CN103093150B - A kind of dynamic integrity protection method based on credible chip - Google Patents
A kind of dynamic integrity protection method based on credible chip Download PDFInfo
- Publication number
- CN103093150B CN103093150B CN201310052766.XA CN201310052766A CN103093150B CN 103093150 B CN103093150 B CN 103093150B CN 201310052766 A CN201310052766 A CN 201310052766A CN 103093150 B CN103093150 B CN 103093150B
- Authority
- CN
- China
- Prior art keywords
- file
- function
- memory block
- tcm
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of dynamic integrity protection method based on credible chip.This method is: 1) arrange a datum renewal program at User space, for storing the measuring standard of dynamic change file; The NV memory block of this datum renewal program initialization TCM chip: define the index of NV memory block, size and operation password; 2), after each updating file of user, datum renewal program and operation password is utilized to upgrade the benchmark of this file in NV memory block; 3) one metric module and an authentication module are set at kernel state; Measurement results to the measurement results calculating this file during internal memory, and is issued authentication module at dynamic change files loading by metric module; The benchmark that authentication module reads this file in NV memory block compares, if unanimously, then described metric module judges that this file integrality is good, otherwise judges that this file is illegally modified.Present invention efficiently solves the problem that IMA can not measure the file of dynamic change and verify.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of dynamic integrity protection method based on credible chip.
Background technology
Along with the development of computer technology, the safety problem of computer system is the focus of people always.Especially the code of computer system or data may suffer the illegal modifications of long-range attack person.Traditional fire wall mode, antivirus software and password mode etc. can not the integralities of fundamentally protection calculation machine system.In the world, Trusted Computing Group (TCG) by embedding one piece of credible platform module TPM on mainboard, and utilizes this chip to ensure that the system started up is safe and reliable when system starts by the method for measuring layer by layer.The domestic standard " trusted computing password support platform function and interface specification " also formulating trust computing, by being embedded with the credible password module TCM of oneself core cryptographic algorithm on mainboard, can be used for the trusted bootstrap of the system that realizes.But the method for this trusted bootstrap only measures BIOS, Bootloader, kernel, not tolerance kernel module and executable program.
Tolerance mechanism is expanded to application layer by integrity measurement framework (IntegrityMeasurementArchitecture) IMA.It can measure executable file, library file, kernel module by the method inserting hook point in Linux.When these files are loaded into internal memory, IMA can calculate their cryptographic hash, the result obtained is stored in integrity measurement list IML, and expands in the platform configuration register PCR of TPM.The value of IML and PCR can be used for the integrality of application program in remote proving system.Wherein whether PCR is used for detecting IML and has suffered to distort, and IML then contrasts with the Standard Hash value of application program safeguarded on the long-range machine carrying out verifying, just can find that the integrality of application program has suffered destruction once inconsistent.PCR can be used for measuring the fixing executable program of cryptographic hash, is but not suitable for the file measuring dynamic change.Such as CONFIG.SYS and Java.policy.For CONFIG.SYS, user to modify renewal to system configuration along with the change of system software stack, makes CONFIG.SYS not have unique Standard Hash value that can be used for verifying integrality.The file of which service is opened when more typical CONFIG.SYS is the startup of regulation system.For security strategy, user may modify to existing security strategy or user oneself a definition complete new security strategy.Therefore the Java.policy Standard Hash value that also neither one is unique can be used for verifying its integrality.More typically there is in linux system the SELinux strategy file implementing mandatory Access Control Mechanism.The file of this kind of change is not suitable for protecting with PCR, and the security of this class file is very important.If assailant unlawfully revises system configuration or Java.policy, the service in system is just likely made to hang or security mechanism inefficacy.
