[Expert point of view] Shen Changxiang, academician of the Chinese Academy of Engineering: Building a key information infrastructure active immune security trust security system

At present, network space has become the fifth largest sovereign field space after land, sea, air, and heaven. It is also the evolution of international strategies in the field of network society. my country's network security is facing severe challenges. "There is no national security without network security." In accordance with the requirements of national cybersecurity laws, strategic and hierarchical protection systems, promote security, credible products and services, especially the security regulations for key information infrastructure security protection. and service". The new infrastructure is based on data and network. The premise of development is to build a security and trusted defense line with a trusted computing of active immunity. This is a national strategic task.

1. Create network space Active immune security credible new ecology

1. Recognize the nature of network security and take the initiative to resist security risks

Cyber ​​security risks originated from the principle of the Turing machine that lacked the three congenital defects of protective concepts, the lack of protective components and computing systems without security services. In addition, the design LT system cannot handle all logical combinations and leave countless logical defects. Therefore, the attacker uses logical defects to attack the computer system to obtain benefits. This is the essence of network security. This is equivalent to human body without immune systems and cannot prevent virus invasion. To reduce the risk of safety, first is to establish a new computing model for the principles of the Turing machine, to establish a new computing model for the same protection, and to produce an antibody implementation of an active immune mechanism such as the code gene to produce an antibody implementation, the state volume, and the confidential storage. The ingredients of non -self, thereby destroying and rejecting the harmful substances entering the body, which is equivalent to cultivating immunity for new infrastructure. The second is to improve the structure of von Norumann, which should increase independent security protection hard and hard components, form a dual system structure in parallel with the hard and hard components of computing resources. The passive situation of security functional components constitutes the dual system structure of active immunization and credibility. Safe and credible network products must be a dual -system parallel structure. Just like the immune function of the human body, immune antibodies must be monitored at all times to ensure a healthy life and work. Third, key information infrastructure must build a security protection framework for engineering, and implement the computing environment, regional boundary and communication networks under the support of security management support. Can't understand, cannot change computing resources, cannot be paralyzed by system work, and attack on attacks. This is similar to the recent anti -new coronary virus. First of all, the social environment must be controlled. The immune needle must be used to maintain the immunity of its own body. It also needs to be isolated with a mask. Control the epidemic.

Only the key information infrastructure in accordance with the above requirements can resist serious network security threats. For example, on May 12, 2017, a ransom virus called "WANNACRY" attacking the Internet swept the world, and nearly 150 countries were killed a day. Later, the virus was varied many times to extort various network systems including industrial control. Especially on May 7, 2021, the U.S. East Coast oil pipeline system was extorted and energy interrupted. President Biden announced that 17 states and Washington Districts in the East Coast entered an emergency state. Fortunately, my country's equipment active immunomies and trusted computing 3.0 products, such as CCTV's production and broadcasting environment system and the State Grid power dispatching system, eliminates ransom, ensure long -term stable work. Facts show that only by building an active immune network space security ecosystem can we build infrastructure network security lines.

2. Leaving "blocking and killing", driving the development of the security and credible industry

The key information infrastructure protection regulations require priority to purchase secure and credible network products and services. However, most of the current network security systems are mainly composed of firewalls, invasion monitoring, and virus investigation and killing, which are called "old three". However, this kind of "blocking and killing" is difficult to deal with the use of logical defects, and there are hidden safety hazards. First of all, the "old three" is a passive protection. According to the content library that has occurred, it is compared and killed. In the face of endless new vulnerabilities and attack methods, this is a passive and passive afterwards. The "three -year -old" belongs to the super user, and the more authority is, it violates the principle of minimum special rights security; third, "the old three" can be used by attackers, conduct malicious investigation and kill, and become a platform for online attacks.

The new type of information infrastructure is based on network data. It should have security and trustworthy performance, that is, the whole process can be measured and controlled, not interfered, eliminates hidden safety hazards, and ensures that the calculation results are consistent with expectations. This requires that the construction of the project must be carried out simultaneously with the construction of active immune security protection to achieve simultaneous planning, simultaneous design, simultaneous implementation, and synchronous operation and maintenance to ensure that the data of 5G networks and data centers is credible. The architecture is credible, the resource allocation is credible and the strategy management is credible. Therefore, accelerate the development of domestic products innovation, realize the credibility and monitoring of mechanisms, strategies, and architectures, and build a domestic independent innovation industry ecosystem.

