摘要
可信平台模块(TPM)具有对度量校验值进行硬件级保护等特点,在可信引导过程中起到至关重要的作用,进而有力保障用户计算环境的安全性。然而目前尚有大量不具备TPM硬件的计算机,如何实现其可信引导从而建立安全的计算环境仍然亟待解决。针对在没有TPM硬件的环境中度量校验值安全性难以保证的问题,提出一种无校验值比对的可信链建立方法。这种方法采用在操作系统引导时输入密钥来动态解码二进制指令流的模式,充分利用在操作系统引导这一特殊时期软硬件环境尚不完整,尝试破解密钥代价高昂的特点。通过实验验证这种方法的有效性。
The trusted platform module (TPM) is capable of protecting validation checksum from hardware level perspective, and plays a vital role in guaranteeing the safety of computing environment. However there are a lot of computers running without TPM, how to guarantee their safety is still unsolved. For that reason,proposes a way of building trusted chain without checksum validation. This method dynamically decodes binary instructions at boot time, taking full advantage of the characteristics that cracking key at initialization moment will be costly. Finally the effectiveness of the proposed method is verified by experiment.
出处
《现代计算机》
2016年第22期9-13,共5页
Modern Computer
关键词
可信链
可信度量
可信引导
Trusted Chain
Trusted Measurement
Trusted Startup
