Security management system and method of dependable computing platform

Abstract

The invention discloses a security management system and method of a dependable computing platform. The security management system comprises a dependable code module, a security management center module, a security management agent module and a security strategy management protocol module; the security strategy management protocol module between the security management center module and the dependable code module is realized on basis of the dependable code module so that the security of the transmission of a security management strategy is ensured; the security protection of a security strategy at a security management center is realized on basis of the dependable code module; and a security strategy at the dependable computing platform is stored in the dependable code module, and the security of the security strategy is protected by the dependable code module so that the security of the storage of the security management strategy is ensured. The security management method based on the dependable computing platform comprises a step of generating a security strategy management protocol and steps of producing, extracting and deleting a new security strategy by the security management center and has the advantages of fulfilling the protection of encryption and integrity verification of security strategy data and preventing data leakage and unauthorized tampering of the security strategy data from an attacker.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for providing centralized management of security policies for a trusted computing platform, and the method ensures the security of the process of storing and distributing the security policies. technical background [0002] The PC implementation specification proposed by the Trusted Computing Group (TCG) stipulates that the integrity hash value of each piece of executable code is stored in the platform configuration register (PCR) during the chain of trust transfer process during the system boot phase, and the measurement log Stored in ACPI. PCR and metrics logs are used to report the integrity status of the system to third parties. TCG does not involve the management of the trusted computing platform's own security policy. [0003] Usually, the security policy management modes of information systems are mainly divided into autonomous management, centralized managem...

AI Technical Summary

Problems solved by technology

The usual protection method is to install a firewall in front of the security management center or to enhance the security of the host computer. However, since the current security management center and firewall are all application systems running on the PC, due to the simplified structure of the PC software and hardware, malicious Attackers can directly bypass the protection of the security protection system from the system level, attack and destroy the security management center, and directly tamper with the security policy

Images