信息网络安全

信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 287-291.doi: 10.3969/j.issn.1671-1122.2015.09.064

• 入选论文 • 上一篇    

基于固件的终端安全管理系统研究与应用

陈小春, 孙亮, 赵丽娜   

  1. 中电科技(北京)有限公司,北京 100083
  • 收稿日期:2015-07-15 出版日期:2015-09-01
  • 通讯作者: 陈小春 xxchen@zd-tech.com.cn E-mail:xxchen@zd-tech.com.cn
  • 作者简介:陈小春(1980-),男,四川,高级工程师,硕士,主要研究方向:计算机固件、信息安全;孙亮(1980-),男,山东,工程师,博士,主要研究方向:信息和网络安全;赵丽娜(1981-),女,河北,工程师,硕士,主要研究方向:信息安全。

Research and Applicationon on Terminals Management Security System Based on Firmware

CHEN Xiao-chun, SUN Liang, ZHAO Li-na   

  1. China Electronics Technology (Beijing) Co., Ltd, Beijing 100083, China
  • Received:2015-07-15 Online:2015-09-01

RichHTML

0

PDF (PC)

111

摘要: 目前,内网环境下的终端管理一般是在终端的操作系统中安装和运行特定的安全软件,对终端进行接入控制、远程监控。但是,操作系统中运行的软件容易被用户卸载和中止,从而难以对终端实现持久存在的保护。文章提出了基于可信固件的持久化守护技术,并在该技术基础上研发了终端安全管理系统。该系统能够实现终端资产管理、U口管控、地理围栏、策略管理等功能。并且,该系统在开机过程和操作系统运行过程中,能够通过固件对操作系统中的特定文件和关键程序进行保护,即使更换硬盘、格式化分区,也可以在安全程序发生异常时进行自动恢复。

关键词: 可信固件, 持久化守护技术, 终端安全管理系统, 地理围栏

Abstract: At present, the terminals management system consists of the software which installed on the operating system. However, the software, running on the operating system, is easy to be unloaded. Persistence guard technology and terminals security management system is proposed based on trusted firmware in this paper. And the functions of terminals security management system include terminal information collection, USB interface control, Geo-fencing and policy management. Through the persistence guard technology, terminals security management is able to protect the file of key program of operation system in the boot process of computer. Terminals security management can carry on the automatic recovery in safety procedure when an exception occurs; even replace the hard disk, format partitions.

Key words: trusted firmware, persistence guard technology, terminal security management system, Geo-fencing

中图分类号: