基于国产平台的可信软件栈研究

发布时间：2018-03-28 10:48

本文选题：龙芯3A　切入点：可信密码模块　出处：《北京工业大学》2014年硕士论文

【摘要】：在当今信息社会中，信息安全面临着严重的挑战。为了维护国家安全和利益，信息系统国产化的研究具有重大的战略意义，其中核心处理器、高端通用芯片是国产化过程中的重中之重。龙芯系列处理器是我国具有自主知识产权的系列处理器，龙芯处理器的诞生打破了我国长久以来的无“芯”状况。黑客从之前的破译口令、窃取会话信息，到利用错误配置服务、bug服务漏洞，又转向攻击无保护的终端。因此，从芯片、主板等硬件和BIOS、操作系统等底层软件综合采取措施，才能有效地提高计算机的安全性。我国自主研制了基于国内密码算法的可信模块——可信密码模块（Trusted Cryptography Module，TCM）。TCM是置于计算机中的安全子系统，为安全应用软件在硬件上提供安全保障。TSM为应用程序调用TCM安全保护功能提供入口点，管理TCM资源，并向应用程序隐蔽TCM所建立的功能命令。事实上，安全应用程序不应该直接访问TCM，而是通过调用TCM服务模块（TCM Service Module，，TSM）来使用TCM的安全功能。结合中电科技（北京）有限公司的国产CPU平台安全可信开发项目，开展了基于龙芯3A处理器、AMD RS780E+SB710芯片组和TCM芯片硬件平台的TCM系统驱动与TSM的模块、接口实现的研究，为应用程序可靠地访问安全的TCM硬件资源提供了基础。主要工作如下：首先，在介绍国内外主要硬件平台的基础上，分析了基于国产平台的可信软件栈实现的重要意义，接着，论述了可信计算密码支撑平台及其所支持的密码算法。然后，基于龙芯3A处理器架构和TCM芯片平台，采用了实验法、功能分析法等研究方法研究了TCM驱动及TSM各层（TDDL、TCS、TSP）的实现。最后，为了评估基于龙芯3A与TCM芯片硬件平台的TSM系统的整体性能，进行了TCM驱动和TSM的可行性的检测以及可信计算技术的验证。
[Abstract]:In today's information society, information security is facing serious challenges. In order to safeguard national security and interests, the study of localization of information system has great strategic significance, in which core processor, High-end universal chip is the most important in the process of localization. The Godson series processor is a series of processors with independent intellectual property rights in China. The birth of the Godson processor has broken the "core" situation of our country for a long time. Hackers used to break passwords, steal session information, exploit misconfigured services, bug service vulnerabilities, and then attack unprotected terminals. Therefore, from hardware such as chips, motherboards, and BIOSs, operating systems and other underlying software, comprehensive measures are taken. In order to improve the security of computer effectively, our country has developed a trusted Cryptography module, trusted Cryptography module, which is based on the domestic cipher algorithm. TCM is a security subsystem placed in the computer. Provides security for secure applications on hardware. TSM provides an entry point for applications to invoke TCM security protection, manages TCM resources, and hides functional commands created by TCM from the application. Security applications should not access TCMs directly, but use TCM's security capabilities by calling the TCM services module tcm Service module. Combined with the domestic CPU platform security and credible development project of China Electric Power Technology (Beijing) Co., Ltd, the research on the module and interface realization of TCM system driver and TSM based on RS780E SB710 chipset of Longson 3A processor and TCM chip hardware platform is carried out. Provides the basis for the application to reliably access secure TCM hardware resources. The main work is as follows:. Firstly, on the basis of introducing the main hardware platforms at home and abroad, the significance of the implementation of trusted software stack based on domestic platform is analyzed. Then, the trusted computing cryptographic support platform and its supported cryptographic algorithms are discussed. Then, based on the structure of Godson 3A processor and the TCM chip platform, the implementation of TCM driver and TSM TDDL TCSN TSPs is studied by means of experimental method and function analysis method. Finally, in order to evaluate the overall performance of TSM system based on Godson 3A and TCM chip hardware platform, the feasibility of TCM driver and TSM is tested and the trusted computing technology is verified.
【学位授予单位】：北京工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP309

【参考文献】