期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:5
页码:265-276
DOI:10.14257/ijsia.2014.8.5.24
出版社:SERSC
摘要:Currently, with the increasing number of embedded applications, the research for the security of embedded systems has become popular. Considering the requirement of integrity and security, the characteristics and the design constraints of embedded systems, a method of constructing software trusted root and a trunk-branch trusted chain transfer model is proposed. The software trusted root is composed of boot loader and reliable kernel. SHA-1 engine which is included in boot loader (burned in boot flash), measures and loads the trusted kernel and protect the boot loader by prohibiting kernel and user-level application to write to flash. SHA-1 and trusted kernel together can be used as a trusted root to withstand non-physical attacks. Trusted kernel contains virtual trusted platform module (vTPM) module which can provide cryptographic functions and related services to the user kernel and guides flash to open up specific memory for platform configuration register (PCR) of vTPM. Application is running as a process of the trusted kernel. In the trunk-branch trusted chain transfer model, boot loader verify the trusted kernel, trusted kernel authenticate users kernel, and kernel users verify the application, thus the trust extents to the application layer. The proposed method not only avoids the trust attenuation problem which may occur in chain transfer, but also raises the low efficiency caused by using only ETPM to measure reliability in the star model. Finally, a prototype system is given, and the test results show that this method has built a trusted computing environment for embedded applications on existing hardware and software resources without additional hardware.
关键词:trusted computing; embedded system; dual-kernel; trusted root; trunk-branch ; model