【摘要】 传统TCG可信计算技术旨在提高计算平台自身安全免疫能力,其平台主模块TPM作为外部设备挂载于通用计算平台外部总线。该技术对计算平台上可以使用的应用软件、静态文件等采用被动防御方式,仅能监管符合TCG可信服务接口规范的程序,尤其对APT攻击及0day攻击的防御能力较弱,影响了平台的可扩展性和整体安全性。为此,文章提出一种抗APT攻击的可信软件基,利用可信软件基对安全芯片TCM的信任链扩展能力,主动植入操作系统内核,实时校验可执行程序的运行和对静态文件的操作,实现操作系统、业务软件的安全可信运行。实验结果表明,抗APT攻击的可信软件基可以动态、主动度量业务处理系统,适用于构建自主可控的Linux可信计算平台。更多还原

【Abstract】 Traditional TCG trusted computing technology aims to improve the computing platform’s own safety and immunity. The main module of TCG is mounted on the external bus of general-purpose computing platform, using passive defense on application software, static files and others, programs that only comply with the TCG trusted service interface specification can be monitored, which makes it lack of supervision, especially weak on defensing APT and 0day attack, weakened the overall security of the platform. In this paper, we put forward an Anti APT Attack Trusted Software Base using white list of strong access control technology. With the trust chain expansion capability, TSB can extend trust chain from TCM chip to make sure the operation of operating system and business software safe and reliable. Experimental results shows that the Anti APT Attack Trusted Software Base can dynamically and actively measure the business processing system, and it is suitable for constructing autonomous controllable Linux trusted computing platform.更多还原