一种基于TrustZone的内生可信执行环境构建方法  被引量:2

A Method to Build Endogenous Trusted Execution Environment Based on TrustZone

在线阅读下载全文

作  者:庞飞[1] 唐六华[1] 谢小赋[1] 孙夏声[1] PANG Fei;TANG Liuhua;XIE Xiaofu;SUN Xiasheng(No.30 Institute of CETC,Chengdu Sichuan 610041,China)

机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041

出  处:《信息安全与通信保密》2022年第6期102-110,共9页Information Security and Communications Privacy

摘  要:针对安全模块扩展技术面临的安全风险以及性能较低的问题,提出了一种基于TrustZone技术构建内生可信执行环境的方法。重点研究了计算资源隔离分配、固件可信度量、安全存储、全信任链构建等关键技术。设计了内生可信执行环境系统结构与可信计算基关键部件,通过对其安全性进行分析,表明基于内生可信执行环境,可以从底层硬件到上层软件,逐级构建自启动到运行整个活动周期的信任链,能够有效地保证系统关键硬件、固件、操作系统文件、应用软件和敏感数据的安全性和完整性,具备内生安全、易扩展、低成本等优点。To address the security risks and low performance of security module extension,this paper proposes a method to build an endogenous trusted execution environment based on TrustZone,and focuses on the key technologies such as computing resource isolation allocation,firmware trust metric,secure storage,and full trust chain transfer.It designs the system architecture of the endogenous trusted execution environment and the key components of the trusted computing base.Through the analysis of the system security,it is shown that based on the endogenous trusted execution environment,the trust chain from the bottom hardware to the top software can be built step by step from startup to operation of the entire activity cycle.The system can effectively ensure the security and integrity of key hardware,firmware,operating system files,application software and sensitive data,with the endogenous security,easy expansion,low cost and so on.

关 键 词:可信执行环境 信任链 隔离 内生安全 

分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象