Summary of the invention
The present invention proposes a kind of dynamic integrity protection scheme based on credible chip, dynamically can measure system configuration or the security strategy of often change.Our dynamic integrity protection scheme can compartment system configuration or security strategy to be have updated or victim unlawfully have modified by user is legal.Whether the file for the ease of detecting a dynamic change is modified, and its cryptographic hash is stored in the nonvolatile storage NV of TCM chip by we, as the benchmark of tolerance.Data in NV memory block can not disappear along with the closedown of system, are therefore convenient to the storage of reference value and compare.Upgrade this class file and assailant unlawfully to they amendments to distinguish validated user, we arrange the write permission in NV region by the mode arranging password.Namely after the file of each dynamic change is updated, validated user has permission the benchmark upgrading NV memory block, disabled user's then not this authority.In order to the safety of protection system timely, the method for tolerance and checking when we adopt loading.Namely this class file is when being loaded into internal memory, and IMA can calculate their cryptographic hash and from NV memory block, read corresponding reference value compare.If consistent, then illustrate that they are believable; Otherwise then illustrate that they have suffered unlawfully to revise.
Technical scheme of the present invention is as follows:
First a datum renewal program is realized at User space (i.e. user address space), user calls the reference value that this program just can upgrade NV memory block after updating file, file comprises configuration file and strategy file, and also comprising other can the file of dynamic change.This program needs initialization NV memory block, and comprise the index of definition NV memory block, size, arranges the password operated NV memory block.Initialization operation carries out once.NV only has initialization just can write inside NV by the reference value of a file later, calls datum renewal program later at every turn, only need by the content update inside NV.The index of NV memory block is used for identifying NV, finds this NV memory block when being convenient to checking.The size of NV memory block decides this NV can be used for the number of Memory Reference value.The index of NV memory block and size information can be realized by the interface called in specification (setting the information such as the memory location of index, size in existing interface specification).Arranging the password operated NV memory block is to prevent disabled user from distorting reference value in NV memory block, thus otherly crosses checking.The cryptographic hash (totally 32) of password is stored into 0 to 31 bytes of NV, as the benchmark of password by the present invention.When each user upgrades NV region later, the Hash of the password of its input unanimously just must can carry out corresponding operation to benchmark.Secondly, in order to measure the file of dynamic change neatly, datum renewal program has oneself strategy file, and the reference value defining which file in this file needs to write in NV memory block.The corresponding filename of every a line and the index index of this file in NV memory block, the cryptographic hash that datum renewal program can calculate them successively it can be used as benchmark and is put in corresponding region according to its index.
In addition in order to measure and checking when realizing the loading to the file of dynamic change, achieve metric module and authentication module at kernel state (corresponding with kernel state, kernel state refers to kernel address space).Metric module realizes based on IMA.The tolerance size ratio of current IMA is comparatively thick, and can only measure kernel module, executable file, library file etc., and system configuration or Java.policy do not belong to these categories, therefore IMA can not measure some concrete system configuration or Java.policy.In order to measure when realizing the loading to them, the function checking filename is added in the file_mmap Hook Function that the present invention uses at IMA, and in IMA strategy file, add the support of filename filename option, the filename that will measure is assigned to filename, like this when file is loaded, just the filename being loaded into internal memory and the filename that will measure are compared, if consistent, it is measured.The reference value that authentication module is responsible for reading this file from NV region (can realize carrying out read operation to NV by the order of reading NV in interface specification, namely can obtain data to be read according to the index of NV and the side-play amount that will read.Because read operation NV can not change the content inside NV, so do not need to arrange password), and compare with the result measured by metric module, thus judge whether this file was unlawfully revised.For certain system configuration or security strategy, need to know the skew of its benchmark in NV region, therefore the present invention with the addition of the support of index index option in the strategy of IMA.For the file that certain will be measured, its index in IMA strategy is consistent with the index of this file in the strategy of datum renewal program, represents that certain system configuration or Java.policy are which files in NV region.
Accompanying drawing explanation
Fig. 1 is the dynamic integrity protection scheme's Organization Chart that the present invention is based on credible chip;
Fig. 2 is NV storage initialization process;
Fig. 3 is the process that user upgrades benchmark;
Fig. 4 is integrity measurement and proof procedure.
Embodiment
Below in conjunction with accompanying drawing and the specific implementation in the system with TCM chip, the present invention is further illustrated, but the scope do not limited the present invention in any way.
