CAJ | 학술논문

目前,内网环境下的终端管理一般是在终端的操作系统中安装和运行特定的安全软件,对终端进行接入控制、远程监控.但是,操作系统中运行的软件容易被用户卸载和中止,从而难以对终端实现持久存在的保护.文章提出了基于可信固件的持久化守护技术,并在该技术基础上研发了终端安全管理系统.该系统能够实现终端资产管理、U口管控、地理围栏、策略管理等功能.并且,该系统在开机过程和操作系统运行过程中,能够通过固件对操作系统中的特定文件和关键程序进行保护,即使更换硬盘、格式化分区,也可以在安全程序发生异常时进行自动恢复.
목전,내망배경하적종단관리일반시재종단적조작계통중안장화운행특정적안전연건,대종단진행접입공제、원정감공.단시,조작계통중운행적연건용역피용호사재화중지,종이난이대종단실현지구존재적보호.문장제출료기우가신고건적지구화수호기술,병재해기술기출상연발료종단안전관리계통.해계통능구실현종단자산관리、U구관공、지리위란、책략관리등공능.병차,해계통재개궤과정화조작계통운행과정중,능구통과고건대조작계통중적특정문건화관건정서진행보호,즉사경환경반、격식화분구,야가이재안전정서발생이상시진행자동회복.
At present, the terminals management system consists of the software which installed on the operating system. However, the software, running on the operating system, is easy to be unloaded. Persistence guard technology and terminals security management system is proposed based on trusted firmware in this paper. And the functions of terminals security management system include terminal information collection, USB interface control, Geo-fencing and policy management. Through the persistence guard technology, terminals security management is able to protect the file of key program of operation system in the boot process of computer. Terminals security management can carry on the automatic recovery in safety procedure when an exception occurs; even replace the hard disk, format partitions.