The measurement code in the BIOS will measure the OS Loader (including the master boot sector MBR, the operating system boot sector, etc.), when it is determined that the OS Loader is credible In the case of the operating system, the loader of the operating system is executed. Before loading the operating system, OS Loader first measures the operating system and trusted computing cryptographic platform, and when it is judged to be credible, loads and executes the operating system and trusted computing cryptographic platform. After the operating system is started, the Trusted Computing Cryptographic Platform gains control and measures the integrity of the application startup and related configuration files. If the application and important configuration files are trusted, the operating system loads and executes the application. Through the above operations, the trusted computing platform establishes a complete trust chain consisting of BIOS, OS Loader, operating system, trusted computing cryptographic platform and applications for system startup, fundamentally eliminating the system from being damaged by implanting viruses and Trojan horses possibility.

在系统运行过程中,对系统和进程是否处于可信的状态进行实时检测,对进程的系统调用行为,以及对运行状态中的内核关键数据(例如系统调用表、中断描述符表、关键操作集指针等)、内核代码段、进程代码段、进程共享库列表等进行度量,检测系统和进程空间的完整性是否被篡改。若完整性被破坏,进程的系统调用行为将被阻止,从而以主动防御的方式有效防范了利用系统漏洞将恶意代码注入系统和进程空间对系统进行渗透性攻击的安全风险。During system operation, real-time detection of whether the system and process are in a credible state, system call behavior of the process, and kernel key data in the running state (such as system call table, interrupt descriptor table, key operation set Pointers, etc.), kernel code segment, process code segment, process shared library list, etc. are measured to detect whether the integrity of the system and process space has been tampered with. If the integrity is damaged, the system call behavior of the process will be blocked, thus effectively preventing the security risk of using system vulnerabilities to inject malicious code into the system and process space to conduct penetrating attacks on the system in a proactive defense manner.

●可信计算密码平台组成及工作原理:●Composition and working principle of trusted computing cryptographic platform:

可信计算密码平台以密码技术为构建基础,由可信计算密码模块和可信软件系统组成,体系结构如图1所示。其中可信计算密码模块为信任根,为可信计算密码平台的运行提供可信环境,可信软件系统是可信计算密码平台功能及服务实现的核心,并为可信计算密码平台的管理提供保障。The trusted computing cryptographic platform is based on cryptographic technology and consists of trusted computing cryptographic modules and trusted software systems. The architecture is shown in Figure 1. Among them, the trusted computing cryptographic module is the root of trust, which provides a trusted environment for the operation of the trusted computing cryptographic platform. Assure.

可信计算密码平台通过自下而上的可信支撑和信任的逐层传递,建立贯穿系统的可信链,构建可信计算环境。在终端主板上新增的可信计算密码模块是可信平台的信任根,包括可信度量根、可信存储根、可信报告根,是平台信任链传递的起点。可信度量根是完整性度量的可信根,可信存储根是数据存储保护的可信根,可信报告根是完整性报告的可信根;可信计算密码平台以可信计算密码模块自主可信根(RT)为核心部件实现完整性度量和存储机制,并实现可信引导和信任链的建立。可信软件系统是可信计算密码平台的支撑软件,为操作系统和应用软件提供一个使用可信计算密码平台的接口,同时,它还保证了信任链在软件系统上的传递。运行于可信计算平台上的应用借助于可信计算密码平台提供的可信服务,在可信计算环境中完成可信的应用功能和服务。The trusted computing cryptographic platform establishes a trusted chain throughout the system through bottom-up trusted support and layer-by-layer transfer of trust, and builds a trusted computing environment. The newly added trusted computing cryptographic module on the main board of the terminal is the trust root of the trusted platform, including the trusted measurement root, trusted storage root, and trusted reporting root, and is the starting point of the platform trust chain transfer. The root of trust for measurement is the root of trust for integrity measurement, the root of trust for storage is the root of trust for data storage protection, the root of trust for reporting is the root of trust for integrity reporting; The autonomous root of trust (RT) implements the integrity measurement and storage mechanism for the core components, and realizes the establishment of trusted guidance and trust chain. The trusted software system is the supporting software of the trusted computing cryptographic platform. It provides an interface for the operating system and application software to use the trusted computing cryptographic platform. At the same time, it also ensures the transmission of the trust chain on the software system. Applications running on a trusted computing platform complete trusted application functions and services in a trusted computing environment with the help of trusted services provided by the trusted computing cryptographic platform.

●可信计算密码模块●Trusted Computing Cryptographic Module

可信计算密码模块有硬件板卡和软件两种形态,根据服务器的安全需求级别采用不同形态的可信计算密码模块,如下表所示:The trusted computing cryptographic module has two forms of hardware board and software. According to the security requirement level of the server, different forms of trusted computing cryptographic modules are used, as shown in the following table:

表1可信计算密码模块形态Table 1 Trusted Computing Cryptographic Module Morphology

硬件板卡形态的可信计算密码模块为可信软件系统提供硬件的密码算法和策略存储、保护与更新机制:The trusted computing cryptographic module in the form of hardware boards provides hardware cryptographic algorithms and policy storage, protection and update mechanisms for trusted software systems:

(1)密码算法:为可信软件系统提供高性能SM2和SM3算法;(1) Cryptographic algorithm: provide high-performance SM2 and SM3 algorithms for trusted software systems;

(2)策略保护:存储可信软件系统策略文件的摘要值,为策略文件提供完整性保护,避免恶意篡改;(2) Policy protection: store the summary value of the trusted software system policy file, provide integrity protection for the policy file, and avoid malicious tampering;

(3)操作系统可信启动:提供CPU实模式的驱动,为系统引导阶段提供针对内核的静态度量支撑。(3) Trusted startup of the operating system: Provide the driver of the CPU real mode, and provide static measurement support for the kernel for the system boot phase.

软件形态的可信计算密码模块为可信软件系统提供软件形态的密码算法和策略存储、保护与更新机制:The trusted computing cryptographic module in the form of software provides cryptographic algorithms and policy storage, protection and update mechanisms in the form of software for trusted software systems:

(1)密码算法:为可信软件系统提供高性能SM2和SM3算法;(1) Cryptographic algorithm: provide high-performance SM2 and SM3 algorithms for trusted software systems;

(2)策略保护:保护可信软件系统策略文件的摘要值,为策略文件提供完整性保护,避免恶意篡改。(2) Policy protection: protect the summary value of the trusted software system policy file, provide integrity protection for the policy file, and avoid malicious tampering.

硬件板卡形态可信计算密码模块芯片由执行引擎、非易失性存储单元、易失性存储单元、随机数发生器、密码算法引擎、密钥生成器、定时器等部分组成,如图2所示,并由输入输出桥接单元把将这些功能组件映射到片内CPU的地址空间。Hardware board form trusted computing cryptographic module chip is composed of execution engine, non-volatile storage unit, volatile storage unit, random number generator, cryptographic algorithm engine, key generator, timer and other parts, as shown in Figure 2 As shown, these functional components are mapped to the address space of the on-chip CPU by the input-output bridge unit.

可信计算密码模块方案中设计了独立于CPU的供电系统,所以可信计算密码模块可以作为主设备先于CPU启动,从而可以作为主设备运行,成为整个系统可信度量的起点,度量包括BIOS在内的所有部件,建立以可信计算密码模块为起点的信任链。In the Trusted Computing cryptographic module solution, a power supply system independent of the CPU is designed, so the Trusted Computing cryptographic module can be started as the master device before the CPU, so that it can run as the master device and become the starting point of the entire system's trustworthiness measurement, including BIOS. For all the components, a chain of trust starting from the trusted computing cryptographic module is established.

可信计算密码模块内部执行引擎是可信计算密码模块的运算执行单元。可信计算密码模块内部的非易失性存储单元分为程序存储单元、数据存储单元和可信寄存器组三部分,共设计1280字节的NV寄存器。其中,程序存储单元存储固件和控制程序"数据存储单元存储密钥、证书、日志和其他保密数据。可信寄存器组包括:模块标识寄存器、版本号寄存器、电源与状态管理寄存器、使用状态寄存器、当前用户身份识别寄存器、平台配置寄存器、平台绑定寄存器、用户管理寄存器、非易失存储器(NV)。The internal execution engine of the trusted computing cryptographic module is the operation execution unit of the trusted computing cryptographic module. The non-volatile storage unit inside the trusted computing cryptographic module is divided into three parts: program storage unit, data storage unit and trusted register group, and a total of 1280 bytes of NV registers are designed. Among them, the program storage unit stores firmware and control programs, and the data storage unit stores keys, certificates, logs and other confidential data. The trusted register group includes: module identification register, version number register, power supply and status management register, usage status register, Current user identification register, platform configuration register, platform binding register, user management register, non-volatile memory (NV).

可信计算密码模块内部的易失性存储单元包括:平台配置寄存器和运算过程中开辟的数据缓冲区。用户注销时,重要数据存储到非易失存储器,清零易失性存储单元中用户空间。其中平台配置寄存器PCR是一个设置在可信计算密码模块内部的一组寄存器,共有128个256位受保护的平台配置寄存器(PCR),用于存储完整性度量值,可扩展到256个。The volatile storage units inside the trusted computing cryptographic module include: platform configuration registers and data buffers created during operations. When the user logs out, important data is stored in the non-volatile memory, and the user space in the volatile storage unit is cleared. Among them, the platform configuration register PCR is a group of registers set inside the trusted computing cryptographic module. There are 128 256-bit protected platform configuration registers (PCR) for storing integrity measurement values, which can be extended to 256.

可信计算密码模块通过控制裁决引擎,实现对硬件资源的访问控制的裁决功能。裁决结果或者信号,通过GPIO信号线发送给可信计算平台。The trusted computing cryptographic module realizes the judgment function of access control to hardware resources by controlling the judgment engine. The ruling result or signal is sent to the trusted computing platform through the GPIO signal line.

