Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Dynamic measurement method based on a dual-architecture trusted computing platform

A dynamic measurement and trusted computing technology, applied in the direction of platform integrity maintenance, internal/peripheral computer component protection, etc., can solve the problems of being difficult to resist, unable to apply dynamic measurement, and unable to play, so as to achieve the effect of improving security performance

Active Publication Date: 2019-06-21
沈昌祥
View PDF4 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, TPM is essentially just a passively mounted external device on the computer. It will only function when it is called by the host program. Once the host is controlled by an attacker, the TPM will not be able to play its role, and the use of TPM can only affect the firmware of the computer. Static measurement of resources such as executable programs and executable programs cannot be used for dynamic measurement of application execution and the execution environment it depends on. Resist, for example, Windows 10 fully implements TCG's Trusted Computing Architecture, but fails to prevent the Wannacry ransomware attack
As an external device passively attached to the computer, the TPM can only statically measure resources such as the firmware and executable programs of the computer through the host software call. There are limitations in resource access and control, and its security capabilities are completely dependent on the host. system security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic measurement method based on a dual-architecture trusted computing platform
  • Dynamic measurement method based on a dual-architecture trusted computing platform
  • Dynamic measurement method based on a dual-architecture trusted computing platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0090] A dynamic measurement method based on a dual-architecture trusted computing platform provided by the present invention will be described in detail below.

[0091] A dynamic measurement method based on a dual-architecture trusted computing platform, such as figure 1 As shown, it may include: a parallel computing subsystem and a protection subsystem, the computing subsystem is used to complete computing tasks, the protection subsystem is used to control the module through the trusted platform, and actively measure and actively measure the computing subsystem according to the trusted policy Control; there is a security isolation mechanism between the computing subsystem and the protection subsystem, and they interact through a dedicated access channel;

[0092] Dynamic measurement methods include:

[0093] During the operation of the computing subsystem, when the trigger condition of the dynamic measurement is satisfied, the protection subsystem, through the control layer...

Embodiment 2

[0101] The implementation method of real-time measurement will be described in detail below.

[0102] Such as figure 2 As shown, when the behavior is triggered, the protection subsystem, through the control layer in the trusted software base, actively measures and controls the behavior according to the trusted policy, including:

[0103] When the dynamic measurement is triggered by the behavior, the protection subsystem, through the control layer in the trusted software base, performs dynamic measurement on the computing subsystem according to the trusted policy and the obtained application execution information in the computing subsystem, including:

[0104] S101. When the control layer detects the behavior, obtain information related to the behavior from the context information;

[0105] Behavior-related information includes subjects, objects, operations, and execution environments. Subjects are objects that perform operations, such as users and applications; objects are o...

Embodiment 3

[0118] The implementation method of the timing measurement will be described in detail below.

[0119] Such as image 3 As shown, when the dynamic measurement is triggered by the predetermined time point and / or the predetermined measurement period, the protection subsystem, through the control layer in the trusted software base, according to the trusted policy and the acquired correlation of the application execution in the computing subsystem information, dynamic measurements of computing subsystems include:

[0120] S201. When reaching a predetermined time point and / or a predetermined measurement period, the control layer acquires current execution environment information of the computer subsystem;

[0121] S202. The control layer matches the dynamic policy related to the execution environment information from the trusted policy library;

[0122] S203. The control layer measures the execution environment information according to the dynamic policy, and obtains a measuremen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a dynamic measurement method based on a trusted computing platform with a double-system structure. The trusted computing platform comprises a computing subsystem and a protection subsystem which are parallel. The computing subsystem is used for completing a computing task, and the protection subsystem is used for carrying out active measurement and active control on the computing subsystem according to a trusted strategy through a trusted platform control module. The dynamic measurement method comprises the steps that in the operation process of a computing subsystem, when the triggering condition of dynamic measurement is met. A protection subsystem conducts dynamic measurement on the computing subsystem through a control layer in a credible software base accordingto a credible strategy and obtained related information executed by an application in the computing subsystem. The dynamic measurement method provided by the invention is based on a trusted computingplatform with a dual-system structure, and utilizes the dynamic measurement method to dynamically measure the related information executed by the application in the operation process of the computingsubsystem, so that the whole process of the computing subsystem is measurable and controllable, and the safety performance of the computing subsystem is improved.

Description

technical field [0001] The invention relates to the field of trusted computing, in particular to a dynamic measurement method based on a dual-architecture trusted computing platform. Background technique [0002] The current cyberspace is extremely fragile, and cyberattacks such as Stuxnet, Wannacry, and Mirai that have caused great impacts emerge in endlessly and become increasingly rampant. The root cause is that the problem is not addressed from the root causes of network security risks, and the passive defense methods of "blocking and killing" represented by "firewall", "virus scanning and killing" and "intrusion detection" are blindly adopted, which is hard to prevent , especially in the face of attacks launched against the vulnerabilities of the target system, it is impossible to effectively defend at all. [0003] In order to solve the problems faced by the current cyberspace security, the international TCG organization has proposed a method of trusted computing, whi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F21/74
Inventor 沈昌祥孙瑜王涛杨成刚
Owner 沈昌祥
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products