TPCM三阶三路安全可信平台防护架构  被引量：10

作　　者：黄坚会 沈昌祥 谢文录 HUANG Jianhui;SHEN Changxiang;XIE Wenlu(Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China;Huada Semiconductor Co. ,Ltd, Shanghai 201203, China)

机构地区：[1]北京工业大学信息学部,北京100124 [2]华大半导体有限公司,上海201203

出　　处：《武汉大学学报（理学版）》2018年第2期109-114,共6页Journal of Wuhan University:Natural Science Edition

基　　金：国家自然科学基金资助项目(61501007)

摘　　要：提出三阶三路（3P3C）计算机架构防护理论,基于该理论实现了可信平台控制模块（TPCM）度量,系统控制、构建和保持可信运行环境.从系统架构角度解决计算机启动源头、平台及运行环境的不可信问题.该方法确保作为信任根的TPCM芯片首先上电,主导计算机电源控制系统,度量确认启动代码的可信性和完整性.在计算机启动过程中进行可信链的传递,若检测到BIOS等固件被恶意篡改或平台环境受到攻击,则根据预先写在TPCM内部的安全策略让计算机进入受控非可信工作模式或阻止其上电等.当可信操作系统及可信软件基（TSB）加载后,运行应用软件过程中,能实时动态保持计算机的可信运行环境,直至系统关机.依该方法设计的TPCM芯片对计算机有主动的、绝对的控制权.极端情况下,一旦恶意代码入侵而导致系统失控的情况发生,TPCM可以采取切断物理通道、关闭计算机电源等绝对性保护措施保护数据及网络安全.Three phases three channels（3 P3 C）defense architecture theory for generalized computer is first brought out in this paper.By implementing the trusted platform control module（TPCM）and system control based on3 P3 Ctheory,a trusted system was built and sustained.It can solve the untrusted problem fundamentally concerning the source of boot and platform environments from architecture aspect.This design ensures the TPCM is powered up firstly,measures the integrity of the boot code,and then lets it lead the power control system.A trusted chain is transmitted while booting the computer.If the BIOS or any other firmware was maliciously tampered,or platform environment was attacked,the TPCM would let computer enter control untrusted working mode or prevent it from being powered on according to the security policy which has been written in the TPCM in advance.After the trusted system and software base（TSB）are loaded,it sustains the trusted work environments dynamically until the system is shut down during implementing the applications.In this design the TPCM has active and absolute controls right over the computer.If the malicious code intruded and caused the system situation out of control,the TPCM would protect the data and network from being attacked by cutting off power or any other absolute protection solutions.

关 键 词：三阶三路 可信平台控制模块 安全可信 主动防御 动态度量 可信运行环境 

分 类 号：TP316[自动化与计算机技术—计算机软件与理论]