●可信软件系统●Trusted software system

可信软件系统作为可信计算密码平台的一部分,由下列组件组成:可信计算密码驱动模块、度量模块和审计模块。可信软件系统主要实现信任链的传递和应用软件以及不可控操作系统的度量和审计。可信计算密码驱动模块完成对可信计算密码模块设备的管理功能并提供驱动,由可信计算密码模块芯片厂商提供。可信软件系统中的度量模块主要实现可信计算密码平台对后续软件的完整性度量,这些软件包括:核心动态加载模块、应用程序、动态库、不可控操作系统核心,以及不可控操作系统上的应用程序等。As a part of trusted computing cryptographic platform, trusted software system consists of the following components: trusted computing cryptographic driver module, measurement module and audit module. The trusted software system mainly realizes the transfer of trust chain and the measurement and audit of application software and uncontrollable operating system. The trusted computing cryptographic driver module completes the management function of the trusted computing cryptographic module device and provides the driver, which is provided by the trusted computing cryptographic module chip manufacturer. The measurement module in the trusted software system mainly implements the integrity measurement of the subsequent software by the trusted computing cryptographic platform. These software include: core dynamic loading modules, application programs, dynamic libraries, uncontrollable operating system cores, and applications, etc.

软件的完整性度量包含以下三个过程:Software integrity measurement includes the following three processes:

1)软件供应商在发布应用程序或其更新的同时,提供组成该应用程序的可执行文件(指包含代码的文件)对应的散列值的清单,并对每个散列值签名。操作系统在应用程序安装或更新后,将通过签名验证的“文件-散列值对”同步至应用程序摘要数据库(ADDB)。该数据库应使用存储主密钥保护。1) When releasing the application program or its update, the software supplier provides a list of hash values corresponding to the executable files (referring to files containing codes) that make up the application program, and signs each hash value. After the application is installed or updated, the operating system will synchronize the "file-hash value pair" that has passed the signature verification to the application summary database (ADDB). The database should be secured with a storage master key.

2)操作系统核心在程序文件或共享库文件被执行前,调用可信计算密码模块请求可信计算密码模块度量相应文件。可信计算密码模块对指定文件做散列运算,并返回计算结果。若需针对该应用程序的完整性报告,则还需将上述计算所得散列值存储在特定的PCR,并记录度量存储日志(SML)。2) The core of the operating system calls the trusted computing cryptographic module to request the trusted computing cryptographic module to measure the corresponding file before the program file or the shared library file is executed. The trusted computing cryptographic module performs a hash operation on the specified file and returns the calculation result. If an integrity report is required for the application, the hash value calculated above also needs to be stored in a specific PCR and recorded in the Metric Storage Log (SML).

3)操作系统将可信计算密码模块计算所得散列值与保存在ADDB中的预期值比较,若相符则执行相应代码,否则中止应用程序的执行。3) The operating system compares the hash value calculated by the trusted computing cryptographic module with the expected value stored in the ADDB, and executes the corresponding code if they match, or terminates the execution of the application program.

可信软件系统中的审计模块的主要作用是截获上层应用或者不可控OS的特定行为,并进行行为审计和分析,并触发预定的响应动作。The main function of the audit module in the trusted software system is to intercept specific behaviors of upper-layer applications or uncontrollable OS, conduct behavior audit and analysis, and trigger predetermined response actions.

当上层应用或者不可控操作系统需要进行启动程序、加载动态库或者加载内核模块等行为时,审计模块对行为对象(包括可执行程序,动态库,内核模块)的代码段,进行哈希运算,并验证其哈希值是否与预期值相同,根据验证的结果来判断是否允许该行为继续进行。When the upper layer application or uncontrollable operating system needs to start the program, load the dynamic library or load the kernel module, etc., the audit module performs hash operation on the code segment of the behavior object (including executable program, dynamic library, kernel module), And verify whether its hash value is the same as the expected value, and judge whether to allow the behavior to continue according to the verification result.

对于直接运行在可信内核上的应用程序,审计点直接设置在核心中,对于不可控操作系统,可以通过截获其系统调用(一般通过软中断方式)、中断等方式实现审计。For applications running directly on the trusted kernel, the audit point is directly set in the kernel. For uncontrollable operating systems, auditing can be realized by intercepting its system calls (generally through soft interrupts), interrupts, etc.

●静态度量●Static metrics

静态度量是由度量代理在预定的度量策略支持下用适当的算法对度量对象进行以完整性为主的表征过程。如图3所示,静态度量的主要任务为:Static measurement is a completeness-based characterization process for measurement objects by measurement agents using appropriate algorithms under the support of predetermined measurement strategies. As shown in Figure 3, the main tasks of static measurement are:

(1)确定预期断言。对度量对象所期望的结果进行恰当的表述,即被度量的对象的完整性。(1) Determine the expected assertion. Properly express the expected result of the measured object, that is, the integrity of the measured object.

(2)制定度量策略。制定可行的度量方法对度量对象进行完整性判断。(2) Develop a measurement strategy. Formulate a feasible measurement method to judge the integrity of the measurement object.

(3)进行度量评判。根据度量结果,对度量对象进行可信性判断,给出判断结果。(3) Carry out measurement and judgment. According to the measurement results, the credibility of the measurement object is judged, and the judgment result is given.

静态度量的内容包括系统中的可执行程序、动态库和内核模块。静态度量对上述三项文件进行文件内容的哈希计算,并将计算结果与预期结果进行比较,来保证其可信性。The content of static measurement includes executable programs, dynamic libraries and kernel modules in the system. Static measurement performs hash calculation of the file content on the above three files, and compares the calculation result with the expected result to ensure its credibility.