2. Innovate and develop active immunization and credibility calculations, create a safe and credible network space

1. Innovate and develop a safe and credible industry.

Article 16 of the National Cyber ​​Security Law stipulates that the people's governments of the State Council, province, autonomous region, and municipalities directly under the Central Government shall coordinate planning and increase investment, support key network security products and projects, support network security technology research, development and application, and promote security and credible network products and service. The national security strategy promulgated by the state is clear. In a strategic task of consolidating the foundation of the cyber security, it is required to break through the core technologies as soon as possible and accelerate the promotion of security and credible network products and services. Only by adhering to independent innovation and development security and credible industries can ensure network security and actively respond to the complex international market environment. On April 8, 2014, Microsoft stopped the service support for Windows XP, and pushed the credible Windows 8. my country decided not to purchase. In October 2014, Microsoft launched Windows 10, forced and hardware TPM chip configuration, comprehensively covered various systems, and integrated online control. Promoting Windows 10 will directly threaten the sovereignty of the network space. my country has established a security review team in accordance with the WTO rules in accordance with the WTO rules in accordance with the WTO rules. During the review, in accordance with national laws and standards, digital certificates, trusted computing, and password equipment must be the three bottom lines of domestic independent independent. At present, no review conclusions have been seen, and they are not included in the government procurement directory. To this end, we should seize opportunities and accelerate the development of independent innovation of the domestic information network industry system. In the past two decades, many core infrastructure of the country have adhered to independent innovation and building a security defense system. For example, the national power grid scheduling system has fully realized security, credible and active and active immune defense, and made a model for the security and credibility of the industrial Internet. In addition, my country's lottery, value -added tax invoice anti -counterfeiting and second -generation resident ID cards such as security, credible products and services to ensure countless bill documents cannot be changed and forged, and also provide later information infrastructure security guarantee. Exaggeous experience. Practice verification, adhere to the self -innovating and developing security and credible industries, in order to adhere to the principle of "May Three One" and get rid of people. Five fingers "Five Ke": It can be seen that all source code for open cooperation must be fully grasped and cannot be blindly obedient; editable, that is, based on the understanding of the source code, we can rewrite the code independently; reconstruct, that is, facing specific applications for specific applications Scenes and security needs, restructuring core technology elements, forming a customized new architecture; credible, that is, to enhance the immune system of autonomous systems through credible computing technology, prevent unknown vulnerability attacks affect system security, and truly domesticization is truly domestically produced Ended protection; available, that is, the adaptation of the application and the operating system to ensure that the autonomous system can replace foreign products.

Three fingers "three control bottom lines": must be used in my country's credible calculations; we must use my country's digital certificate; we must use my country's password equipment.

One means "must have independent intellectual property rights": to have independent intellectual property rights to the final system, and protect the intellectual property rights and safety of independent innovation. Adhere to the patentization of core technology, standardization of patent, and marketization standards. To go abroad and become a world brand.

2. Create a new era of cyber security active defense and seize the high point of technical system

In the 1980s, the concept of trusted computing was proposed, but it was limited to the credible calculation base (security function collection) of operating systems, databases and other products, and did not involve core scientific and technological issues such as computer principles and architecture. In 2003, a trusted computing organization (TCG) was established internationally. Its architecture is the host's trusted computing module (TPM) through the peripheral serial interface, and the external device function (software stack) is used for the host. There are defects such as the single -public key password system and serial passive calls, which fails to actively immune.

In 1992, my country's comprehensive safety protection system (intelligent security card) was studied. In the end of February 1995, through evaluation and appraisal, it affirmed the dual -system of public key and symmetrical passwords, environmental immune antiviral principles, intelligent control and safety calculations dual structures in parallel structure Based on major innovations such as digital definition strategies protection, at the world's advanced level, after the military -civilian integration of large -scale promotion and application, it has formulated and released the national and military trusted computing series standards and patents. A number of national 2 -class prizes and departments 1 prizes have created a new era of active immune security (trusted calculation 3.0). The "National Medium- and Long -term Science and Technology Development Outline (2006-12020)" clearly requires that "the development of highly trusted networks as the focus, developing network security technology and related products, and establishing a network security technology guarantee system." Under the guidance of the outline, after a long -term breakthrough, a complete industrial chain has been formed, which has achieved major benefits to build a key information infrastructure security security system. Core publications such as "Shi Shi" highly praised: active immunization can effectively protect, Xinhua News Agency's "China Famous Brand" cover praise: China Trusted Computing Active Defense Age. Many core technologies of Calculating 3.0 have been adopted by important foreign companies and institutions. For example, the recent famous Russian Kabaski announced that it would not kill virus software, but to establish online immunity. Active immune credit calculation 1 functional branch.