The present invention mainly comprises several part below, and as shown in Figure 1, datum renewal program is in User space, is driven the data can reading and writing NV memory block by TCM.When can be realized the renewal of the benchmark of NV memory block after user's updating file by this program.Metric module is in kernel state, at files loading to the cryptographic hash calculating this file during internal memory, and the result of calculating is issued authentication module.Authentication module is driven by TCM can read the corresponding benchmark of this file of NV memory block in TCM, then compares with measurement results, and comparative result is issued metric module.If consistent, then illustrate that this file integrality is good, otherwise then illustrate that this file has suffered unlawfully to revise.
For the realization of datum renewal program, the function Tddli_TransmitData that main utilization sends order and acceptance response to TCM equipment realizes carrying out initialization to NV memory block, comprise index and the size of definition NV memory block, and how NV memory block is read and write.This function directly sends a TCM order to TCM device driver, makes TCM perform corresponding operation.First define transmission data function transmit_data (BYTE*buf, intlen, BYTE*name) above-mentioned function is encapsulated, wherein type B YTE be to the pointer of buffer zone and the length that represent the order sent to TCM without the macro definition buf of symbol char type (character types) and len, name represents the name of order.The function carrying out operating with TCM below all realizes based on this function.Several function below main definitions in datum renewal program:
Voidtcm_prepare (void): TCM checks that first this function of function utilizes Tddli_Open to open TCM equipment, then transmission data function transmit_data (PARAM (TCM_PhysicalEnable), " TCM_PhysicalEnable ") is utilized to check that whether TCM equipment is normal.If normal, can then perform follow-up operation, abnormal, point out user " TCM equipment is abnormal ", and hang up.Wherein PARAM represents buffer zone and its length, is defined as follows:
#definePARAM(x)(x),sizeof(x)
Voidtcm_define_nv (intindex, intsize): this function of definition NV function is by the index index of NV memory block, and the size size of NV memory block is put into the corresponding position of array TCM_NV_DefineSpace, then NV storage area is defined with transmission data function transmit_data (PARAM (TCM_NV_DefineSpace), " TCM_NV_DefineSpace ").
Voidtcm_read_nv (BYTE*buf, intoffset, intlen): the length len that this function of reading NV function will read is put into the corresponding position of array TCM_NV_ReadValue, then transmission data function transmit_data (PARAM (TCM_NV_ReadValue), " TCM_NV_ReadValue ") is utilized to read NV.
Voidtcm_write_nv (BYTE*buf, intoffset, intlen): write this function of NV function and first define a buffer zone BYTE*nv_writebuf, then the header TCM_NV_WriteValue writing NV memory block is put into before this buffer zone, this being write NV memory block buf is put into after the nv_writebuf of this buffer zone again, then transmission data function transmit_data (nv_writebuf is utilized, total_len, " TCM_NV_WriteValue ") realize writing NV function, wherein total_len represents header and will write the length sum in NV region.In above-mentioned function, TCM_PhysicalEnable, TCM_NV_DefineSpace, TCM_NV_ReadValue, TCM_NV_WriteValue are the byte arrays defined, be used for expression operation TCM chip time required transmission sequential value.Such as TCM_NV_ReadValue is definition like this:
Wherein the first two byte represents the sequence number 0xc1 to TCM input request, and the 3 to the 6 byte is the length of this array, is here 22 bytes.7 to the 10 byte is the sign of TCM order, is here 0x80cf.11 to the 14 byte is the index of NV memory block, is 0x12345678 here.Index value when this index value needs and definition NV is the same just can be read and write this NV.15 to the 18 byte is the skew of content in NV memory block that will read.In tcm_read_nv function, these four bytes need to be arranged to offset.Last four bytes are then to read the size of data, and in tcm_read_nv function, these four bytes need to be arranged to len.Generally be set to 32 when the benchmark of fetch policy file.
Voidchecksum_file (char*file_pcr, intoffset): first this function of document reference renewal function reads a file content to buffer zone, then utilize the function of sm3 algorithm to calculate the cryptographic hash of this buffer zone, then utilize function tcm_write_nv to be write NV region.