采用对度量对象(包括可执行程序,动态库,内核模块)的代码段,进行哈希运算,并验证其哈希值是否与预期的相同,以此来判断度量对象的完整性是否遭受破坏。Use hash operation on the code segment of the measurement object (including executable program, dynamic library, kernel module), and verify whether the hash value is the same as expected, so as to judge whether the integrity of the measurement object is damaged.

可执行程序的度量方法:当启动程序时,首先截获该程序的信息,调用算法计算该程序代码段的哈希值,并将计算后的哈希值与预期值做比较,以此来判断该可执行程序是否被篡改。Measuring method for executable programs: When starting a program, first intercept the information of the program, call the algorithm to calculate the hash value of the code segment of the program, and compare the calculated hash value with the expected value, so as to judge the Whether the executable program has been tampered with.

动态库度量方法:当加载动态库时(包括程序启动所必须的动态库,以及运行时动态加载的动态库等),系统会通过映射函数将动态库映射到内存中,如果动态库已经在内存中,则不需要重新加载,进而也不会进行度量。当初次加载动态库时,首先截获该动态库的信息,调用算法计算该程序代码段的哈希值,并将计算后的哈希值与预期值做比较,以此来判断该可执行程序是否被篡改过。当程序退出时,会释放一些自身使用的动态库,但仍然会有一些动态库驻留系统内存,供其它程序使用,不会被释放,所以当重新启动程序时,这些已经驻留内存的动态库不需要再次度量。Dynamic library measurement method: When loading a dynamic library (including the dynamic library necessary for program startup, and the dynamic library dynamically loaded at runtime, etc.), the system will map the dynamic library to the memory through the mapping function. If the dynamic library is already in the memory , there is no need for a reload and thus no measurement. When loading the dynamic library for the first time, first intercept the information of the dynamic library, call the algorithm to calculate the hash value of the program code segment, and compare the calculated hash value with the expected value to judge whether the executable program is been tampered with. When the program exits, it will release some dynamic libraries used by itself, but there will still be some dynamic libraries resident in the system memory for use by other programs and will not be released, so when the program is restarted, these dynamic libraries already resident in the memory Libraries do not need to be measured again.

模块度量方法:模块加载包括两种情况:第一种,当Linux系统启动时,需要加载操作系统启动运行所必须的模块。第二种,系统启动后,当系统有需求时(例如,当插入U盘),操作系统会动态加载所需的模块。这两种情况对linux系统内核来说是不区分对待的,即,不论哪种方式加载模块,都由同一系统调用来处理(即sys_init_module()系统调用)。所以模块度量即在该系统调用处,当加载模块时,该系统调用会截获模块的代码段、长度等信息,再将这些信息传递给度量代理,有度量代理计算该模块的哈希值,并与预期值进行比较,以此来判断该模块是否被篡改过。Module measurement method: module loading includes two situations: first, when the Linux system starts, it needs to load the modules necessary for the operating system to start and run. In the second type, after the system is started, the operating system will dynamically load the required modules when the system is required (for example, when a USB flash drive is inserted). These two cases are not treated differently for the Linux system kernel, that is, no matter which way the module is loaded, it is handled by the same system call (ie sys_init_module() system call). Therefore, the module measurement is at the system call. When the module is loaded, the system call will intercept the module's code segment, length and other information, and then pass this information to the measurement agent, and the measurement agent will calculate the hash value of the module, and Compare with the expected value to determine whether the module has been tampered with.

●动态度量●Dynamic metrics

在静态度量功能保证系统运行对象初态可信的基础上,动态度量机制在度量对象启动前完成对度量对象预期值的收集,并依据收集的预期值,在系统运行中对其状态进行验证。如图4所示,动态度量机制能够对运行状态中的内核关键数据及进程状态进程度量。其中,度量对象包括操作系统内核的代码段、只读数据段、关键跳转表和应用层的进程代码段。除了为可信证明机制提供支撑外,内核度量功能主要服务于可信软件系统的自身保护机制,应用度量功能主要服务于访问控制机制。On the basis of the static measurement function to ensure the credibility of the initial state of the system operating object, the dynamic measurement mechanism completes the collection of the expected value of the measurement object before the measurement object is started, and verifies its state during system operation according to the collected expected value. As shown in Figure 4, the dynamic measurement mechanism can measure the key data of the kernel in the running state and the process status of the process. Among them, the measurement objects include the code segment of the operating system kernel, the read-only data segment, the key jump table and the process code segment of the application layer. In addition to providing support for the trusted proof mechanism, the kernel measurement function mainly serves the self-protection mechanism of the trusted software system, and the application measurement function mainly serves the access control mechanism.

(1)内核关键数据度量(1) Kernel key data metrics

内核关键数据度量如图5所示。Kernel key data metrics are shown in Figure 5.

度量对象:默认度量内核的代码段、只读数据段、关键跳转表等操作系统正常运行过程中静态不变的数据。度量机制的调用者可以通过注册接口指定自有的度量对象。Measurement object: by default, the code segment, read-only data segment, and key jump table of the kernel are measured by default, which are static and unchanged data during the normal operation of the operating system. The caller of the measurement mechanism can specify its own measurement object through the registration interface.

