摘要
随着国内IT基础设施产业的不断发展,国产芯片、操作系统和应用系统得到了大范围应用。固件作为底层硬件设备与操作系统之间的纽带,其安全性直接影响国产化IT基础设施产业链的长久发展。分析国产化IT基础设施固件安全的现状,针对固件安全存在的威胁提出通用固件安全模型。基于该模型,用户可实现国产化IT基础设施产业固件的安全评估,了解固件面临的安全威胁和安全风险;针对威胁和风险,搭建固件安全防护体系,补齐短板;制定固件安全标准,推动固件安全领域的持续健康发展。
With the development of localized IT infrastructure industry in China,localized chip,operation system and application are widely used in information system.Firmware is the link between low-level hardware equipment and operation system.Therefore,security of firmware plays extremely important role in localized IT infrastructure industry.Perform deep research about situation of firmware security and proposes a general firmware security model against firmware threatens.Based on the model,users can perform firmware security assessment,understand threaten and risk against firmware and build firmware security protection system.Moreover,standards about firmware security should be developed to promote the sustainable and healthy development of firmware security.
作者
徐辰福
安婧
韦晓鹏
XU Chen-fu;AN Jing;WEI Xiao-peng(Chengdu Spacexwalk Technology Co.,Ltd.,Chengdu 610096,China;Shenyang Guidaojiaotong Polytechnic Institute,Shenyang 110023,China)
出处
《软件导刊》
2021年第10期44-49,共6页
Software Guide
关键词
国产IT基础设施
固件安全
通用安全模型
安全评估
安全防护
domestic IT infrastructure
firmware security
general security model
security assessment
security protection
