{"title":"嵌入式系统软件可信平台模块(SWTPM)资源共享方案。","authors":"Da-Chuan Chen, Guan-Ruei Chen, Yu-Ping Liao","doi":"10.3390/s25123828","DOIUrl":null,"url":null,"abstract":"<p><p>Embedded system networks are widely deployed across various domains and often perform mission-critical tasks, making it essential for all nodes within the system to be trustworthy. Traditionally, each node is equipped with a discrete Trusted Platform Module (dTPM) to ensure network-wide trustworthiness. However, this study proposes a cost-effective system architecture that deploys software-based TPMs (SWTPMs) on the majority of nodes, while reserving dTPMs for a few central nodes to maintain overall system integrity. The proposed architecture employs IBMACS for system integrity reporting. In addition, a database-based anomaly detection (AD) agent is developed to identify and isolate untrusted nodes. A traffic anomaly detection agent is also introduced to monitor communication between servers and clients, ensuring that traffic patterns remain normal. Finally, a custom measurement kernel is implemented, along with an activation agent, to enforce a measured boot process for custom applications during startup. This architecture is designed to safeguard mission-critical embedded systems from malicious threats while reducing deployment costs.</p>","PeriodicalId":21698,"journal":{"name":"Sensors","volume":"25 12","pages":""},"PeriodicalIF":3.4000,"publicationDate":"2025-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Software Trusted Platform Module (SWTPM) Resource Sharing Scheme for Embedded Systems.\",\"authors\":\"Da-Chuan Chen, Guan-Ruei Chen, Yu-Ping Liao\",\"doi\":\"10.3390/s25123828\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Embedded system networks are widely deployed across various domains and often perform mission-critical tasks, making it essential for all nodes within the system to be trustworthy. Traditionally, each node is equipped with a discrete Trusted Platform Module (dTPM) to ensure network-wide trustworthiness. However, this study proposes a cost-effective system architecture that deploys software-based TPMs (SWTPMs) on the majority of nodes, while reserving dTPMs for a few central nodes to maintain overall system integrity. The proposed architecture employs IBMACS for system integrity reporting. In addition, a database-based anomaly detection (AD) agent is developed to identify and isolate untrusted nodes. A traffic anomaly detection agent is also introduced to monitor communication between servers and clients, ensuring that traffic patterns remain normal. Finally, a custom measurement kernel is implemented, along with an activation agent, to enforce a measured boot process for custom applications during startup. This architecture is designed to safeguard mission-critical embedded systems from malicious threats while reducing deployment costs.</p>\",\"PeriodicalId\":21698,\"journal\":{\"name\":\"Sensors\",\"volume\":\"25 12\",\"pages\":\"\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2025-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Sensors\",\"FirstCategoryId\":\"103\",\"ListUrlMain\":\"https://doi.org/10.3390/s25123828\",\"RegionNum\":3,\"RegionCategory\":\"综合性期刊\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"CHEMISTRY, ANALYTICAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sensors","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.3390/s25123828","RegionNum":3,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"CHEMISTRY, ANALYTICAL","Score":null,"Total":0}
Embedded system networks are widely deployed across various domains and often perform mission-critical tasks, making it essential for all nodes within the system to be trustworthy. Traditionally, each node is equipped with a discrete Trusted Platform Module (dTPM) to ensure network-wide trustworthiness. However, this study proposes a cost-effective system architecture that deploys software-based TPMs (SWTPMs) on the majority of nodes, while reserving dTPMs for a few central nodes to maintain overall system integrity. The proposed architecture employs IBMACS for system integrity reporting. In addition, a database-based anomaly detection (AD) agent is developed to identify and isolate untrusted nodes. A traffic anomaly detection agent is also introduced to monitor communication between servers and clients, ensuring that traffic patterns remain normal. Finally, a custom measurement kernel is implemented, along with an activation agent, to enforce a measured boot process for custom applications during startup. This architecture is designed to safeguard mission-critical embedded systems from malicious threats while reducing deployment costs.
期刊介绍:
Sensors (ISSN 1424-8220) provides an advanced forum for the science and technology of sensors and biosensors. It publishes reviews (including comprehensive reviews on the complete sensors products), regular research papers and short notes. Our aim is to encourage scientists to publish their experimental and theoretical results in as much detail as possible. There is no restriction on the length of the papers. The full experimental details must be provided so that the results can be reproduced.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