度量时机:默认采用定时度量的方法,每间隔一定的时隙度量一次;也可通过查询接口触发度量。Measurement timing: By default, the method of timing measurement is adopted, and the measurement is performed every certain time slot; the measurement can also be triggered through the query interface.

度量方法:由TSB启动内核线程,通过使用TCM提供的Hash函数接口计算度量对象的完整性校验值,并与基准值进行比较。Measurement method: TSB starts the kernel thread, calculates the integrity check value of the measurement object by using the Hash function interface provided by TCM, and compares it with the benchmark value.

(2)进程度量流程(2) Process measurement process

进程环境度量如图6所示。The process environment metrics are shown in Figure 6.

度量对象:应用进程及相关共享库的代码段。Metric Objects: Code segments of the application process and associated shared libraries.

度量时机:定时度量;也可由用户手动触发度量。Measurement timing: timing measurement; measurement can also be manually triggered by the user.

度量方法:动态度量模块将记录指定应用及其关联进程的系统调用流,并进行分析和学习,生成描述合法调用规则的、系统调用级的执行图(Execution Graph),从而通过执行图对进程的异常行为进行度量报告。Measurement method: The dynamic measurement module will record the system call flow of the specified application and its associated process, analyze and learn, and generate a system call-level execution graph (Execution Graph) that describes the legal call rules, so that the process's Abnormal behavior is measured and reported.

(3)进程行为度量(3) Process Behavior Metrics

进程行为度量如图7所示。Process behavior metrics are shown in Figure 7.

度量对象:进程发出的系统调用。Metric object: System calls issued by the process.

度量时机:在系统调用发生时实时度量。Measurement timing: real-time measurement when the system call occurs.

度量方法:由度量引擎实时监控系统调用行为,对每一次系统调用行为进行判定,如果符合执行规则,则允许本次调用;如果违背执行规则,则阻止本次调用。Measurement method: The measurement engine monitors the system call behavior in real time, and judges each system call behavior. If the execution rule is met, the call is allowed; if the execution rule is violated, the call is blocked.

●白名单●White list

可信计算密码平台提供软件安装接口(针对于软件安装包的方式),通过此接口安装应用程序。软件安装过程中通过扫描接口扫描生成白名单库,允许安装释放的执行程序运行,软件安装白名单生成如图8所示。The trusted computing cryptographic platform provides a software installation interface (for the software installation package), and the application program is installed through this interface. During the software installation process, the whitelist library is generated by scanning the interface, allowing the execution program released by the installation to run. The software installation whitelist is generated as shown in Figure 8.

客户端软件安装有两种方式,分别为有采集权限的软件安装和无采集权限的软件安装。通过这两种方式可以对安装权限进行不同粒度的控制。There are two ways to install the client software, which are software installation with acquisition authority and software installation without acquisition authority. Through these two methods, the installation permission can be controlled at different granularities.

有采集权限的软件安装:当客户端作为采集终端时,可以通过管理中心授予客户端“软件采集”权限,然后使用客户端的程序安装接口进行安装操作,通过接口安装的执行程序将被自动添加到本地白名单库,并可以立即执行。同时所安装的软件白名单(除系统白名单)可以通过接口导出为策略文件,然后上报管理中心待批准到其他客户端。Software installation with acquisition authority: When the client is used as an acquisition terminal, you can grant the client the "software acquisition" authority through the management center, and then use the program installation interface of the client to perform installation operations, and the execution programs installed through the interface will be automatically added to the Native whitelist library, and can be executed immediately. At the same time, the installed software whitelist (except the system whitelist) can be exported as a policy file through the interface, and then reported to the management center for approval to other clients.

无采集权限的软件安装:默认情况下,客户端无采集权限。这时只允许通过软件安装接口安装管理中心下发的模版软件,通过模板安装的执行程序将被自动添加到网络白名单库,并可以立即执行。Software installation without collection permission: By default, the client has no collection permission. At this time, only the template software issued by the management center is allowed to be installed through the software installation interface, and the execution program installed through the template will be automatically added to the network whitelist library and can be executed immediately.

●基于安全标签的强制访问控制● Mandatory access control based on security labels

在可信计算密码平台功能基础上增加的强制执行控制功能如图9所示,绿色标示的部分为强制执行控制增加流程。The enforcement control function added on the basis of the trusted computing encryption platform function is shown in Figure 9, and the part marked in green is the process of adding enforcement control.

结合电力调度控制系统安全标签的业务特点及可信软件系统强制访问体系的功能特点,将电力调度控制系统中的安全标签判定体系与可信软件系统的强制访问控制体系相结合,对系统访问请求经过两种访问控制的双重判定,形成一种双备份的强制访问控制体系。其中可信软件系统提供内核级高强度的访问控制,安全标签体系提供应用级的第二梯度的访问控制。彻底解决安全标签体系目前面临的安全隐患。Combined with the business characteristics of the security label of the power dispatching control system and the functional characteristics of the mandatory access system of the trusted software system, the security label judgment system in the power dispatching control system is combined with the mandatory access control system of the trusted software system, and the system access request Through the double judgment of two kinds of access control, a dual-backup mandatory access control system is formed. Among them, the trusted software system provides high-intensity access control at the kernel level, and the security label system provides second-gradient access control at the application level. Thoroughly solve the safety hazards currently faced by the safety label system.

