基于TCM的安全Windows平台设计与实现

为了解决Windows系统的完整性度量与证明问题，提出了一种基于可信密码模块TCM (trusted cryptography module)的安全Windows平台方案。通过扩展Windows内核实现了2种安全模式：在度量模式下，所有加载的可执行程序都会被度量，度量值由TCM提供保护和对外认证；在管控模式下，度量值会进一步与管理员定制的白名单进行匹配，禁止所有不在白名单中的程序执行。实验分析表明，该方案可以增强Windows系统的安全性，抵抗一些软件攻击行为；同时，系统平均性能消耗在20~30 ms之间，不会影响Windows的正常运行。

Design and implementation of secure Windowsplatform based on TCM

A secure Windows platform solution based on TCM was proposed to solve the integrity measurement and attestation problem of the Windows system. Two security modes were realized by extending the Windows kernel: in the measurement mode, all executable contents that were loaded onto the Windows system were measured, and the TCM provided the protection and outward attestation for these measurements; and in the control mode, the measurements were further compared with a whitelist customized by an administrator, and all the programs that were not included in the whitelist would be prohibited from running. Experiment analysis shows that proposed solution can enhance the security of Windows platform and resist some software attacks; and at the same time, the average performance overhead is about 20~30 ms, which will not influence the normal running of Windows.