This paper analyzed the reality of computing platform and the threats, aiming at the requirements of homemade and threat computing software and hardware platform, high security level, and security trusted, used secure hardware platform, secure kernel ifrmware, secure domain three level framework, put forward the high secure computing platform architecture based on multi-kernel and multi-domain security extended level by level. The architecture uses trust computing, security and virtualized technology, realizes embed trust root, combine several secure mechanisms, overcomes the limitations of original computing platform architecture, and promotes the safety of high secure computing platform comprehensively.%文章从信息系统基础平台的现状和网络攻击的威胁等方面进行分析,针对平台软硬件国产自主可控、平台高安全等级、安全可信等要求,采用安全硬件平台、安全核心固件、安全处理域的基本组成架构,提出了安全逐层扩展体系结构模型.文章以资源管控、资源隔离、可信计算、信息加密四条主线对模型组成架构进行安全逐层扩展,并在此基础上提出了基于多核多域安全逐层扩展的高安全计算平台体系结构.该模型综合运用可信计算、安全保密、虚拟化等技术,实现内嵌可信根、多安全机制融合、多域资源(CPU、内存、外设)隔离等,有效克服传统计算机体系架构系统完整性难以保证等安全缺陷,推动高安全计算平台的整体安全防护能力.
展开▼
