广西师范大学学报(自然科学版) ›› 2020, Vol. 38 ›› Issue (2): 43-50.doi: 10.16088/j.issn.1001-6600.2020.02.005

• CTCIS2019 • 上一篇    下一篇

基于可信处理器芯片的服务器可信框架

修桂林1, 张博为1, 刘凡2, 罗奥1*   

  1. 1.清华大学微电子学研究所,北京10084;
    2.澜起科技股份有限公司,上海200233
  • 收稿日期:2019-10-08 发布日期:2020-04-02
  • 通讯作者: 罗奥(1984—), 男, 湖北十堰人, 清华大学工程师。E-mail: aoluo@tsinghua.edu.cn
  • 基金资助:
    国家科技重大专项(2018ZX01028201);国家自然科学基金(61672317,61834002);国家科技攻关计划(2018YFB2202101)

Server Trusted Framework Based on Trusted CPU Chip

XIU Guilin1, ZHANG Bowei1, LIU Fan2, LUO Ao1*   

  1. 1. Institute of Microelectronics, Tsinghua University, Beijing 10084, China;
    2. Montage Technology, Shanghai 200233, China
  • Received:2019-10-08 Published:2020-04-02

PDF (PC)

746

摘要: 服务器是信息系统、云数据存储和处理的重要工具,中央处理器是服务器的核心。当前处理器芯片电路规模庞大、生产流程复杂,且处理器的设计、封装和制造都严重依赖国外技术和厂家。保证处理器芯片及服务器的安全可信是涉及到网络安全、信息安全乃至国家安全的重要课题。迄今为止,处理器芯片硬件行为的可信研究尚未得到足够的关注。本文首先给出了“可信处理器芯片”的概念,梳理近年来处理器芯片面临的安全风险;在此基础上,提出了基于清华大学DSC技术的可信处理器芯片实现原理及其服务器软硬件可信框架;最后,探讨在当前安全形势下可信处理器芯片及其服务器可信框架的意义和高安全需求下的扩展应用价值。

关键词: 服务器, 处理器, DSC技术, 硬件安全, 可信框架

Abstract: The server is a fundamental facility for today’s information systems, cloud data storage and processing. CPU is the core element of the server. The current CPU circuit is extremely large in scale and complicated in production process, and its design, packaging and manufacturing are heavily dependent on foreign technologies and manufacturers. How to ensure the security and credibility of the processor chip is a key to network security and information security. But till today, credible research on the hardware behavior trustworthiness of CPU chip has not aroused sufficient attention. This paper first gives the concept of “trusted CPU chip”, combing the security risks faced by CPU chips in recent years. On this basis, the implementation principle of trusted CPU chip based on Tsinghua University DSC technology and its server trusted framework are proposed. Finally, this paper explores the significance of the trusted CPU chip and its server trusted framework in the current hardware security scenarios and the extended applications in covering high security requirements.

Key words: server, CPU, DSC technology, hardware security, trusted framework

中图分类号: 

