可信PDA计算平台系统结构与安全机制_..docVIP

可信PDA计算平台系统结构与安全机制* 赵波1，2张焕国1(武汉大学 计算机学院 湖北武汉 430079) 2(空天信息安全与可信计算教育部重点实验室 湖北武汉 430079) The System architecture and Security structure of Trusted PDA Bo Zhao 1,2 Huanguo Zhang 1,2 Li Jing 1,2 Chen Lu 1,2 Wen song 1,2 1(Computer School, Wuhan University, Hubei, China) 2(State Key Lab of Software Engineering, Wuhan University, Hubei, China) E-mail: zhaobo@ 摘 要：：PDA as a handheld device, faced with a number of security issues. This article describes the Trusted PDA architecture and security mechanism by using the method of Trusted Computing. This paper proposes a “star-style” chain of trusted structure with data recovery functions, and it owns more safety, efficiency and reliability than the TCG trust structure .On this basis, the further use of technologies such as bus arbitration system constructed a trusted structural model of PDA. The paper also proposed and implemented a security enhanced embedded operating system for the trusted PDA. Based on trusted platform ,Trusted Network Connect (TNC), as well as SD cards full-disk encryption and other new security technologies and methods can be solved. On this basis, we developed the first trusted PDA-prototype system in China. After experimental verification, this PDA has reached all aspects of the technical requirements of the Trusted Computing Platform. Keywords: trusted computing, trusted computing platform, trusted PDA, star-style chain of trusted structure 中图分类号：TP309 文献标识码：A [1],[2]和设想，但是尚未有任何具体的实现理论和技术的说明；Intel ,IBM ,NTT 等公司提出了可信移动平台( trusted mobile platform , TMP)项目 ,以 TCG的可信平台模块( trusted platform module , TPM)为基础 ,提出了可信移动平台的软件、 硬件体系结构和协议规范[3]，[4],[5],[6] ，但同样缺乏具体的实现方案;国内的其他学者[7],[8],[9],[10]也提出了利用该TPM模块与嵌入式CPU进行通信，以改善嵌入式系统安全水平的方法，这些平台构建方案都是基于TPM 模块 ,现有TPM模块是针对 PC 终端设计的,并不能满足移动平台特有的属性和应用需求，也没有解决TPM和嵌入式CPU的双CPU结构对系统的控制等问题。 目前，基于TCG的规范标准，已经有了比较成熟的可信PC产品，TCG对可信PC[12]的链式信任关系的定义和实现值得研究可信嵌入式平台借鉴。本文描述的可信PDA在理论上提出了适合嵌入式系统的带数据恢复功能的星型信任结构，并使用总线仲裁等新技术来管理TPM和嵌入式CPU，解决了安全控制和系统应用之间的矛盾，提高了嵌入式系统的可信性和工作效率。可信P