JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2018, Vol. 53 ›› Issue (1): 89-94.doi: 10.6040/j.issn.1671-9352.2.2017.346

Previous Articles    

Secure startup mechanism of server based on trusted BMC

SUN Liang1, CHEN Xiao-chun1, ZHONG Yang1, LIN Zhi-peng2, REN Tong3   

  1. 1. ZD Technologies( Beijing)Company Limited, Beijing 100083, China;
    2. Troops 96632 of Peoples Liberation Army, Beijing 100085, China;
    3. The Former 61th Research Institute of Academy of Military Science, Beijing 100141, China
  • Received:2017-08-28 Online:2018-01-20 Published:2018-01-19

Abstract: The startup process of server involves CPLD, BMC, BIOS and other important components either of which is left without protection resulting in security risks. Trusted Computing is helpful for the server boot protection, such as key hardware replacement, software tampering and server attacks. The trusted chip on baseboard of the server verifies the boot loader of BMC. The trusted BMC measures the integrity of the BMC operating system and BIOS according to the established policies. BIOS measures the server key hardware and software so as to build a complete trusted chain. The mechanism has been verified based on Kunlun BMC.

Key words: firmware, trusted computing, trusted BMC, secure startup

CLC Number: 

  • TP309.1
[1] 黄韬,刘江,霍如,等. 未来网络体系架构研究综述[J]. 通信学报,2014,35(8):184-197. HUANG Tao, LIU Jiang, HUO Ru, et al. Survey of research on future network architectures[J]. Journal on Communications, 2014, 35(8):184-197.
[2] 林闯,苏文博,孟坤,等. 云计算安全:架构、机制与模型评价[J]. 计算机学报,2013,36(9):1765-1784. LIN Chuang, SU Wenbo, MENG Kun, et al. Cloud computing security: architecture, mechanism and modeling[J]. Chinese Journal of Computers, 2013, 36(9):1765-1784.
[3] 张水平,李纪真,张凤琴, 等. 基于云计算的数据中心安全体系研究与实现[J]. 计算机工程与设计,2011,32(12):3965-3968+3979. ZHANG Shuiping, LI Jizhen, ZHANG Fengqin, et al. Research and implementation of data center security system based on cloud computing[J]. Computer Engineering and Design, 2011, 32(12):3965-3968+3979.
[4] 胡章丰,郭春梅,毕学尧. 云计算及SDN与安全技术研究[J]. 信息网络安全,2013,10(13):40-43. HU Zhangfeng, GUO Chunmei, BI Xueyao. Research on cloud computing, SDN and security technology[J]. Netinfo Security, 2013, 10(13):40-43.
[5] 詹志宏. 基于SDN的数据中心路由策略与安全认证研究[D].合肥:安徽大学,2016. ZHAN Zhihong. The study of data center routing strategy and security cerfificate based on SDN[D]. Hefei: Anhui University, 2016.
[6] 孙亮,陈小春,王冠,等. 基于UEFI固件的攻击验证技术研究[J]. 信息安全与通信保密,2016,07:89-93. SUN Liang, CHEN Xiaochun,WANG Guan, et al. Verificationtechnology based on UEFI firmware trojan[J]. Information Security and Communications Privacy, 2016, 07:89-93.
[7] 许鑫. 基于Intel TXT技术的可信服务器设计与实现[D].济南:山东大学,2015. XU Xin. The design and implementation of the trusted server based on intel trusted excution technology[D]. Jinan: Shandong University, 2015.
[8] 沈昌祥,张焕国,王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学,2010,40(2):139-166. SHEN Changxiang, ZHANG Huanguo, WANG Huaimin, et al. The reasearch and development of trust computing[J]. Scientia Sinica(Informations), 2010, 40(2):139-166.
[1] ZHANG Jian-biao, LI Zhi-gang, LIU Guo-jie, WANG Chao, WANG Wei. Process active dynamic measurement method for Windows environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 46-50.
[2] LI Xiao-ce, PAN Xiao-zhong, MAI Tao-tao. Multi-component property based remote attestation [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 53-58.
[3] JIANG Wei-jin, XU Yu-hui, GUO Hong, XU Yu-sheng. A multi-dimensional evidence dynamic trust computing model based on multi-agent [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2015, 50(01): 1-11.
[4] LUO Jun1, JIANG Jing-qi2, MIN Zhi-sheng1, LI Cheng-qing2. The research of trusted embedded system secure startup based on SHA-1 module [J]. J4, 2012, 47(9): 1-6.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!