通信学报 ›› 2014, Vol. 35 ›› Issue (Z2): 72-85.doi: 10.3969/j.issn.1000-436x.2014.z2.011

• 学术论文 • 上一篇    下一篇

跨平台的可信执行环境模块方案研究

张倩颖,赵世军,冯伟,秦宇,冯登国   

  1. 中国科学院 软件研究所,北京100190
  • 出版日期:2014-11-25 发布日期:2017-06-19
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;国家重点基础研究发展计划(“973”计划)基金资助项目

Research of a trusted execution environment module for multiple platforms

Qian-ying ZHANG,Shi-jun ZHAO,Wei FENG,Yu QIN,Deng-guo FENG   

  1. Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
  • Online:2014-11-25 Published:2017-06-19
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Key Basic Research Program of China (973 Program)

摘要:

摘 要:针对现有TPM、MTM等可信计算模块不能跨平台使用,未考虑算法、协议、功能更新等问题,提出一种基于硬件的可信执行环境模块(TEEM,trusted execution environment module)架构,该架构利用ARM TrustZone技术构建一个运行在硬件安全隔离环境中的可信计算模块。该模块能够为多种平台提供可信计算功能,具备较强的移动性和便携性,并且允许用户根据需要灵活地配置、升级模块的功能和算法。设计并实现了基于TEEM架构的原型系统,原型系统的安全性分析和性能测试结果表明,TEEM能够为用户提供一个安全、稳定、高效的可信执行环境。

关键词: 可信执行环境, 可信计算, ARMTrustZone, 可信平台模块, 移动可信模块

Abstract:

The current TPM,MTM and other trusted computing modules don’t take into account the variety of platforms and the update of the inside algorithms,protocols and functions.A hardware trusted execution environment module (TEEM) architecture,which uses ARM TrustZone technology to build a trusted computing module running in a secure isolated environment is designed.Proposed module not only supports variety of platforms,but also has strong mobility and portability.Moreover,it allows configuring and updating functions and algorithms of the module flexibly.A prototype system is implemented and its performance is tested.By analyzing the security of the system and the measurement results,it is shown that TEEM provides users with a safe,stable,efficient trusted execution environment.

Key words: trusted execution environment, trusted computing, ARM TrustZone, trusted platform module, mobile trusted module

No Suggested Reading articles found!