NV storage initialization process is as Fig. 2.First call function tcm_prepare checks that whether TCM equipment is normal, then tcm_define_nv (0x123456 is called, 676) index defining NV is 0x12345678, and size is 672 bytes, can store the reference value of 20 system configuration or security strategy.User arranges password, and calculate the cryptographic hash passwordHashBase of password, call function tcm_write_nv (passwordHashBase, 0,32) is write 0 to 31 bytes of NV.
Rise in 32 bytes of NV memory block, every 32 bytes can store the cryptographic hash of a file.In order to measure file flexibly, we use a strategy file determine the cryptographic hash of which file to be put into inside NV to allow datum renewal program.Every a line of strategy file comprises filename and the index of this file in NV.Datum renewal program can read this file and then according to the filename in every a line and index, the cryptographic hash of file is put into the reference value of the relevant position inside NV as checking.In the above example, the benchmark of policy.24 will be put in 32 to 63 bytes; The benchmark of ima_policy will be put in the 64 to 95 byte, the like.
User upgrades the process of benchmark as shown in Figure 3.First user inputs password passsword, the Hash passwordHash of this password of datum renewal program computation, then tcm_read_nv (passwordHashBase is called, 0,32), namely read out the benchmark passwordHashBase of password from 0 to 31 bytes of NV, then compare with passwordHash, see that whether they are consistent.If consistent, datum renewal program reads institute's Regeneration dynamics change filename of file and the index of its correspondence from its strategy file, then calculates the Hash of this file and according to index, they is put into corresponding position in NV as new benchmark.If inconsistent, then user is allowed to re-enter password, at most in triplicate.If last still incorrect, then upgrade benchmark failure.
For the realization of metric module and authentication module, owing to only having the function tcm_extend of function tcm_pcr_read and the expansion PCR reading PCR in the driving of TCM, and do not read the function of NV memory block.In order to the NV allowing IMA can operate TCM, first we with the addition of the function reading NV in the driving of TCM: its prototype of tcm_nv_read. is: inttcm_nv_read (u32chip_num, intoffset, u8*res_buf); Wherein chip_num represents the sequence number of TCM, and offset represents the skew of NV, and res_buf is used for storing the data read out.During owing to reading at every turn, we read the cryptographic hash of length-specific---and 32 bits, therefore the unnecessary length read change as one is joined.This function prototype is defined in
In include/linux/tcm.h header file.In addition when drive send order to TCM time, TCM can determine it is the operation of what type according to the sequence number of order, such as read the value of PCR corresponding be 0x8015, that the value of expansion PCR is corresponding is 0x8014.The sequence number reading NV is 0x80cf, so first we define this sequence number in driver/char/tcm/tcm.c:
#defineTCM_ORDINAL_NVREADcpu_to_be32(0x80cf)。The header corresponding to order reading NV memory block is as follows:
Wherein TCM_TAG_RQU_COMMAND represents the sequence number 0xc1 to TCM input request, reads PCR and extendPCR and all uses this value.Length represents the length of header, is 22 bytes here. and the content that these 22 bytes comprise is as follows:
0 ~ 1 byte: TCM_TAG_RQU_COMMAND
2 ~ 5 bytes: header length are 22 here
6 ~ 9 bytes: TCM_ORDINAL_NVREAD
This part defines in nvread_header header above.
10 ~ 13 bytes: the index of NV memory block
14 ~ 17 bytes: the skew in NV memory block.
18 ~ 21 bytes: read the data length in NV memory block, we are set to 32 bytes.
This part will define in original data structure tcm_cmd_t in TCM drives.As follows:
structtcm_cmd_tcmd;
cmd.header.in=nvread_header;
cmd.params.nvread_in.nv=cpu_to_be32(0x12345678);
Here 0x12345678 is as the index of NV, and index when this index and datum renewal application definition NV is consistent.
Cmd.params.nvread_in.nv_offset=cpu_to_be32 (offset) reads the skew of NV.
Cmd.params.nvread_in.nv_len=cpu_to_be32 (32) reads the length of NV.
