摘要
可信计算以硬件安全机制为基础,建立可信赖计算环境,从体系结构上全面增强系统和网络信任,是当前学术界和产业界的关注热点.随着信息技术的深入发展,新应用场景的不断涌现,网络空间的安全威胁日益严峻,因此可信计算在重要信息系统的安全防护领域将发挥越来越重要的作用.本文从创新发展角度,围绕作者20年来在可信计算领域的研究成果,综述了可信计算理论的发展历程,提炼总结出涵盖两大方法基础、三大信任核心和四大关键技术的可信计算技术体系,阐述了移动可信计算、抗量子可信计算、可信物联网、可信云、可信区块链等方面的重要研究问题以及可信计算在这些领域的融合创新成果.在移动可信计算方面,软硬件结合的可信执行环境体系架构设计和实现是研究重点,其次,移动操作系统内核运行时安全隔离防护,以及基于可信执行环境(trusted execution environment,TEE)的移动应用安全防护也是两个重要研究问题.在可信物联网方面,由于嵌入式环境本身的特性以及资源的受限,轻量级的信任根构建、高效安全的软件证明、实用的安全代码更新机制、集群设备证明是该领域有待进一步研究的重要问题.在抗量子可信计算、可信云、可信区块链等新型场景中,可信计算技术也在不断地拓展其应用边界,发挥更加重要的作用.最后本文展望和讨论了可信计算未来的发展趋势.
Trusted computing is based on a hardware security mechanism establishing a trusted computing environment and comprehensively enhances the system and network trust from the architectural perspective.With the development of information technology and continuous emergence of new application scenarios,security threats in the cyberspace are becoming increasingly serious;hence,trusted computing is actively researched in both academia and industry to find solutions against such treats.This paper summarizes the development process of trusted computing theory from the perspective of innovation and development.The study centers around one of the author’s research results in trusted computing over the past 20 years.It proposes a trusted computing technology architecture that covers two method foundations,three trust cores,and four key technologies.Furthermore,the paper summarizes important research problems in mobile trusted computing,quantum-resistant trusted computing,trusted Internet of Things(IoT),trusted cloud,and trusted blockchain,elaborating on the integration and development of trusted computing in these fields.In mobile trusted computing,the design and implementation of a trusted execution environment architecture with software/hardware co-design is the focus of research.Another two important research issues in mobile trusted computing are the runtime security isolation and protection of the mobile operating system’s kernel and trusted execution environment-based mobile application security protection.Due to the characteristics of embedded environments and limitation of resources,the construction of lightweight trusted roots,efficient and secure software attestation,practical secure code update mechanism,and swarm device attestation are important issues for further research in trusted IoT.In new scenarios such as quantum-resistant trusted computing,trusted cloud,and trusted blockchain,trusted computing is also constantly expanding its application boundaries and playing an increasingly important role.Finally,this paper looks ahead and discusses the development trends in trusted computing.
作者
冯登国
刘敬彬
秦宇
冯伟
Dengguo FENG;Jingbin LIU;Yu QIN;Wei FENG(State Key Laboratory of Computer Science,Institute of Software,Chinese Academy of Sciences.Beijing 100190,China;Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《中国科学:信息科学》
CSCD
北大核心
2020年第8期1127-1147,共21页
Scientia Sinica(Informationis)
基金
国家重点研发计划(批准号:2018YFB0904900,2018YFB0904903,2020YFE0200600)
国家自然科学基金(批准号:61872343,61802375)资助项目。
关键词
可信计算
可信执行环境
移动可信计算
抗量子可信计算
可信物联网
可信云
可信区块链
trusted computing
trusted execution environment
mobile trusted computing
quantum-resistant trusted computing
trusted Internet of Things
trusted cloud
trusted blockchain