基于独立核心安全组件的高安全体系结构

构建高安全体系结构是高安全级信息系统的一个重要前提。针对现有可信计算架构和基于VMM的虚拟化架构的核心模块存在易被篡改和被旁路的威胁,设计了一个基于独立核心安全组件的高安全体系结构HAICC。该体系结构通过硬件层有效实现了安全功能与计算功能的强隔离,将系统划分为独占不同物理资源的安全服务子系统和目标计算子系统,前者作为独立核心安全组件实施对整个计算系统的主动度量、实时监控、安全关键数据恢复。系统攻击实例及安全性分析表明,HAICC体系结构有效缓解了核心安全组件被篡改和被旁路的风险,提高了系统安全机制的完整有效性。

High-security Architecture on Independent Core Component

Building a high-security architecture is an important precondition of high-security information system.The core components of trusted computing architectures and virtualization architecture may be modified and bypassed.Aiming at this risk,a high-security architecture on independent core component(HAICC) was proposed.The architecture realizes strong isolation of security and computing functions by hardware.The system is divided into secure server sub-system and targeted computing sub-system,which occupy different physical resources.The former sub-system implements active measurement,runtime monitoring and key data recovery of the whole computing sub-system.The attack instance and security analysis show that,HAICC reduces the risk of modification and bypass for core security component,and enhances the integrity of security mechanisms.