Then the function transmit_cmd in utilizing TCM to drive just can realize the function reading NV, as follows:
rc=transmit_cmd(chip,((u8*)&cmd),READ_NV_RESULT_SIZE,
″attemptingtoreadNVvalue″);
Wherein chip is the pointer pointing to structtcm_chip structure, can realize with tcm_chip_find_get (chip_num), READ_NV_RESULT_SIZE is the length that TCM returns, here 46 are set to, wherein front 14 bytes are the header information exported, the value that rear 32 bytes read for us.
Inside kernel, added that TCM drives read the function of NV after, in order to allow IMA can measure certain configuration or strategy file, we add filename option in the Metric policy of IMA, are used for specifying which configuration or strategy file this IMA can measure.In addition for the ease of IMA measure certain file time, be convenient to the position of cryptographic hash in NV region obtaining this file, we add index option in the Metric policy of IMA.This option represents the sequence number of file in NV region that will measure.Such as index=0 representative is at 36 ~ 67 byte places, and index=1 represents at 68 ~ 99 byte places, the like.
The process of integrity measurement and checking is as Fig. 4.First to when a file is loaded into internal memory, IMA can search this filename in oneself strategy, judges whether this file needs tolerance.If not, then do not need to measure this file and verify, continue to perform subsequent operation.If certain file that will measure, then metric module calculates the cryptographic hash fileHash of this file, and result is passed to authentication module.Authentication module removes to search corresponding benchmark fileHashBase in NV memory block according to the index of this file, and then current with file cryptographic hash fileHash contrasts, if consistent, by checking.Otherwise then not by checking, show that this file has suffered unlawfully to revise.
Claims (10)
1., based on a dynamic integrity protection method for credible chip, the steps include:
1) arrange a datum renewal program at User space, the NV memory block of this datum renewal program initialization TCM chip: the index of definition NV memory block, NV memory block size, arranges the operation password of NV memory block; Described NV memory block is for storing the measuring standard of dynamic change file; In the Metric policy of integrity measurement framework IMA, increase by a filename filename option, be used for specifying the measurable dynamic change file of this IMA;
2), after user's each Regeneration dynamics change file, the operation password of this datum renewal program and setting is utilized to upgrade the benchmark of this file in NV memory block;
3) one metric module and an authentication module are set at kernel state; Measurement results to the measurement results calculating this file during internal memory, and is issued described authentication module at dynamic change files loading by described metric module; Described authentication module reads the benchmark of this file in NV memory block, itself and this measurement results is compared, and comparative result is issued metric module, if unanimously, then described metric module judges that this file integrality is good, otherwise judges that this file is illegally modified.
2. the method for claim 1, is characterized in that described datum renewal program is provided with a strategy file, for the benchmark of dynamic change file to be set being write the corresponding region in NV memory block; The corresponding filename of the every a line of this strategy file and the index of this file in NV memory block; Described datum renewal program calculates the measuring standard of the dynamic change file of setting successively, is then stored in the corresponding region of NV memory block by its measuring standard according to the index of the dynamic change file of setting.
3. method as claimed in claim 2, is characterized in that adding a Yellow Book in the strategy file of described integrity measurement framework IMA, for representing the sequence number of dynamic change file in NV region that will measure; Wherein, for the dynamic change file that each will be measured, the index that its index in integrity measurement framework IMA strategy file is corresponding with this file in the strategy file of datum renewal program is consistent.
4. the method as described in claim 1 or 2 or 3, is characterized in that described datum renewal program comprises the function Tddli_TransmitData that one to TCM chip sends order and acceptance response, adopts this function to carry out initialization to NV memory block; Described datum renewal program comprises a transmission data function transmit_data (BYTE*buf, intlen, BYTE*name), for encapsulating function Tddli_TransmitData; Wherein type B YTE is the macro definition to unsigned character type, the pointer of the buffer zone of the order that buf and len representative sends to TCM and length, the name of name representative order.
5. method as claimed in claim 4, is characterized in that described datum renewal program comprises lower array function:
TCM checks function: first this function accesses TCM chip, and whether TCM chip is normal then to utilize transmission data function to check, if normal, performs follow-up operation, otherwise hang up;
Definition NV function: this function, using index and size as input, utilizes transmission data function definition NV storage area;
Read NV function: this function is with the skew of NV, and the length of reading, as input, utilizes transmission data function to read NV, is put in buffer zone by the content of reading;
Write NV function: this function points to the pointer of buffer zone with one, the size of buffer zone, and the skew of NV is as input, utilize transmission data function the content of buffer zone to be write inside NV.
