Static measurement method and device for trusted computing platform based on dual-system architecture

Abstract

The invention discloses a static measurement method and device for a trusted computing platform based on a dual-system architecture. The method comprises the steps that when a computer is powered on,hardware resources of the computer are divided into protection hardware resources and calculation hardware resources, the calculation hardware resources allow the protected hardware resources to access and cannot access the protection hardware resources, the protection hardware resources are used for operating a protection subsystem, and the calculation hardware resources are used for operating acalculation subsystem; and the protection hardware resources are controlled to be started before the computing hardware resource, and he starting stage of the computing hardware resources is measuredin the process of starting the computing subsystem by the computing hardware resources. According to the invention, the technical problem of relatively low computer security in related technologies issolved.

Description

technical field [0001] The invention relates to the field of Internet security, in particular to a static measurement method and device for a trusted computing platform based on dual architectures. Background technique [0002] The current cyberspace is extremely fragile. Stuxnet, ransomware (such as Wannacry), Mirai virus and other cyber attacks that have caused great impact emerge in endlessly and become increasingly rampant. The problem is that blindly adopting the "blocking and killing" passive defense methods represented by "firewall", "virus scanning and killing", "intrusion detection" and so on is hard to defend against, especially in the face of attacks aimed at the vulnerabilities of the target system. Unable to defend effectively. [0003] The trusted computing chip TPM proposed by the international TCG organization (English full name Trusted Computing Group, Chinese name Trusted Computing Organization) is used as an external device of a computer. Static measurem...

AI Technical Summary

Problems solved by technology

However, the TPM is essentially just a passively mounted external device on the computer. It will only function when it is called by the host program. Once the host is controlled by the attacker, the TPM will not be able to play its role, resulting in TCG's trusted computing architecture. When hackers exploit computer system logic flaws to attack, it is basically difficult to resist. For example, Windows 10 fully implements TCG's trusted computing architecture, but it fails to prevent the Wannacry ransomware attack

[0005] In addition, the trusted computing platform implemented by TPM is essentially a single system architecture, and TPM has limitations in accessing and controlling computer resources.

Moreover, TPM can only statically measure resources such as computer firmware and executable programs, and cannot dynamically measure application execution and the execution environment it depends on.

[0006] For the trusted computing platform implemented by TPM is essentially a single system architecture, TPM’s firmware and executable programs and other resources are statically measured, and it is impossible to dynamically measure application execution and the execution environment it depends on. , control has limitations, the security capability of TPM is completely dependent on the security of the host system

[0007] For the above problems, no effective solution has been proposed

Images