3. Calculating 3.0 Calculation 3.0 Building a new infrastructure security defense line with credibility 2.0

1. Innovative development of network security level protection system

Article 21 of the "Cyber ​​Security Law of the People's Republic of China", the state implements a network security level protection system. Network operators shall fulfill the obligations of security protection in accordance with the requirements of the network security level protection system, ensure that network data is leaked or stolen, and tampered with. Article 31 stipulates that the state implements key protection on the basis of the protection of key information infrastructure on the basis of the protection of the network security level. The provisions of key information infrastructure security protection are fully expressed in accordance with the new network security level standards (referred to as equal guarantee 2.0 standards) to focus on protection to ensure network security. The new equivalent 2.0 standard has been gradually formed in innovative development in more than 20 years. The core technology products and services of active immunization and credibility calculation 3.0 are gradually upgraded to build a meeting to meet the requirements of active immunization and credible architecture at all levels. Essence Trusted calculation 3.0 has formed a complete industrial chain, which can fully meet the needs of high -level protection. The key information infrastructure is based on cloud computing and data centers, and supports the relevant level system step by step. Specifically, it should be carried out in five steps in equivalent: first, the risk analysis is accurate and the level of business information and system services are evaluated. Different damage and particularly serious damage are correspondingly determined to be three, four, and fifth respectively. Determine; Third, standardize the strict management of construction, and implement it from the two levels of technical and management in accordance with the determination plan to achieve credible and controllable managing; After completing the evaluation task, the contractor will be put into operation after the founding of the problem is modified and improved; fifth, the emergency recovery of the supervision and inspection, the situation perception, and the response to the counter -counterattack in response to the network attack. Constructing a solid defense line with active immune immune, technical management, internal and external defense, and depth defense cannot break the network security line of defense.

2. Calculate 3.0 to build key information infrastructure security lines

The key information infrastructure application system involves every corner of society, complicated style, and massive data. Faced with new problems and new challenges, we must create a new era with the spirit of reform and innovation and build its network security defense line. It is required that the security and credibility should be deepened to the embedded equipment components, poly source heterogeneous, resource sharing, and virtualization. This requires in -depth analysis of each link of the structure, process, function, and mechanism. According to equivalent 2.0 standards, trusted computing 3.0 design active defense overall security framework, and build active immunization, safety and credible active defense system. In particular, it is necessary to design system security frameworks such as system composition, mutual relationships, functional flow, and peripheral environment matching.

1) Cloud computing credible security framework. Information system cloudization refers to its information processing at the cloud computing center. Therefore, the operator of the Cloud Computing Center is responsible for the system service protection of the system, and the user of the information system is responsible for business information security protection. It is a typical hotel service model. The user does not need to build a machine room to migrate business information programs (such as portal websites, development software, custom applications) to the cloud computing center computer room, and the cloud center is responsible for service operation (ie SaaS, PaaS, and IaaS). It is equivalent to ordering, eating, meeting research, and small store services, which are equivalent to traditional entertainment institutes. It is not necessary to operate in the hotel. Cloud computing centers can run multiple information systems of different security levels at the same time. The safety protection capacity of the cloud computing center is not lower than the level of the highest level information system.

The cloud center is generally composed of user network access, accessing application boundaries, computing environment and management centers. Cloud computing credible security framework is a credible cloud computing environment, responsible for the credibility of trusted chains, starting from the credible roots of infrastructure, measurement infrastructure, and computing platforms, verifying virtual computing resources credible, supporting application services, ensuring calculations to calculate computing The environment is credible. Yunzhong business information security shall be determined by the user/object relationship, formulate access control strategies, and achieve control process security. System service security is responsible for computing resource trusted guarantees by the cloud center, and it is also necessary to verify the access to the entity and the operating environment to ensure that the service is safe and credible. Trip region boundary verification user requests and computing resources are credible. Trusted communication networks ensure the security and credibility of the user service communication process. The division of labor in the safety management center of the cloud is different from the traditional information system. The system management is mainly based on the cloud center to ensure that the resources are credible; the security (strategy) management is mainly user -based, responsible for the security and credible strategy formulation and authorization; Cloud center and users are coordinated with emergency and tracking disposal.