加入可信软件系统的强制访问控制体系业务流程如图10所示。The business process of the mandatory access control system added to the trusted software system is shown in Figure 10.

(1)人机发起服务访问请求(1) HMI initiates a service access request

(2)部署在SCADA服务器上的可信软件系统截获此请求(2) The trusted software system deployed on the SCADA server intercepts the request

(3)从请求的第一个数据包中提取主体安全标签(3) Extract the subject security label from the first packet of the request

(4)根据服务的端口号在端口和服务对应列表中寻找对应的服务名称(4) Find the corresponding service name in the port and service correspondence list according to the port number of the service

(5)根据服务名称在客体标签列表找到相应的客体标签(5) Find the corresponding object tag in the object tag list according to the service name

(6)将主体安全标签与客体标签中的权限值进行异或运算(6) XOR the subject security label and the authority value in the object label

(7)如果权限判定通过,放行数据包(7) If the authority judgment is passed, release the data packet

(8)此请求的后续数据将直接放行,不在进行权限判定。(8) Subsequent data of this request will be released directly, and authority judgment will not be performed.

最后应当说明的是:以上实施例仅用于说明本申请的技术方案而非对其保护范围的限制,尽管参照上述实施例对本申请进行了详细的说明,所属领域的普通技术人员应当理解:本领域技术人员阅读本申请后依然可对申请的具体实施方式进行种种变更、修改或者等同替换,但这些变更、修改或者等同替换,均在申请待批的权利要求保护范围之内。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application rather than to limit the scope of protection thereof. Although the present application has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: After reading this application, those skilled in the art can still make various changes, modifications or equivalent replacements to the specific implementation methods of the application, but these changes, modifications or equivalent replacements are all within the protection scope of the pending claims of the application.

Claims (2)

1. a kind of creditable calculation password platform suitable for electric system universal computing platform, which is characterized in that the password is flat Platform includes: creditable calculation password module and trusted software system;
The creditable calculation password module includes credible measurement root, trusted storage root, credible report root, is platform transitive trust Starting point;
The trusted software system includes: creditable calculation password drive module, metric module and Audit Module, be operating system and Application software provides the interface for using creditable calculation password platform;
The creditable calculation password platform provides white list mechanism and the forced symmetric centralization based on safety label;
The white list mechanism be in software installation process by scan interface scanning generate white list library, program operation when according to Determine whether that program is run according to the white list library;
The forced symmetric centralization based on safety label includes:
(1) man-machine initiation service access request;
(2) the trusted software system being deployed on SCADA server intercepts and captures this request;
(3) main body safety label is extracted from first data packet of request;
(4) corresponding service name is found in port and service corresponding lists according to the port numbers of service;
(5) corresponding object label is found in object list of labels according to service name;
(6) authority credentials in main body safety label and object label is subjected to XOR operation;
(7) if permission judgement passes through, clearance data packet;
(8) follow-up data of this request will directly let pass, and not carry out permission judgement;
The creditable calculation password drive module provides driving for the creditable calculation password module;
The metric module is used for the integrity measurement to the creditable calculation password platform subsequent software;
The subsequent software includes: core dlm (dynamic loading module), dynamic base, uncontrollable operating system kernel and uncontrollable behaviour Make the application program in system;
The Audit Module is used to intercept and capture the specific behavior of upper layer application or uncontrollable operating system, carries out behavior auditing and divides Analysis, and trigger scheduled response action;
The integrity measurement includes staticametric and dynamic measurement;
The content of the staticametric includes executable program, dynamic base and kernel module in system, and staticametric is to described Executable program, the dynamic base and the kernel module carry out the Hash calculation of file content, and by calculated result and expection As a result compare, to judge whether the integrality of measure object wrecks;
The dynamic measurement is to start the preceding collection completed to measure object desired value, and the expection according to collection in measure object Value verifies measure object in system operation.
2. creditable calculation password platform as described in claim 1, which is characterized in that the creditable calculation password module includes hard Part board form and software forms;
The hardware board form includes: enforcement engine, non-volatile memory cells, volatile memory cell, random number generation Device, cryptographic algorithm engine, key generator and timer provide the cryptographic algorithm of hardware for trusted software system and strategy are deposited Storage, protection and update mechanism;
The software forms provide the cryptographic algorithm and policy store of software forms, protection and update machine for trusted software system System.
CN201510782795.0A 2015-11-16 2015-11-16 A kind of creditable calculation password platform suitable for electric system universal computing platform Active CN105468978B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510782795.0A CN105468978B (en) 2015-11-16 2015-11-16 A kind of creditable calculation password platform suitable for electric system universal computing platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510782795.0A CN105468978B (en) 2015-11-16 2015-11-16 A kind of creditable calculation password platform suitable for electric system universal computing platform

Publications (2)

Publication Number Publication Date
CN105468978A CN105468978A (en) 2016-04-06
CN105468978B true CN105468978B (en) 2019-11-01

