嵌入式系统中数据存储保护的关键技术研究

发布时间：2018-05-31 11:14

本文选题：嵌入式系统 + 安全存储　；参考：《国防科学技术大学》2013年硕士论文

【摘要】：本文对嵌入式系统存储安全问题进行了深入分析研究，针对现有系统架构不够完善这一事实，提出一个更为有效的模型结构。这个模型旨在为嵌入式系统构建一个安全的执行环境，保护系统中存储数据的机密性和完整性。同时，通过对主存中残留的数据进行分析研究，，使嵌入式系统中外部存储的所有数据得到充分保护。研究内容和成果集中在以下几个方面：（1）通过对现有数据存储安全问题的分析，研究了嵌入式系统面临的安全性问题，详细分析了嵌入式系统将遭受的各种级别的恶意攻击，并研讨在不同层次上可能面临的安全威胁，提出了嵌入式系统中存储安全的相关准则。（2）对当前嵌入式系统中安全存储的技术问题进行了深入分析，在此基础上，重点研究了数据存储的机密性保护和完整性校验机制以及主存中数据的残留问题，并对其主要优势和不足进行分析。通过对多种安全技术进行分析比较，研究确定了保护存储数据安全的最有效方法，设计了安全存储的加密模型和完整性校验机制。提出一个更为有效的模型结构，即在系统的信任处理器中引入基于OTP的机密性保护模型与基于CRC的完整性校验机制，以此来增强嵌入式系统中片外数据存储的安全性保护，同时对残留在主存中的数据进行加密保护，从而提高了防范各类安全威胁的能力，为嵌入式系统中的数据存储构建了一个安全的环境。（3）研究进行了安全存储环境的模拟验证。通过在SimpleScalar仿真工具中，引入了OTP机密性保护模型和CRC完整性校验机制，模拟了安全的执行环境和处理器行为，验证了本次研究得出的基于安全嵌入式系统中的数据存储的机密性和完整性保护技术方案，具备科学性、实用性、可靠性，表明该项研究成果具备技术可用性。
[Abstract]:In this paper, the storage security of embedded system is deeply analyzed and studied, and a more effective model structure is put forward in view of the fact that the existing system architecture is not perfect enough. The purpose of this model is to build a secure execution environment for embedded systems and to protect the confidentiality and integrity of data stored in the system. At the same time, through the analysis of the residual data in the main memory, all the external data stored in the embedded system can be fully protected. The content and results of the study focused on the following: 1) through the analysis of the existing data storage security problems, this paper studies the security problems faced by the embedded system, and analyzes in detail the various kinds of malicious attacks that the embedded system will be subjected to. At the same time, the paper discusses the security threats that may be faced at different levels, and puts forward the relevant rules of storage security in embedded systems. Based on the in-depth analysis of the technical problems of secure storage in embedded systems, this paper focuses on the confidentiality protection and integrity verification mechanism of data storage and the residual problem of data in main memory. And its main advantages and disadvantages are analyzed. Through the analysis and comparison of various security technologies, the most effective method to protect the security of storage data is studied and the encryption model and integrity verification mechanism of secure storage are designed. This paper proposes a more effective model structure, that is, introducing the confidentiality protection model based on OTP and integrity verification mechanism based on CRC to the trust processor of the system, so as to enhance the security protection of off-chip data storage in embedded system. At the same time, the data remaining in the main memory is encrypted and protected, which improves the ability to guard against all kinds of security threats, and builds a secure environment for the data storage in the embedded system. The simulation of secure storage environment is carried out. By introducing OTP confidentiality protection model and CRC integrity verification mechanism into SimpleScalar simulation tools, the secure execution environment and processor behavior are simulated. The scheme of confidentiality and integrity protection of data storage based on security embedded system is verified, which is scientific, practical and reliable. It shows that the research result has technical availability.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP309;TP333

【共引文献】