6. method as claimed in claim 5, it is characterized in that described datum renewal program comprises this function of document reference renewal function and first reads a file content to buffer zone, then calculate the cryptographic hash of this buffer zone, then utilization is write NV function and the cryptographic hash of this buffer zone is write NV region.
7. method as claimed in claim 2 or claim 3, it is characterized in that step 2) in utilize the operation password of this datum renewal program and setting to upgrade this file in the method for the benchmark of NV memory block to be: user inputs the operation password passsword of setting, its Hash of datum renewal program computation passwordHash, then benchmark passwordHashBase and the passwordHash reading out operation password from NV memory block compares, if consistent, datum renewal program reads institute's Regeneration dynamics change filename of file and the index of its correspondence from its strategy file, then calculate the Hash of this file and according to index, this Hash be put into corresponding position, NV memory block as new benchmark.
8. the method as described in claim 1 or 2 or 3, is characterized in that described measuring standard is the cryptographic hash of dynamic change file.
9. the method as described in claim 1 or 2 or 3, is characterized in that described metric module realizes based on integrity measurement framework IMA; The function checking filename is added in the file_mmap Hook Function that integrity measurement framework IMA uses.
10. the method as described in claim 1 or 2 or 3, is characterized in that described authentication module is driven by TCM and reads the corresponding benchmark of this file in NV memory block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310052766.XA CN103093150B (en) | 2013-02-18 | 2013-02-18 | A kind of dynamic integrity protection method based on credible chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310052766.XA CN103093150B (en) | 2013-02-18 | 2013-02-18 | A kind of dynamic integrity protection method based on credible chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103093150A CN103093150A (en) | 2013-05-08 |
| CN103093150B true CN103093150B (en) | 2016-01-20 |
Family
ID=48205706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310052766.XA Expired - Fee Related CN103093150B (en) | 2013-02-18 | 2013-02-18 | A kind of dynamic integrity protection method based on credible chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103093150B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106096421A (en) * | 2016-06-20 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | TPM-based high-security host security protection system and method |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268440B (en) * | 2013-05-17 | 2016-01-06 | 广东电网公司电力科学研究院 | Trusted kernel dynamic integrity measurement method |
| CN103593617B (en) * | 2013-10-27 | 2016-08-17 | 西安电子科技大学 | Software integrity check system based on VMM and method thereof |
| CN104268461B (en) | 2014-09-16 | 2018-03-06 | 华为技术有限公司 | A kind of credible measurement method and device |
| CN104809401B (en) * | 2015-05-08 | 2017-12-19 | 南京大学 | A kind of operating system nucleus completeness protection method |
| CN105468978B (en) * | 2015-11-16 | 2019-11-01 | 全球能源互联网研究院 | A kind of creditable calculation password platform suitable for electric system universal computing platform |
| CN105718807B (en) * | 2016-01-26 | 2018-08-03 | 东北大学 | Android system and its authentic authentication system based on soft TCM and credible software stack and method |
| DE102016205289A1 (en) | 2016-03-31 | 2017-10-05 | Siemens Aktiengesellschaft | Method, processor and device for checking the integrity of user data |
| CN105956466A (en) * | 2016-04-28 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | TPM-based active measurement and exception reporting system and method |
| CN106127057A (en) * | 2016-06-23 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted boot control based on TPM |
| CN107679393B (en) * | 2017-09-12 | 2020-12-04 | 中国科学院软件研究所 | Android integrity verification method and device based on trusted execution environment |
| CN109948327A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of abnormality check method and terminal |
| CN111258598B (en) * | 2018-11-30 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Metric updating method, device, system, storage medium and computer equipment |
| CN109558738A (en) * | 2018-12-07 | 2019-04-02 | 郑州云海信息技术有限公司 | A kind of mobile platform is credible control device and its method |