Family

ID=55606664

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510782795.0A Active CN105468978B (en) 2015-11-16 2015-11-16 A kind of creditable calculation password platform suitable for electric system universal computing platform

Country Status (1)

Country Link
CN (1) CN105468978B (en)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106909835B (en) * 2016-12-28 2020-02-07 中软信息系统工程有限公司 Method for realizing kernel integrity measurement based on CPU (Central processing Unit) space-time isolation mechanism
CN107403097A (en) * 2017-08-10 2017-11-28 清远博云软件有限公司 A kind of core system software running guard method
CN108632243A (en) * 2018-03-13 2018-10-09 全球能源互联网研究院有限公司 Trustable network communication means based on safety chip hardware algorithm module and device
CN110414244B (en) * 2018-04-28 2023-07-21 阿里巴巴集团控股有限公司 Encryption card, electronic equipment and encryption service method
CN110674494B (en) * 2018-07-02 2023-04-11 阿里巴巴集团控股有限公司 Process protection method, system and data processing method
CN110096887B (en) 2019-03-22 2020-06-30 阿里巴巴集团控股有限公司 Trusted computing method and server
US11755739B2 (en) * 2019-05-15 2023-09-12 Hewlett-Packard Development Company, L.P. Update signals
CN112181756A (en) * 2019-07-04 2021-01-05 上海泰宇信息技术股份有限公司 Data monitoring and security method
CN112446029B (en) * 2019-08-29 2024-11-22 杭州中软安人网络通信股份有限公司 Trusted Computing Platform
CN110851837B (en) * 2019-11-04 2023-04-11 中电长城(长沙)信息技术有限公司 Self-service equipment based on trusted computing, and security management system and method thereof
CN111126804B (en) * 2019-12-11 2022-07-19 南方电网电力科技股份有限公司 Safety management and control system with kernel-level dynamic measurement function
CN113127876A (en) * 2019-12-30 2021-07-16 国民技术股份有限公司 Trusted computing control method and equipment
CN113132318B (en) * 2019-12-31 2025-09-16 中国电力科学研究院有限公司 Active defense method and system for information security of main station of power distribution automation system
CN111339533B (en) * 2020-02-14 2023-04-28 北京工业大学 An application layer-oriented trusted cryptographic module interface design method
CN111639307B (en) * 2020-05-28 2023-09-19 全球能源互联网研究院有限公司 Trusted resource authorization system, software trusted authentication system and method thereof
CN111709036B (en) * 2020-06-16 2023-05-30 全球能源互联网研究院有限公司 Cross-platform application compatibility guarantee system of trusted operating system
CN111723379B (en) * 2020-06-18 2024-03-19 中国电力科学研究院有限公司 Trusted protection methods, systems, equipment and storage media for smart terminals in trusted Taiwan areas
CN111737701A (en) * 2020-06-19 2020-10-02 全球能源互联网研究院有限公司 A server trusted root system and its trusted startup method
CN112269995A (en) * 2020-08-07 2021-01-26 国网河北省电力有限公司信息通信分公司 Trusted computing platform for parallel computing and protection of smart power grid environment
CN112184439B (en) * 2020-09-28 2024-06-18 北京八分量信息科技有限公司 Decentralized transaction method, device and related products based on node sorting
CN112187475A (en) * 2020-09-28 2021-01-05 北京八分量信息科技有限公司 Method and device for performing multi-center accounting based on trusted computing and related products
CN112187476A (en) * 2020-09-28 2021-01-05 北京八分量信息科技有限公司 Method and device for synchronizing block chain state based on trusted computing and related product
CN112214760A (en) * 2020-10-21 2021-01-12 北京八分量信息科技有限公司 Application program management method and device based on credible root measurement and related products
CN112214759A (en) * 2020-10-21 2021-01-12 北京八分量信息科技有限公司 Behavior authority distribution method and device for application program based on credible root measurement and related products
CN112347472B (en) * 2020-10-27 2022-05-06 中国南方电网有限责任公司 Behavioral trust measurement method and device based on power edge computing
CN112214769B (en) * 2020-10-30 2023-05-26 国家电网有限公司信息通信分公司 Active measurement system of Windows system based on SGX architecture
CN112511306A (en) * 2020-11-03 2021-03-16 中国航空工业集团公司西安航空计算技术研究所 Safe operation environment construction method based on mixed trust model
CN112199682B (en) * 2020-11-03 2022-08-02 上海思赞博微信息科技有限公司 Trusted computing based white list library file protection method
CN112615845B (en) * 2020-12-11 2022-11-18 辽宁电力能源发展集团有限公司 An edge trusted device and big data processing method of energy internet
CN112668026B (en) * 2020-12-31 2023-12-22 兴唐通信科技有限公司 Anti-irradiation satellite-borne TCM (TCM) device
CN112685779A (en) * 2020-12-31 2021-04-20 天津南大通用数据技术股份有限公司 Static credibility judgment method for executing main keywords of select statement based on database
CN112910861A (en) * 2021-01-19 2021-06-04 浙江大学 Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN112887674B (en) * 2021-01-22 2023-09-22 深圳可信计算技术有限公司 Video monitoring system
CN113037779B (en) * 2021-04-19 2022-02-11 清华大学 Intelligent self-learning white list method and system in active defense system
CN113127873A (en) * 2021-04-26 2021-07-16 中国邮政储蓄银行股份有限公司 Credible measurement system of fortress machine and electronic equipment
CN113329008B (en) * 2021-05-26 2022-04-08 深圳聚创致远科技有限公司 Intelligent power grid environment computing and protection parallel trusted computing platform
CN113536317A (en) * 2021-06-17 2021-10-22 杭州加速科技有限公司 A method and system for enhancing the security of an ATE testing machine
CN113919004B (en) * 2021-10-11 2025-01-21 长城信息股份有限公司 A trusted computing software integrity measurement system and method
CN114710319B (en) * 2022-03-04 2024-04-12 可信计算科技(无锡)有限公司 Decision judging method and system based on trusted computing
CN118211238B (en) * 2022-12-16 2025-05-09 飞腾信息技术有限公司 Security measurement method, security architecture system and computer equipment
CN116170156B (en) * 2023-02-23 2024-11-19 郑州信大云谷科技有限公司 A trust computing system and computing method capable of defining behavior
CN117784744B (en) * 2024-02-28 2024-05-14 西安热工研究院有限公司 A trust-based DCS host computer application access control method, device and medium
CN117970907B (en) * 2024-04-01 2024-06-14 西安热工研究院有限公司 Trusted DCS controller trusted function test method, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504704A (en) * 2009-03-17 2009-08-12 武汉大学 Star trust chain supporting embedded platform application program integrality verification method
CN103093150A (en) * 2013-02-18 2013-05-08 中国科学院软件研究所 Dynamic integrity protection method based on credible chip
CN104504340A (en) * 2014-12-25 2015-04-08 国家电网公司 Power system security tag based mandatory access control method
CN104933354A (en) * 2014-12-30 2015-09-23 国家电网公司 Trusted computing based white list static measurement method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504704A (en) * 2009-03-17 2009-08-12 武汉大学 Star trust chain supporting embedded platform application program integrality verification method
CN103093150A (en) * 2013-02-18 2013-05-08 中国科学院软件研究所 Dynamic integrity protection method based on credible chip
CN104504340A (en) * 2014-12-25 2015-04-08 国家电网公司 Power system security tag based mandatory access control method
CN104933354A (en) * 2014-12-30 2015-09-23 国家电网公司 Trusted computing based white list static measurement method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
操作系统可信证明体系结构与模型研究;辛思远;《中国博士学位全文数据库 信息科技辑》;20130615(第6期);正文第6、24-29、62、82-91页 *