Virtualization resources are critical to cloud computing. The cloud computing center (environment) consists of a large number of host nodes (clusters) composed of computing resources. In order to give full play to the role of basic software and hardware resources, the virtual resource scheduling management is adopted. Computing resources, creation, ready, running virtual machine (VM) (virtual computing node). When the service is completed, the virtual machine is terminated, the resource is recovered, and the virtual machine is allocated to other services. The so -called virtual system architecture of the physical computing resources of the host group. Trusted cloud computing must ensure the credibility of basic computing resources, but also to ensure virtual machine resources and credible credibility, so the requirements of virtual trusted roots and virtual machine safety and trusted mechanisms are generated. Of course, the security trust mechanism requires the strategy formulated by the management center. The cloud computing area boundary platform is generally composed of the front processing unit of the computing center. The trusted cloud computing area boundary platform must design the front processing machine into a safe and credible computing environment, but the scale is smaller. The trusted software base under the support of the trusted roots implements the security and trusted testing of the boundary processing, and the security strategy formulated according to the management center is performed.

Trusted communication networks are composed of switches, routers and other equipment. Therefore, communication network devices implemented by computer software and hardware must be credible. Trusted roots, credible software bases and trusted supervision are indispensable.

2) Big data processing environment is credible security framework. Data is a collection of the nature, state, and relationship of objective things, which contains various sets such as numbers, text, graphics, sounds, videos, etc. Nowadays, the data of human activity, data is social resources, especially the number of explosions, forming a big data environment. The so -called big data is not just a large amount of data, big data means that the existing software tools cannot be used for processing data sets. Its characteristics are polygonal heterogeneous, non -structured, low value, and rapid processing. "Big data is a diamond mine", which is equivalent to data waste and garbage collection processing to discover knowledge and essential laws from it. Big data is the inevitable stage of data technology development, and it is also the process of scientific development: data parameters → file system → relationship database → data warehouse → big data → ... During the big data stage, security issues are also big before. Under the big data environment, technical means such as data cleaning and association analysis are used to combing and mapping and induction processing distributed heterogeneous mass data distributed in the network. The network environment, computing platforms, storage and other carriers involved are divided into different information systems. The processing of the entire process involves the security of network space resources, which exacerbates the asymmetry of defense and attack in the network space. Facing the security issues in this new situation, traditional information security protection measures are mostly concentrated on the level of "blocking and killing", which is difficult to cope with the information security challenges of the big data era. Therefore, we must adhere to active prevention and build a high -data defense security and trustworthy system framework based on hierarchical protection.

Most of the big data processing systems are based on cloud computing platforms to achieve computing of various links of data, and can also be divided into business information processing and system service guarantee to determine the security level. Protection framework.

Data collection sources collect data through multiple ways, such as picking data through search engines. Formed a special file system or data warehouse. During the collection process, data collection storage is required through a trusted network communication simple protocol. This is also the difference between big data and traditional data interaction. Using non -traditional interaction protocols to pack collected data to pack the data collected data Essence The packaged data is sent to a credible computing environment to complete the data processing process. The first step of the data node should be cleaned up, summarizes and mapping the messy data, searched the data to connect with each other, and establish a relationship relationship. The second step is to calculate the internal connection of the node transformation and the internal connection of the data, restore structured, analyze and evaluate valuable classifications, and form a special data warehouse. The ultimate goal is to achieve the knowledge expression and sharing transactions of credible applications, that is, to discover the wisdom of knowledge from the data, discover the law of essence, and turn the original polygonal heterogeneous data into valuable information. Instead of purpose.

In terms of the security framework of the big data processing environment, in terms of the security of big data application business information systems, the first is to strengthen the overall protection of data collection, data convergence, and computing the environment, build multiple protection and multi -level interconnection system structures to ensure the big data processing environment Security and credible; the second is to strengthen the processing process control, prevent internal attacks, and improve the self -immunity capacity of computing nodes; the third is to strengthen high -value data security mechanisms, formulate security, credible access control strategies, sort out data processing control processes, establish security can be established The new data processing of the letter; the fourth is to strengthen the security management under the support of the technical platform. Based on security strategies, it is organically combined with business processing, monitoring and daily management systems. In terms of big data system service security, the cloud computing platform with large computing power must be constructed. The big data computing platform implements parallel virtual dynamic resource scheduling and distribution. In this regard, the security of system services is the same as the system service security requirements in cloud computing. Therefore, build a big data grade protection system framework for the purpose of credible, controllable, and managing, and strengthen the security and guarantee capabilities of the big data environment and processing process is the only way out to solve the security of big data.

(Source: Zhongguancun Trust Calculation Industry Alliance Supply)

- END -