A Server-Based Secure Bootstrap Architecture

摘要

The computer terminal plays an import role in the security of whole Local Area Network. However, the uncontrolled way of bootstrap brings about difficulties of providing sufficient trustworthiness to the LAN. To en force the terminal security of the LAN and especially its ability of resisting ill-meaning tampering, this paper puts forward a server-based bootstrap archi tecture, based on the trusted computing technology. By verifying the integrity of the terminal before booting the OS, this architecture can effectively prevent the terminal from booting into a tampered OS, and the recovery module meanwhile enforces the robustness of the system. We present an implementa-tion of the architecture, which extends the Trusted GRUB by adopting an attestation process between the GRUB level and the attestation server. The performance analysis shows that at a low time delay, the security of the sys-tem has been improved, and the proposed architecture can also provide server with stronger control and management ability towards the whole LAN.