Feiteng has joined hands with Datang Gaohongxinan (hereinafter referred to as “Gaohongxinan”) to launch a joint security computing solution based on the PSPA security architecture standard, helping upstream and downstream enterprises to solve problems ranging from equipment hardware to firmware, operating systems, cloud computing platforms, and business applications. The overall security and credibility issue provides end-to-end security and credibility support for the key information infrastructure of new infrastructure-related industries such as government affairs, energy, transportation, telecommunications, and finance.
Build a solid foundation for safety and credibility, and escort new infrastructure
Trusted computing has become the focus of the world’s cyberspace struggle. The National Cyberspace Security Strategy puts forward the strategic task of “consolidating the foundation of cybersecurity” and emphasizes speeding up the promotion and application of secure and trusted products. The “Classified Protection 2.0 National Standard” officially implemented in December 2019 requires the full use of safe and reliable products and services to ensure the safety of critical infrastructure.
During the advancement of new infrastructure, with the development and application of emerging technologies such as cloud computing, big data, artificial intelligence, Internet of Things, and blockchain, various network security incidents frequently occur, and security threats are becoming increasingly concealed and the harm caused Increasingly serious, the traditional security protection methods based on firewalls, intrusion monitoring, and anti-virus are difficult to meet the security needs of the new era. New infrastructure-related industries such as government affairs, energy, transportation, finance and other new infrastructure-related industries are facing huge security. Risks, once maliciously attacked, may have an immeasurable impact on the country, society and enterprises.
Relevant industries urgently need to build independent innovative, safe and reliable business systems to meet the urgent requirements of cyber security space construction. In order to effectively respond to related security challenges, Feiteng and Gao Hongxin’an have jointly launched a joint secure computing solution. Based on the secure processor platform based on Feiteng’s PSPA specification, the Gaohong Xin’an series of secure computing software is the core component, and the application is trusted (cloud ) Computing, confidential computing, operating system security and other technologies help upstream and downstream partners to solve the overall security and credibility issues from device hardware to firmware, operating system, cloud computing platform and business applications, serving government affairs, energy, transportation, finance and other industries Critical information infrastructure provides end-to-end secure and reliable support.
PSPA (Phytium Security Platform Architecture) is a processor security architecture standard formulated by Feitium Corporation. This is the first time that a domestic CPU company has released a CPU-level security architecture standard, which realizes the bottom-up intrinsic safety of domestic computer systems from the CPU level.
Click on the picture above to learn about the PSPA standard for Feiteng processor security architecture
PSPA defines the hardware and software functions and attributes involved in the security processor from ten aspects, including cryptographic acceleration engine, key management, trusted boot, trusted execution environment, secure storage, firmware management, mass production injection, and life cycle management , Resistance to physical attacks and hardware vulnerability immunity, involving chip hardware design, firmware design, mass production, etc., and comprehensive consideration and solution.
Feiteng has implemented the requirements of this specification in the design of the FT-2000/4 safety CPU released in September 2019. The FT-2000/4 secure CPU not only has unique innovations in built-in security, but also provides effective support for trusted computing from the CPU level. An active immune system architecture can be built on it, which can identify and resist viruses, Trojan horses, and attacks using vulnerabilities, effectively escorting information security.
Innovative technology + equal guarantee 2.0 standard,
Facilitate the full implementation of safety and credibility
The architecture composition of the secure computing joint solution is shown in the following figure:
1. Platform equipment support
At the hardware level of the platform, Feiteng PSPA-compliant security processors and domestic trusted computing modules that support Chinese commercial secret algorithms are used to ensure the credibility of the trust starting point. This solution supports the trustworthiness of various devices based on the Feiteng platform, including computing devices (such as servers, terminals, etc.), network devices (such as routers, switches, etc.), border devices (such as gatekeepers, firewalls, etc.) and other types of equipment Security enhancement and management.
