基于TPCM可信根的可信網(wǎng)絡(luò)連接設(shè)計(jì)與實(shí)現(xiàn)
信息技術(shù)與網(wǎng)絡(luò)安全
夏 攀
(北京可信華泰信息技術(shù)有限公司,,北京100195)
摘要: 可信連接作為可信計(jì)算理論的重要組成部分,,是實(shí)現(xiàn)信任在網(wǎng)絡(luò)上傳遞的核心技術(shù),在不同的產(chǎn)品和應(yīng)用場景中有不同的實(shí)現(xiàn)方案。設(shè)計(jì)并實(shí)現(xiàn)了一種基于TPCM可信根的可信連接技術(shù)架構(gòu),,通過TPCM在系統(tǒng)運(yùn)行過程中對(duì)系統(tǒng)環(huán)境進(jìn)行主動(dòng)度量,,實(shí)現(xiàn)平臺(tái)的基礎(chǔ)可信環(huán)境,,并將度量結(jié)果報(bào)告進(jìn)行簽名,,標(biāo)識(shí)平臺(tái)當(dāng)前環(huán)境的可信狀態(tài),由此實(shí)現(xiàn)對(duì)通信雙方身份的識(shí)別和可信驗(yàn)證,,減少非法網(wǎng)絡(luò)連接,,使整個(gè)系統(tǒng)具備主動(dòng)免疫防御能力,實(shí)現(xiàn)對(duì)未知威脅的有效防護(hù),。
中圖分類號(hào): TP393.08
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.04.002
引用格式: 夏攀. 基于TPCM可信根的可信網(wǎng)絡(luò)連接設(shè)計(jì)與實(shí)現(xiàn)[J].信息技術(shù)與網(wǎng)絡(luò)安全,,2021,40(4):7-13,,19.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.04.002
引用格式: 夏攀. 基于TPCM可信根的可信網(wǎng)絡(luò)連接設(shè)計(jì)與實(shí)現(xiàn)[J].信息技術(shù)與網(wǎng)絡(luò)安全,,2021,40(4):7-13,,19.
Design and implementation of trusted network connection based on trusted root of TPCM
Xia Pan
(Beijing Huatech Trusted Computing Information Technology Co.,,Ltd.,Beijing 100195,,China)
Abstract: As an important part of the theory of trusted computing, trusted connection is the core technology to realize trust transmission over the network. There are different implementation schemes in different products and application scenarios. This paper designs and realizes a trusted connection technique architecture based on TPCM trusted root. TPCM actively measures the system environment during system operation, realizes the basic trusted environment of the platform, and signs the measurement result report to identify the trustworthy status of the current environment of the platform, thereby realizing the identification and trustworthiness of the identities of the communicating parties, reducing illegal network connections, enabling the entire system with active immune defense capabilities, and realizing effective protection against unknown threats.
Key words : network security,;trusted computing 3.0;trusted platform control module,;trusted network connection,;active immune defense
0 引言
新版國家網(wǎng)絡(luò)安全等級(jí)保護(hù)標(biāo)準(zhǔn)《GB/T 22239-2019信息安全技術(shù) 網(wǎng)絡(luò)安全等級(jí)保護(hù)基本要求》《GB/T 25070-2019信息安全技術(shù) 網(wǎng)絡(luò)安全等級(jí)保護(hù)安全設(shè)計(jì)技術(shù)要求》《GB/T 28448-2019信息安全技術(shù) 網(wǎng)絡(luò)安全等級(jí)保護(hù)測評(píng)要求》于2019年12月正式發(fā)布并實(shí)施,在基本要求中對(duì)計(jì)算環(huán)境安全,、物聯(lián)網(wǎng)安全,、云安全、網(wǎng)絡(luò)通信的“可信驗(yàn)證”要求進(jìn)行了明確的描述[1-3],。可信連接作為可信計(jì)算的重要組成部分,,其設(shè)計(jì)與實(shí)現(xiàn)也成為熱門討論的話題。從事可信計(jì)算的各個(gè)研究組織或機(jī)構(gòu)都提出了各自的可信計(jì)算標(biāo)準(zhǔn)[4-7],,在標(biāo)準(zhǔn)中針對(duì)可信連接也提出了不同的要求[8-9],。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://forexkbc.com/resource/share/2000003471
作者信息:
夏 攀
(北京可信華泰信息技術(shù)有限公司,北京100195)
此內(nèi)容為AET網(wǎng)站原創(chuàng),,未經(jīng)授權(quán)禁止轉(zhuǎn)載,。