摘要
为了解决传统的操作系统引导机制存在关键验证信息被绕过的风险和引导数据被篡改的安全隐患,基于可信计算理论,结合带光盘文件系统的智能卡技术,提出了基于通用智能卡的可信引导方案.在不改变智能卡和终端设备的硬件和固件结构的基础上,通过改造智能卡的存储数据和磁盘的引导数据,实现用户身份信息、智能卡和终端设备绑定的安全目标,将可信计算机制从开机加电扩展至应用层,确保操作系统的初始状态可信.通过安全性分析和性能分析,证明终端设备引导的安全性,并且在实际应用中得到了验证.
The risk of the key authentication information being bypassed and the potential safety hazard of booting data being tampered with both exist in the booting mechanism of the traditional operating system.Based on the theory of trusted computing,combined with the technology of smart card with CD-ROM file system,a scheme of trusted boot based on general smart card was proposed. Without changing the structure of hardware and firmware of the smart card and terminal device,through the transformation of storage data in the smart card and disk booting data,the security objective of binding the user's identity information,the smart card and the terminal device were achieved. The trusted computing mechanism was extended from power on to the application layer to ensure that the initial state of operating system was trustworthy. Through the analysis of security and performance,the security of terminal device bootstrap was proven,which has been verified in practical applications.
出处
《北京工业大学学报》
CAS
CSCD
北大核心
2017年第1期100-107,共8页
Journal of Beijing University of Technology
基金
北京市委组织部-优秀人才培养计划(Q0007016201501)
关键词
可信计算
可信根
可信链
可信度量
可信引导
trusted computing
trusted root
trusted chain
trusted measurement
security bootstrap