  • TP332
[1] LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown: reading kernel memory from user space[C]//27th USENIX Conference on Security Symposium. Berkeley,CA: USENIX Association, 2018: 973-990.
[2] KOCHER P, GENKIN D, GRUSS D, et al. Spectre attacks: exploiting speculative execution[EB/OL]. (2018-01-03)[2019-10-08]. https://arxiv.org/abs/1801.01203.
[3] JIN Y. Introduction to hardware security[J].Electronics, 2015,4: 763-784.
[4] TEHRANIPOOR M, OUSHANFAR F. A survey of hardware trojan taxonomy and detection[J].IEEE Design & Test of Computers,2010,27: 10-25.
[5] BHASIN S, REGAZZONI F. A survey on hardware trojan detection techniques[C]//2015 IEEE International Symposium on Circuits and Systems(ISCAS). Lisbon,Portugal: IEEE, 2015: 2021-2024.
[6] BHUNIA S, HSIAO M, BANGA M, et al. Hardware Trojan attacks: threat analysis and countermeasures[J]. Proceedings of the IEEE,2014,102: 1229-1247.
[7] KRIEG C, DABROWSKI A, HOBEL H, et al. Hardware malware[J].Synthesis Lectures on Information Security, Privacy, & Trust,2013,4: 1-115.
[8] XIAO K, FORTE D, JIN Y, et al. Hardware trojans: lessons learned after one decade of research[J].ACM Transactions on Design Automation of Electronic Systems(TODAES),2016,22: 6.
[9] ROSTAMI M, KOUSHANFAR F, RAJENDRAN J, et al. Hardware security: threat models and metrics[C]//Proceedings of the International Conference on Computer-Aided Design. San Jose, CA:IEEE, 2013: 819-823.
[10]IMESON F, EMTENAN A, GARG S, et al. Securing computer hardware using 3D integrated circuit (IC) technology and split manufacturing for obfuscation[C]//22nd USENIX Conference on Security Symposium. Berkeley,CA: USENIX Association,2013: 495-510.
[11]XIAO K, TEHRANIPOOR M. BISA: built-in self-authentication for preventing hardware Trojan insertion[C]//2013 IEEE International Symposium on Hardware-Oriented Security and Trust(HOST). Austin,TX: IEEE,2013: 45-50.
[12]NARASIMBAN S, YUEH W, WANG X, et al. Improving IC security against Trojan attacks through integration of security monitors[J].IEEE Design & Test of Computers,2012,29: 37-46.
[13]SALMANI H, TEHRANIPOOR M, PLUSQUELLIC J. A novel technique for improving hardware Trojan detection and reducing trojan activation time[J].IEEE Transactions on Very Large Scale Integration (VLSI) Systems,2011, 20: 112-125.
[14]KASH J, TSANG J, KNEBEL D. Method and apparatus for reverse engineering integrated circuits by monitoring optical emission: US Patent 6,496,022[P]. 2002-12-07.
[15]CHAKRABORTY R, WOLFF F, PAUL S, et al. MERO: a statistical approach for hardware Trojan detection[C]// International Workshop on Cryptographic Hardware and Embedded Systems: LNCS 5747. Cham, Switzerland: Springer, 2009: 396-410.
[16]BANGA M, CHANDRASEKAR M, FANG L, et al. Guided test generation for isolation and detection of embedded Trojans in ics[C]//Proceedings of the 18th ACM Great Lakes symposium on VLSI.Orlando, Florida:ACM,2008: 363-366.
[17]NARASIMBAN S, DU D, CHAKRABORTY R, et al. Hardware Trojan detection by multiple-parameter side-channel analysis[J].IEEE Transactions on Computers,2012,62: 2183-2195.
[18]LAMECH C, RAD R, TEHRANIPOOR M, et al. An experimental analysis of power and delay signal-to-noise requirements for detecting Trojans and methods for achieving the required detection sensitivities[J].IEEE Transactions on Information Forensics and Security,2011,6(3): 1170-1179.
[19]KOUSHANFAR F, MIRHOSEINI A. A unified framework for multimodal submodular integrated circuits Trojan detection[J].IEEE Transactions on Information Forensics and Security,2010,6(1): 162-174.
[20]BHUNIA S, HSIAO M S, BANGA M, et al. Hardware Trojan attacks: threat analysis and countermeasures[J].Proceedings of the IEEE, 2014,102(8): 1229-1247.
[21]肖玮,陈性元, 包义保. 可重构信息安全系统研究综述[J].电子学报, 2017,45(5): 1240-1248.
[22]WANG Y, LIU L, YIN S, et al. On-chip memory hierarchy in one coarse-grained reconfigurable architecture to compress memory space and to reduce reconfiguration time and data-reference time[J].IEEE Transactions on Very Large Scale Integration(VLSI) Systems,2014,22(5): 983-994.
[23]Intel. Management Engine[EB/OL]. [2019-10-08]. https://en.wikipedia.org/wiki/Intel_Management_Engine.
[24]澜起科技股份有限公司. 津逮®处理器动态安全监控技术(DSC)白皮书 [R/OL]. (2018-09-13) [2019-08-29]. http://www.montage-tech.com/cn/Jintide_CPU/index.html.
[1] 王齐, 刘全明. 改进的基于文本节点的XML文档查询方法[J]. 广西师范大学学报(自然科学版), 2011, 29(3): 157-162.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 覃盈盈, 漆光超, 梁士楚. 凤眼莲组织浸提液对靖西海菜花种子萌发的影响[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 87 -92 .
[2] 韦宏金, 周喜乐, 金冬梅, 严岳鸿. 湖南蕨类植物增补[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 101 -106 .
[3] 林永生, 裴建国, 邹胜章, 杜毓超, 卢丽. 清江下游红层岩溶及其水化学特征[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 113 -120 .
[4] 张茹, 张蓓, 任鸿瑞. 山西轩岗矿区耕地流失时空特征及其影响因子研究[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 121 -132 .
[5] 李贤江, 石淑芹, 蔡为民, 曹玉青. 基于CA-Markov模型的天津滨海新区土地利用变化模拟[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 133 -143 .
[6] 王梦飞, 黄松. 广西西江经济带的城市旅游经济空间关联研究[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 144 -150 .
[7] 刘国伦, 宋树祥, 岑明灿, 李桂琴, 谢丽娜. 带宽可调带阻滤波器的设计[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 1 -8 .
[8] 温玉卓, 唐胜达, 邓国和. 随机环境下具有阈值分红策略的风险过程的破产时间分析[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 56 -62 .
[9] 冯修, 马楠楠, 职红涛, 韩双乔, 张翔. 重金属捕集剂UDTC对低浓度镉废水的处理研究[J]. 广西师范大学学报(自然科学版), 2018, 36(3): 63 -67 .
[10] 陈梦华,刘敏,王宁. Weizscker-Skyrme核质量公式的理论预言能力研究[J]. 广西师范大学学报(自然科学版), 2018, 36(1): 1 -8 .
版权所有 © 广西师范大学学报(自然科学版)编辑部
地址:广西桂林市三里店育才路15号 邮编:541004
电话:0773-5857325 E-mail: gxsdzkb@mailbox.gxnu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发