Trusted Computing
"The most important value of Trusted Computing is to prevent it from being tampered with. It will build the standard value of key links in advance, and pursue that each state is consistent with the standard. Otherwise, it will think that something has been tampered with, and an alarm will be given."
Some classmates may say that it's too reliable. But does it really need to be so demanding? And it's completely as difficult as the ideal situation, isn't it?
In the world of clouds, it really needs to be so strict. In the world of code, if you write a punctuation mark incorrectly, you will get bugs.
Let's think about it, today, whether it's our identity management, shopping history, medical records, or even currency, they have all been digitized, and most of them have already been uploaded to the cloud. Underneath the calm waters that we cannot see.
A commonly used security protection method is to constantly check where there are security vulnerabilities and plug them as soon as possible, or set up many security checks and permission management, and verify identity before entering.
These methods have actually been very advanced in the long-term process of wits and bravery, but security experts are thinking: discovering loopholes and filling them up are all afterwards and passive. What if the enemy has already infiltrated the interior?
So they invented "Trusted Computing". The general principle is to prepare a standard computing environment in advance and generate a standard value for subsequent verification. Every time this environment is started, it will be compared with the baseline value to ensure that the operation meets expectations.
We take operating system startup as an example. In the world of computers, the operating system is like a scheduling center or foundation, and other applications related to clothing, food, housing, and transportation run on it. The operating system administrator has high power. Once the operating system is breached, the upper level applications will fall.
Ensuring the trustworthiness of the operating system is a crucial operation. When the operating system starts, it requires the participation of many files and programs. As long as there are no files tampered with or malicious code inside, it can be considered safe. With Trusted Computing, security personnel can build a safe startup state of the operating system.
This state will exist in a very difficult to break security chip (like a safe).
Afterwards, every time the computer is turned on, the security chip checks the startup status. Once this status is different from the original one, it will alarm. Otherwise, it will be considered credible during this startup.
Two major differences between Trusted Computing and traditional security schemes
1. Trusted Computing is a hardware based solution that can prevent low-level attacks. The measurement, storage, and reporting of standard values are all handled by trusted roots in the form of security chips or other hardware firmware. The traditional security solution is based on the security of the operating system, where antivirus software runs on top of the operating system. If there are problems with the operating system or malicious code lurking below the operating system level, antivirus software may not be able to detect attacks.
2. A proactive and proactive security approach with preventive nature. Traditional security uses vulnerability libraries, virus libraries, and Trojan libraries. If some vulnerabilities, viruses, and Trojan horses are not collected, the security mechanism will have problems.
Trusted startup, coupled with strict defense, allows users to ensure that the operating system is secure.
At present, Alibaba Cloud's seventh generation ECS has been fully equipped with security chips, achieving reliable startup of servers and instances. Enable cloud servers to achieve higher levels of security protection and stay away from high-level threats. At the same time, Alibaba Cloud has opened up trusted technology interfaces to support customers in secondary research and development based on their own needs, and to build a high-level application security environment.
In other words, on Alibaba Cloud, if users think that an application or a link of an application is particularly important, they can also use the idea of Trusted Computing to build a secure standard environment. Every time the application starts or at a critical stage, check to ensure trustworthiness.
At the same time, from the global policy and business environment, Trusted Computing will become a standard configuration.
There are many national or industrial specifications at home and abroad that explicitly require information systems to apply Trusted Computing technology.
Some classmates may say that it's too reliable. But does it really need to be so demanding? And it's completely as difficult as the ideal situation, isn't it?
In the world of clouds, it really needs to be so strict. In the world of code, if you write a punctuation mark incorrectly, you will get bugs.
Let's think about it, today, whether it's our identity management, shopping history, medical records, or even currency, they have all been digitized, and most of them have already been uploaded to the cloud. Underneath the calm waters that we cannot see.
A commonly used security protection method is to constantly check where there are security vulnerabilities and plug them as soon as possible, or set up many security checks and permission management, and verify identity before entering.
These methods have actually been very advanced in the long-term process of wits and bravery, but security experts are thinking: discovering loopholes and filling them up are all afterwards and passive. What if the enemy has already infiltrated the interior?
So they invented "Trusted Computing". The general principle is to prepare a standard computing environment in advance and generate a standard value for subsequent verification. Every time this environment is started, it will be compared with the baseline value to ensure that the operation meets expectations.
We take operating system startup as an example. In the world of computers, the operating system is like a scheduling center or foundation, and other applications related to clothing, food, housing, and transportation run on it. The operating system administrator has high power. Once the operating system is breached, the upper level applications will fall.
Ensuring the trustworthiness of the operating system is a crucial operation. When the operating system starts, it requires the participation of many files and programs. As long as there are no files tampered with or malicious code inside, it can be considered safe. With Trusted Computing, security personnel can build a safe startup state of the operating system.
This state will exist in a very difficult to break security chip (like a safe).
Afterwards, every time the computer is turned on, the security chip checks the startup status. Once this status is different from the original one, it will alarm. Otherwise, it will be considered credible during this startup.
Two major differences between Trusted Computing and traditional security schemes
1. Trusted Computing is a hardware based solution that can prevent low-level attacks. The measurement, storage, and reporting of standard values are all handled by trusted roots in the form of security chips or other hardware firmware. The traditional security solution is based on the security of the operating system, where antivirus software runs on top of the operating system. If there are problems with the operating system or malicious code lurking below the operating system level, antivirus software may not be able to detect attacks.
2. A proactive and proactive security approach with preventive nature. Traditional security uses vulnerability libraries, virus libraries, and Trojan libraries. If some vulnerabilities, viruses, and Trojan horses are not collected, the security mechanism will have problems.
Trusted startup, coupled with strict defense, allows users to ensure that the operating system is secure.
At present, Alibaba Cloud's seventh generation ECS has been fully equipped with security chips, achieving reliable startup of servers and instances. Enable cloud servers to achieve higher levels of security protection and stay away from high-level threats. At the same time, Alibaba Cloud has opened up trusted technology interfaces to support customers in secondary research and development based on their own needs, and to build a high-level application security environment.
In other words, on Alibaba Cloud, if users think that an application or a link of an application is particularly important, they can also use the idea of Trusted Computing to build a secure standard environment. Every time the application starts or at a critical stage, check to ensure trustworthiness.
At the same time, from the global policy and business environment, Trusted Computing will become a standard configuration.
There are many national or industrial specifications at home and abroad that explicitly require information systems to apply Trusted Computing technology.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
