具有主动免疫能力的电力终端内嵌入式组件解决方案

智能电网发展迅速,现有的通过物理隔离来保护电力系统终端的防护手段已经不足以应对一些新的威胁。本文提出了一种具有主动免疫能力的电力终端内嵌入式组件解决方案,为用户提供可信身份认证、可信存储、可信度量和可信报告的完整可信的计算环境。以信任链为核心,以高安全国密算法模块作为可信根,构建了覆盖安全启动、安全分区隔离、信任链传递机制和动态度量机制的主动免疫可信计算技术方案,并对该方案进行了原型实现。实验证明了该方案可以抵御恶意软件注入及破坏安全启动的攻击,并且具有良好的效率。

Solution Scheme of Embedded Component with Active Immunity for Electric Power Terminals

With the development of smart grids,the existing protection for power system terminals through physical isolation is not enough to deal with new threats.In this paper an embedded component solution with active immunity is proposed,which provides users with a complete trusted computing environment for trusted identity authentication,trusted storage,trusted metrics and trusted reporting.With the high-security national cryptography algorithm module as the root of trust,an active immune trusted computing technology solution covering secure boot,secure partition isolation,trust chain delivery mechanism and dynamic measurement mechanism is constructed.The proposed solution and the experiments prove that the solution can efficiently resist malware injection and secure boot attack.