2. Series of safety calculation software
Gaohongxin’s trusted support module provides basic drivers, trusted boot modules and trusted service modules for the realization of trusted computing functions; the operating system trusted enhancement system enhances the trusted security of mainstream operating systems such as Linux, and increases proactive Immune ability, with all the security functions required by the Equal Guarantee 2.0 standard for the “secure computing environment”; the trusted security management suite has the trusted/safe functions required by the Equal Guarantee 2.0 standard for the “Security Management Center”, helping users end-to-end The system conducts unified and trusted security management; the trusted operating mode protection platform/trusted software copyright protection system is based on trusted computing technology and Feiteng Trusted Execution Environment (TEE) technology to provide a high-level secure operating environment for applications.
The virtual root of trust module uses hardware virtualization, software simulation and other technologies to implement the physical root of trust function, providing the virtual environment with the same security functions as the hardware root of trust; the cloud computing trusted security enhancement module provides the credibility and security enhancement functions of the cloud computing platform , In line with the relevant content of the Equal Guarantee 2.0 standard for cloud computing security expansion requirements; the cloud computing key management system provides centralized key management functions for the management and business of the cloud computing platform, and significantly improves the strength of key protection.
3. Trusted cloud computing solutions
The trusted cloud computing solution is based on trusted cloud infrastructure, embedding trusted software such as virtual root of trust module, cloud computing trusted security enhancement module and operating system trusted enhancement system (supporting HostOS and GuestOS) for common cloud computing platforms, Build a trusted cloud computing platform with complete and trusted (cloud) computing functions and comprehensive cloud security protection capabilities, support standard KVM/QEMU, OpenStack, Ceph and other architectures, and meet the security general requirements of the Equal Guarantee 2.0 standard and cloud computing security expansion requirements. The software-defined trusted cloud infrastructure architecture is shown in the following figure:
The platform architecture is based on Feiteng’s PSPA-compliant security processor, and the infrastructure includes computing devices such as servers, network devices such as switches, storage devices, boundary devices, etc., and is equipped with domestic trusted computing modules, combined with trusted support modules and operating systems. Enhance the system and comprehensively enhance the trusted security of the infrastructure; the cloud resource layer builds a trusted resource pool through the trusted computing virtualization system, the trusted network virtualization system, and the trusted storage virtualization system; the cloud trusted management layer Embedded virtual trust root module, cloud computing trusted security enhancement module, cloud computing key management system and trusted security management suite, providing unified management functions of cloud computing platform, trusted security management functions, etc.; cloud application layer provides cloud platform services And application interfaces, including trusted cloud management portals and trusted cloud open interfaces, etc.
Trusted cloud computing solutions can effectively enhance the privacy of cloud user data, significantly improve the perceptibility and controllability of cloud user data and resources, and the traceability of cloud user security events, and comprehensively improve the security and compliance of the cloud platform .
Five major advantages to fully support new infrastructure
The secure computing joint solution launched by Feiteng and Gaohongxinan has five significant advantages: independent and reliable, security compliant, stable and efficient, fully compatible, and wide-ranging applications, providing end-to-end security and credibility for critical information infrastructure in new infrastructure related industries support.
1. Autonomous and trustworthy
Based on the Feiteng domestic security processor that complies with the PSPA security architecture standard, combined with the series of security computing software independently developed by Gao Hongxin’an, it provides a comprehensive security computing solution for the key information infrastructure of the new infrastructure, and solves the most basic equipment/system operation. Letter problem.
2. Security compliance
It can be applied to the secure computing environment, secure communication network, secure area boundary, and security management center involved in the Equal Guarantee 2.0 standard to realize trusted/secure functions such as “trusted verification”, and provide security compliance for new infrastructure user equipment or information systems support.
3. Stable and efficient
Closely integrate the innovative endogenous security technology of the Feiteng security processor with mature trusted computing technology to optimize the processor resource occupation and ensure the stable and efficient operation of the system.
4. Fully compatible
It has been compatible and adapted around servers/switches/PCs/Internet of Things and other equipment, and has been integrated around cloud computing platforms/artificial intelligence applications/Internet of Things systems, with good compatibility.
5. Wide application
It can be applied to specific industry applications such as cloud computing, big data, industrial Internet, Internet of Things, artificial intelligence, blockchain, 5G, etc., to achieve endogenous security and active defense functions, and effectively respond to unknown threats.