基于可信计算的全舰计算环境安全增强研究  被引量：2

作　　者：尚文利[1,3,4] 邢祥宇 刘贤达 尹隆[1,3] 高恩阳 SHANG Wen-li;XING Xiang-yu;LIU Xian-da;YIN Long;GAO En-yang(Key Laboratory of Networked Control System,Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang 110016,China;Information and Control Engineering Faculty,Shenyang Jianzhu University,Shenyang 11016,China;Institutes for Robotics and Intelligent Manufacturing,Chinese Academy of Sciences,Shenyang 110016,China;University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院沈阳自动化研究所网络化控制系统重点实验室,辽宁沈阳110016 [2]沈阳建筑大学信息与控制工程学院,辽宁沈阳110168 [3]中国科学院机器人与智能制造创新研究院,辽宁沈阳110016 [4]中国科学院大学,北京100049

出　　处：《舰船科学技术》2020年第13期125-129,共5页Ship Science and Technology

基　　金：国家重点研发计划项目(2018YFB2004200);中科院战略性先导科技专项项目(XDC02020200);国家自然科学基金资助项目(61773368)。

摘　　要：全舰计算环境作为一种先进的舰船设计理念,深刻地影响了现代舰船设计理念。通过对现有全舰计算环境的分析,提出当前全舰计算环境面临的3点安全威胁,并提出了基于可信计算的安全增强手段。针对数据转换过程中缺少完整性校验问题提出了一种基于完整性校验和经验数据库的校验方法,针对设备抗伪造能力不足问题,采用一种基于设备不变属性的完整性校验方法。针对领域应用缺少程序级访问控制问题,提出一种基于可信软件栈的设计流程,从而提高领域应用的可信性。通过可信计算对全舰计算环境安全增强方法的研究,为构建安全可信的舰载系统提供参考。The total ship computing environment,as an advanced ship design concept,has profoundly affected the design concept of modern ships.Based on the analysis of the total ship computing environment,the three security threats faced by the current ship computing environment were proposed,and the corresponding security enhancement methods were proposed by using trusted computing methods.A verification method based on integrity check and experience database was proposed for the lack of integrity check in the data conversion process.For the problem of insufficient anti-counterfeiting capability of the device,a integrity-based school based on invariant properties was used.The method is built on the lack of program-level access control for domain applications and proposes a design process based on the trusted computing group software stack to improve the credibility of domain applications.The research on the security enhancement method of the total ship computing environment through trusted computing provides a reference for our military to build a safe and reliable shipborne system.

关 键 词：全舰计算环境 可信计算 可信软件栈 安全增强 

分 类 号：U622[交通运输工程—船舶及航道工程]