论文:2020,Vol:38,Issue(5):1063-1067
引用本文:
高建军, 闫文, 石郡儒, 刘明明, 姚红静, 郭阳明. 星载操作系统可信计算与度量认证技术研究[J]. 西北工业大学学报
GAO Jianjun, YAN Wen, SHI Junru, LIU Mingming, YAO Hongjing, GUO Yangming. Study on Trusted Computing and Measurement Certification Technology of On-Board Operating System[J]. Northwestern polytechnical university
星载操作系统可信计算与度量认证技术研究
高建军1,2, 闫文1,2, 石郡儒1,2, 刘明明3, 姚红静3,4, 郭阳明3,4
1. 航天恒星科技有限公司, 北京 100086;
2. 北京市天地一体化信息安全工程技术研究中心, 北京 100020;
3. 西北工业大学, 陕西 西安 710072;
4. 西北工业大学 深圳研究院, 广东 深圳 518057
摘要:
针对空间环境复杂和星载资源受限的特点,基于可信芯片支持,提出了一种适应于星载操作系统的动态度量认证方法,给出可配置的关键度量对象标识方案和验证策略。该方法根据星载应用关键等级设置关键度量对象和度量策略,对运行中关键应用进程进行周期性的度量验证,形成了一套星载软件的系统安全防护验证机制。实验结果表明,动态度量方法提升了系统可信度,性能满足星上应用要求,具有很好的实用价值。
关键词:    星载操作系统    高可信    动态度量   
Study on Trusted Computing and Measurement Certification Technology of On-Board Operating System
GAO Jianjun1,2, YAN Wen1,2, SHI Junru1,2, LIU Mingming3, YAO Hongjing3,4, GUO Yangming3,4
1. Space Star Technology Co., Ltd, Beijing 100086, China;
2. Beijing Engineering Research Center of Space-Ground Integrated Information Security, Beijng 100020, China;
3. Northwestern Polytechnical University, Xi'an 710072, China;
4. Research and Development Institute of Northwestern Polytechnical University in Shenzhen, Shenzhen 518057, China
Abstract:
Based on the complexity of space environment and the limitation of space resources, a dynamic metric authentication method for spaceborne operating system with the trusted chip support is proposed, and the configurable key metric object identification scheme and verification strategy are given. In this method, Key measurement objects and measurement strategies can be set according to the key level of on-board application. The critical application processes in operation can be measured and verified periodically, then a system security protection verification mechanism for on-board software is obtained. The experimental results show that the dynamic measurement method improves the reliability of the system, and the performance meets the requirements of on-board applications, which has great practical value.
Key words:    on-board operating system    high assurance    dynamic measurement   
收稿日期: 2020-01-14     修回日期:
DOI: 10.1051/jnwpu/20203851063
基金项目: 陕西省创新能力支撑计划项目(2019PT-03)资助
通讯作者:     Email:
作者简介: 高建军(1980-),西北工业大学硕士研究生,主要从事信息系统安全研究。
相关功能
PDF(1439KB) Free
打印本文
把本文推荐给朋友
作者相关文章
高建军  在本刊中的所有文章
闫文  在本刊中的所有文章
石郡儒  在本刊中的所有文章
刘明明  在本刊中的所有文章
姚红静  在本刊中的所有文章
郭阳明  在本刊中的所有文章
参考文献:
[1] ZHAO S J, LI X, ZHANG Q Y, et al. Security Analysis of SM2 Key Exchange Protocol in TPM2.0[J]. Security & Communication Networks, 2015, 8:383-395
[2] 冯伟, 冯登. 基于串空间的可信计算协议分析[J]. 计算机学报,2015,38(4):3-18 FENG Wei, FENG Deng. Analyzing Trusted Computing Protocol Based on the Strand Spaces Model[J]. Chinese Journal of Computers, 2015,38(4):3-18(in Chinese)
[3] 潘汪洋. 基于vTPM的Xen虚拟机动态完整性度量模型研究[D]. 保定:河北大学,2017 PAN Wangyang. Research on Dynamic Integrity Measurement Model of Xen Virtual Machine Based on vTPM[D]. Baoding:Hebei University, 2017(in Chinese)
[4] 王勇. 基于可信计算PLC的身份认证与终端度量技术的研究[D]. 沈阳:沈阳理工大学,2018 WANG Yong. Research on the Authentication and Terminal Measurement Technology of PLC Based on Trusted Computing[D]. Shenyang:Shenyang Ligong University, 2018(in Chinese)
[5] 马卓. 智能电网环境下基于可信计算的移动终端安全接入技术研究[D]. 北京:国网电力科学研究院,2012 MA Zhuo. The Security Access Technology Research of Mobile Terminals Based on Trusted Computing in Smart Grid[D]. Beijing:State Grid Electric Power Research Institute, 2012(in Chinese)
[6] 张磊. 可信网络功能虚拟化关键技术研究[D]. 南京:东南大学,2017 ZHANG Lei. Research on Key Technology of Trusted Network Function Virtualization[D]. Nanjing:Southeast University,2017(in Chinese)
[7] 徐日. 可信计算平台完整性度量机制的研究与应用[D]. 西安:西安电子科技大学,2009 XU Ri. Research and Application of the Integrity Measurement Mechanism on Trusted Computing Platform[D]. Xi'an:Xidian Universtity, 2009(in Chinese)
[8] MEGUMI A, JOSHUA D. GUTTMAN, et al. Hash-Based TPM Signatures for the Quantum World[C]//Proceedings of the 16th International Conference on Applied Cryptography and Network Security ACNS, Guildford, UK, 2016:77-94
[9] 张建标. 面向Windouws环境进程主动动态度量方法[J]. 山东大学学报,2018, 53(7):46-50 ZHANG Jianbiao. Process Active Dynamic Measurement Method for Windows Environment[J]. Journal of Shandong University, 2018, 53(7):46-50(in Chinese)
[10] 蒋逸尘, 韩臻, 张大伟. 基于PTM的可信虚拟平台方案[J]. 北京交通大学学报,2013,37(5):67-74 JIANG Yichen, HAN Zhen, ZHANF Dawei. A Scheme of Trusted Virtualization Platform Based on PTM[J]. Journal of Beijing Jiaotong University, 2013,37(5):67-74(in Chinese)

版权所有 © 2014《西北工业大学学报》编辑部   地址:陕西省西安市碑林区友谊西路127号西北工业大学期刊编辑部 

邮编:710072  电话:029-88495455  Email:xuebao@nwpu.edu.cn

本系统由北京仁和汇智信息技术有限公司设计开发   技术支持:info@rhhz.net