Also Published As

Publication number Publication date
CN105468978A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
CN105468978B (en) A kind of creditable calculation password platform suitable for electric system universal computing platform
US10516533B2 (en) Password triggered trusted encryption key deletion
CN104751063B (en) A kind of operating system trusted bootstrap method based on real pattern technology
Shabtai et al. Securing Android-powered mobile devices using SELinux
Parno et al. Bootstrapping trust in modern computers
JP5164285B2 (en) Computer system with anti-malware
US11714910B2 (en) Measuring integrity of computing system
US8689318B2 (en) Trusted computing entities
US20130312099A1 (en) Realtime Kernel Object Table and Type Protection
US20060112241A1 (en) System, method and apparatus of securing an operating system
US20080163212A1 (en) Paralleled management mode integrity checks
CN101615230A (en) A method for trusted execution and trusted protection of files
EP3338214B1 (en) Secure computation environment
Yao et al. Building secure firmware
CN118503956A (en) Software protection system, method, storage medium, device and program product
Almohri et al. Process authentication for high system assurance
Qin et al. RIPTE: runtime integrity protection based on trusted execution for IoT device
Song et al. Tz-ima: Supporting integrity measurement for applications with arm trustzone
Bousquet et al. Mandatory access control for the android dalvik virtual machine
CN110543769B (en) A trusted boot method based on encrypted TF card
Zhao et al. Hypnoguard: Protecting secrets across sleep-wake cycles
Almohri et al. Identifying native applications with high assurance
Hei et al. From hardware to operating system: a static measurement method of android system based on TrustZone
Yalew Mobile device security with ARM TrustZone
Zhao et al. White list security management mechanism based on trusted computing technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 102209 Beijing City, Changping District science and Technology Park in the future smart grid research institute hospital

Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE

Applicant after: Jiangsu Electric Power Company

Applicant after: State Grid Corporation of China

Applicant after: State Grid Jibei Electric Power Company Limited

Applicant after: State Grid Tianjin Electric Power Company

Applicant after: Nantong Power Supply Company, Jiangsu Electric Power Co., Ltd.

Address before: 102211 Beijing city Changping District Xiaotangshan town big East Village Road No. 270 (future technology city)

Applicant before: State Grid Smart Grid Institute

Applicant before: Jiangsu Electric Power Company

Applicant before: State Grid Corporation of China

Applicant before: State Grid Jibei Electric Power Company Limited

Applicant before: State Grid Tianjin Electric Power Company

Applicant before: Nantong Power Supply Company, Jiangsu Electric Power Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant