微处理器内安全子系统的安全增强技术  

作　　者：石伟[1] 刘威 龚锐[1] 王蕾[1] 张剑锋[1] SHI Wei;LIU Wei;GONG Rui;WANG Lei;ZHANG Jian-feng(College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China)

机构地区：[1]国防科技大学计算机学院,湖南长沙410073

出　　处：《计算机工程与科学》2021年第8期1353-1359,共7页Computer Engineering & Science

基　　金：核高基国家科技重大专项(2017ZX01028-103-002);科技部重点研发计划(2020AAA0104602,2018YFB2202603);国家自然科学基金(61832018)。

摘　　要：在信息技术快速发展的同时,信息安全变得尤为重要。处理器作为信息系统的核心部件,其安全性对系统安全起到至关重要的决定性作用。在处理器中构建安全可信的执行环境是提升处理器安全性的重要方法,然而很多核心安全技术仍然由片外安全TPM/TCM芯片保证。近年来,作为计算机系统安全基础的安全原点逐渐往处理器中转移。对处理器内安全子系统的安全增强技术展开研究,首先研究安全处理器体系结构;然后对处理器核、互连网络、存储和密码模块等处理器核心模块进行安全增强,同时从系统级角度实现了密钥管理、生命周期、安全启动和抗物理攻击等系统安全防护技术;最后,在一款桌面处理器中实现了一个安全子系统,并进行了分析。With the rapid development of information technology,information security is becoming more and more important.As the core component of information system,the security of processor plays an important role in system security.Building a secure and trusted execution environment on the processor is an important method to improve the security of processor.However,many security technologies still rely on independent security chip,such as trusted platform module(TPM)and trusted cryptography module(TCM).In recent years,the root of security,which is the security basis of computer system,has gradually shifted to the processor.In this paper,the security enhancement technologies of on-chip security subsystem are discussed.Firstly,the architecture of the security processor is studied.Secondly,the components of the security subsystem such as processor core,interconnection network,storage,cipher module,are researched.At the same time,the system security protection technologies such as key management,life-cycle management,secure boot,and physical attack resistant schemes are also realized.Finally,a security subsystem for desktop processors is implemented and analyzed.

关 键 词：安全子系统 随机行为 密钥管理 生命周期管理 安全启动 抗物理攻击 

分 类 号：TP301[自动化与计算机技术—计算机系统结构]