| CN110334518B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted computing platform-based measurement policy verification method and device |
| CN111881467B (en) * | 2020-06-12 | 2022-10-28 | 海光信息技术股份有限公司 | Method and device for protecting file by using security processor, CPU and computer equipment |
| CN112199682B (en) * | 2020-11-03 | 2022-08-02 | 上海思赞博微信息科技有限公司 | Trusted computing based white list library file protection method |
| CN112597505B (en) * | 2020-12-29 | 2022-11-22 | 海光信息技术股份有限公司 | Credibility measuring method, control method, processor, chip, device and medium |
| CN114048502B (en) * | 2021-10-15 | 2023-08-15 | 中国科学院信息工程研究所 | Lightweight trusted channel and communication control method thereof |
| CN117807605A (en) * | 2022-09-23 | 2024-04-02 | 华为技术有限公司 | Data protection method and electronic equipment |
| CN115640567B (en) * | 2022-09-28 | 2024-02-27 | 北京瑞莱智慧科技有限公司 | TEE integrity authentication method, device, system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
| CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
| CN102880826A (en) * | 2012-08-29 | 2013-01-16 | 华南理工大学 | Dynamic integrity measurement method for security of electronic government cloud platform |
-
2013
- 2013-02-18 CN CN201310052766.XA patent/CN103093150B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
| CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
| CN102880826A (en) * | 2012-08-29 | 2013-01-16 | 华南理工大学 | Dynamic integrity measurement method for security of electronic government cloud platform |
Non-Patent Citations (2)
| Title |
|---|
| 基于安全芯片的可信平台设计与实现;徐娜等;《计算机应用研究》;20060801(第8期);第117页-119页 * |
| 新型可信计算平台体系结构研究;张珂;《计算机技术与发展》;20110710;第21卷(第7期);第153页-157页 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106096421A (en) * | 2016-06-20 | 2016-11-09 | 浪潮电子信息产业股份有限公司 | TPM-based high-security host security protection system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103093150A (en) | 2013-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103093150B (en) | A kind of dynamic integrity protection method based on credible chip | |
| CN103718165B (en) | BIOS flash memory attack protection and notice | |
| EP2854066B1 (en) | System and method for firmware integrity verification using multiple keys and OTP memory | |
| CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
| CN103914658B (en) | Safe starting method of terminal equipment, and terminal equipment | |
| TWI544356B (en) | Appratus, method and system for providing integrity verification and attestation in a hidden execution environment | |
| US8522018B2 (en) | Method and system for implementing a mobile trusted platform module | |
| US8429418B2 (en) | Technique for providing secure firmware | |
| US7421588B2 (en) | Apparatus, system, and method for sealing a data repository to a trusted computing platform | |
| US8122514B2 (en) | Software enhanced trusted platform module | |
| CN112800429B (en) | Method for protecting driver in UEFI BIOS firmware system based on basicity | |
| TW201500960A (en) | Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| Hendricks et al. | Secure bootstrap is not enough: Shoring up the trusted computing base | |
| CN103080904A (en) | Providing a multi-phase lockstep integrity reporting mechanism | |
| US10776493B2 (en) | Secure management and execution of computing code including firmware | |
| US20200089507A1 (en) | Low power embedded device using a write-once register to speed up the secure boot from sleep states of the device | |
| US11188321B2 (en) | Processing device and software execution control method | |
| JP5466645B2 (en) | Storage device, information processing device, and program | |
| JP2021179982A (en) | Security system and method for preventing roll-back attack on silicon device firmware | |
| Dhobi et al. | Secure firmware update over the air using trustzone | |
| EP3338214B1 (en) | Secure computation environment | |
| CN109766688B (en) | Merkle tree-based Linux program runtime verification and management and control method and system | |
| KR100772881B1 (en) | Apparatus and method for checking self modifying code | |
| Muramoto et al. | Improving Hardware Security on Talos II Architecture Through Boot Image Encryption | |
| EP3620944B1 (en) | Low power embedded device using a write-once register to speed up the secure boot from sleep states of the device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160120 Termination date: 20210218 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |