Shen Changxiang, academician Win10 trusted computing seriously threaten China's network security-Win10 system, antitrust, Windows10 systems-IT information
On August 5, C3 Security Summit held today in Chengdu, academician of the Chinese Academy of engineering said in keynote speech again when Shen Changxiang, Microsoft win10 comprehensive implementation of credible versions, will pose a serious threat to China's network security.
According to Shen Changxiang introduction, trusted computing is computing, new side protection model, full results with some expected measurable and controllable, undisturbed, is a defense, and become immune computation model of computation .
Trusted computing appears, many enterprises around the world to promote its development, in which Microsoft's Trustworthy Computing initiative was launched in 2002 and worked in Vista, Win 8, Win 10 bundle, but not in XP, Win 7, tied up .
In this regard, NI Guangnan, academician Shen Changxiang, all considered, Microsoft Win 10-bound after its own trusted computing, trusted computing industry, China will completely lose the opportunity to enter the market , and a serious threat to China's security.
Shen Changxiang said in the statement, "2014 Microsoft officially stopped service support for Win XP, forced reliable Win8, serious challenges to China's network security. We weathered the win8 installed, we didn't buy win8 for Xp to strengthen the wall. Later Microsoft also launched Win10, free download, in the strengthening of security. Win10 not only is the terminal of the credible and mobile terminals, servers, cloud computing, big data, such as full implementation of credible version, it poses a serious threat to us, what should we do? We utilize WTO rules, follow the sales country's relevant laws and regulations and related standards, safety reviews of Win10. We followed our electronic law and commercial code localization management regulations, including digital certificates, trusted computing, password facilities must be made independent of China, security must be controlled. ”
Here's Shen Changxiang speech record:
Leaders, ladies and gentlemen, good morning! I talked about today's topic is the innovative development of trusted computing in China, there are two main aspects: the first active immunization is trusted network security architecture, we clearly know the system a problem; the second is the trusted computing technology innovation in China. So what is safe? We have various definitions and explanation. Has become a national cyberspace security is now set computing, communication, control of interdisciplinary scientific problems. Because of the limitations of the epistemic logic of IT, cannot be exhaustive, so limited to complete task of designing IT systems, rather than logical pitfalls to avoid impact on the mandate. Especially difficult to deal with man-made attacks exploit weaknesses, so computing system must be the mechanism and calculation model of science and technology innovation to achieve relatively safe.
Previously plugging killing passive protection is out of date, United States in 2015 wrote an urgent letter, they redefine the plans. In fact credible needs to be addressed on how immune, we trusted computing in China with the world's trusted computing innovation, we have active immunization of trusted computing. Trusted computing is a boom, it became the world's trusted computing group problem which has hundreds of IT companies, our research on large enterprises in China. They trusted to solve security problems. China also has its own innovation, Europe also has a European method.
So what is trusted computing? Trusted computing is computing, new side protection model, results the same as we expected, the entire observable and controllable, undisturbed. A defensive, parallel immune computation model of computation. Like viruses, cancer cells of the human body, the immune system, so would not have invaded the body.
Trusted support system issues the equivalent of a child is a freak, so we can only live in bacteria-free State. So we go from architecture, behavior, resource allocation, policy management, data storage need immune model, credible environment, credible security management center of applied scientific, credible security architecture framework.
So how is China? Innovation lie? Our China this morning, began in 1992 to establish the project, the ICG in 2003 is started, we went through a long period of research, civil-military integration, form a innovation system. We are based on passwords, chips for the pillars, hosting, software for the platform as the core network as a link, application system, so that the applications of trusted computing system. We have a standard system, our innovation? Innovation lie? ICG programme of trusted computing limitations, first, the limitation of the password system, the ICG ciphers using RSA, hybrid numerical algorithm only supports SHA1, evading the symmetric cipher. Second system had not improved, password algorithm for our innovation, our password mechanism more important, more secure and more determined high. So we established creative SM series is very simply, very neat, but we had not declared national patents.
Second our innovation system is multi-level and independent schemes of trusted computing, chip dimension of active control, host computers, and trusted two-node integration software dual-system architecture, network-level and three-tier peer schema.
How trusted computing built network security? We uphold the principle of independently controllable, safe and credible. Presented in the national medium-and long-term science and technology development with an emphasis on development of high reliability network, Twelve-Five planning also wrote about the development of trusted computing as key network security article fifth recently announced increased promotion of safety information network equipment and services. Zhongguancun, we trusted computing Alliance set up in 2014, is developing rapidly, now becomes the core strategies to defend their national sovereignty in cyberspace technology.
Speak highly of the domestic media last year last year, they interviewed us. Second we are not just saying, we seize the core technology of cyberspace security strategies of the commanding heights in 2014, Microsoft will officially stop service support for Win XP, forced trusted Win8, serious challenges to China's network security. We weathered the Win8 installed, we didn't buy Win8 for Xp to strengthen the wall. Later Microsoft also unveiled the Win10, free download, in the strengthening of security. Win is Terminal not only credible, and mobile terminals, servers, cloud computing, big data, such as full implementation of credible version, it poses a serious threat to us, what should we do? We utilize WTO rules, follow the sales country's relevant laws and regulations and related standards, safety reviews of Win10. Our compliance with our electronic law and commercial code localization management regulations, including digital certificates, trusted computing, password facilities must be made independent of China, security must be controlled.
We also put forward the "five", "a" technology, useful we can digest, it's no use we can do without. We first are known, the second variable, the third program, is that we have independent intellectual property rights, to the final system with independent intellectual property rights, and dealing with the use of open source technologies, intellectual property issues.
Should say we already have the Foundation, national security-building can solve our problem, we are talking about civil-military integration, build proactive defense, safe and credible safeguards system. We have three forms, we proactively identify, active control, active alarm. After we design, our resources have credibility, we have credible data, our trusted identification. This can form the basis of our core facilities, high level of security protection. We didn't have the core technology, does not solve the problem. Now we have the means, because we have a new network of trusted support environment.
What is the case, how are you doing? Should say better, our critical infrastructure is the most critical, we dare to eat crabs, there are two systems, one is a national electric power dispatching system, Ukraine late last year, large area blackout is electric power dispatching system to be controlled, and then the next command, all power. This 5 years ago we have trusted computing security, second power password trusted computing platform in 34 provinces listed above.
This is to address three issues, the first active immunization is, it is not immune to the virus? Yes, second scheduling systems do not last too long, after testing to achieve a credible protection mechanisms. Third security labels based on the D5000, mandatory access control implementation services. Our security issues, active defense capabilities done, the figure on the left is the architecture.
Infrastructure is the second most important political security, is the China Central television. We have CCTV controlled multicast environment, building a trusted computing security architecture in the network broadcast, we have trusted in key institutional support to ensure the credibility of our playing system security, has run for four or five years. Prove that our technology is innovative, is free. We need to stick to our trusted industry, build our national cyber security development, thank you.
沈昌祥院士:Win10可信计算严重威胁中国网络安全 - Win10系统,反垄断,Windows10系统 - IT资讯
8月5日消息,C3安全峰会今日在成都召开,中国工程院院士沈昌祥在做主题演讲时再次表示,微软win10全面执行可信版本,将对中国的网络安全造成严重威胁。
据沈昌祥介绍,可信计算是一边计算、一边防护的新的计算模式,计算结果跟预期一样全程可测可控,不被干扰,是一个防御、运算并成的免疫的计算模式。
可信计算出现后,全球有众多企业在推动其发展;其中,微软在2002年启动了可信计算计划,并先后在Vista、Win 8、Win 10中捆绑销售,但并未在XP、Win 7中捆绑。
对此,倪光南、沈昌祥等院士均认为,微软在Win 10绑定了其自身的可信计算之后,中国可信计算产业将完全失去进入市场的机会,而且严重威胁着中国的网络安全。
沈昌祥在此次发言时表示,“2014年微软公司正式停止对Win XP的服务支持,强推可信的Win8,严重挑战我国网络安全。我们抵御了的win8的安装,我们没有采购win8,对Xp加强了防护墙。后来微软又推出了Win10,他免费下载,在安全方面加强。Win10不仅是终端可信,而且移动终端、服务器、云计算、大数据等全面执行可信版本,那对我们造成了严重的威胁,那怎么办呢?我们利用WTO的游戏规则,遵照销售国家的有关法律法规和有关标准,开展对Win10的安全审查。我们遵照我国电子法和商用密码管理条例进行本土化改造,其中数字证书、可信计算、密码设备必须是中国国产自主的,安全必须要可控。”
以下是沈昌祥发言实录:
各位领导、各位来宾,大家上午好!我今天讲的主题是中国可信计算创新发展,主要有两个方面:第一是主动免疫的可信网络安全架构,我们清晰地知道体系出了问题;第二是中国可信计算技术创新。那么什么叫安全呢?大家有多种的定义、多种的解释。现在网络空间安全已经成为国家是集计算、通信、控制等学科交叉的科学问题。由于人们对IT的认知逻辑的局限性,不可能穷尽,因此局限于完成计算任务去设计IT系统,而不能避免逻辑缺陷对任务执行的影响。尤其是难以应对人为利用缺陷进行攻击,因此,必须对计算体系机构和计算模式等科学技术创新去实现相对安全。
以前封堵查杀被动防护已经过时了,美国在2015年写了一份紧急信,他们后来重新确定了计划。实际上可信免疫的计算方式需要从根上去解决,我们中国的可信计算跟世界的可信计算有创新,我们就主动免疫了可信计算。那么可信计算是一个热潮,成为了世界可信计算组织有几百家IT企业研究的课题,我们中国大企业也研究。他们用可信来解决安全问题。那么我们中国也是有自己的创新,欧洲也有欧洲的方法。
那么可信计算是什么呢?可信计算是一边计算、一边防护的新的计算模式,计算结果跟我们预期一样,全程可测可控,不被干扰。是一个防御、运算并行的免疫的计算模式。人体的病毒、癌细胞一样,有免疫系统,所以不会入侵到身体。
可信支撑的体系的问题相当于一个孩子是怪胎,因此,只能生活在无细菌状态下。所以我们要从体系结构、操作行为、资源配置、数据存储、策略管理需要免疫的模式,构成安全管理中心可信的环境、可信的应用、可信的安全的科学的体系框架。
那么中国搞得怎么样?创新何在?我们中国这个事情搞的早,1992年就开始立项,在ICG在2003年这是创立,我们经过长期的攻关,军民融合,形成了自主创新体系。我们是以密码为基础,芯片为支柱,主办为平台、软件为核心、网络为纽带,应用成体系,这样形成了应用可信计算体系。我们有了标准体系,我们的创新呢?创新何在?ICG可信计算方案局限性,第一,密码体系的局限性,原ICG密码算法只采用RSA,杂算算法只支持SHA1系列,回避了对称密码。第二体系没有改进,因此我们提出的密码算法创新,更重要我们密码机制创新,更安全、确定也更高。所以我们自己设立的创新的SM系列很干脆,很利落,但是我们过去没有申报国家专利。
第二我们的体系创新是多层次的,可信计算的自主密码方案,芯片层面的主动控制、主办层面的计算机和可信双节点融合,软件层面的双系统体系结构、网络层面的三元三层对等的架构。
那么可信计算构筑网络安全的结果怎么样?我们坚持自主可控、安全可信的原则。国家中长期科学技术发展中提出以发展高可信网络为重点,十二五规划也写到了把可信计算列为发展的重点,最近公布的网络安全法第五条条增加了推广安全信息的网络设备和服务。我们中关村可信计算产业联盟2014年成立,发展很快,现在成为保卫国家网络空间主权的战略核心技术。
去年国内去年媒体进行了高度的评价,他们主动采访我们。第二个我们不是说说而已,我们抢占网络空间安全核心技术战略的制高点,2014年微软公司将正式停止对Win XP的服务支持,强推可信的Win8,严重挑战我国网络安全。我们抵御了的Win8的安装,我们没有采购Win8,对Xp加强了防护墙。后来微软又推出了Win10,他免费下载,在安全方面加强。Win不仅是终端可信,而且移动终端、服务器、云计算、大数据等全面执行可信版本,那对我们造成了严重的威胁,那怎么办呢?我们利用WTO的游戏规则,遵照销售国家的有关法律法规和有关标准,开展对Win10的安全审查。我们遵照我国电子法和商用密码管理条例进行本土化改造,其中数字证书、可信计算、密码设备必须是中国国产自主的,安全必须要可控。
我们也提出了“五可”、“一有”的技术路线,有用的我们可以消化,没用的我们可以不用。我们第一是可知、第二可变、第三可编程,一有是我们有自主的知识产权,要对最终的系统拥有自主知识产权,并处理好所使用的开源技术的知识产权问题。
那么应该说我们已经有基础了,能解决我们国家安全建设问题,我们讲军民融合,构筑主动防御,安全可信的保障体系。我们有三种形态,我们主动识别、主动控制、主动报警。我们设计了以后,我们的资源有可信度、我们的数据有可信、我们对行为可信鉴别。这个才能构成我们核心的基础设施高等级的安全保护问题。以前我们没有核心技术,不解决问题。现在我们有办法了,因为我们有新的网络化可信支撑环境。
那么案例何在,用得怎么样?应该说用的比较好,我们重要的基础设施是最关键的,我们敢吃螃蟹,一共是两个系统,一个是国家电力调度系统,乌克兰去年年底大面积的停电,就是电力调度系统被控制了,然后下个命令,全部都停电。针对这个我们5年以前就有可信计算保障,第二电力可信计算密码平台在34个省以上推广。
这个是解决三个问题,第一是不是主动免疫的,那是不是对病毒免疫呢?可以的,第二调度系统不能持续太长,测试以后实现了可信保护机制。第三基于D5000平台的安全标签,实现针对服务的强制访问控制。我们在安全问题上,主动防御的能力做到了,左边这个图是体系架构。
第二个最重要的基础设施是政治安全,就是中央电视台。我们中央电视台有可控制播环境建设,构建了网络制播下可信计算安全体系,我们在关键环节上有可信制度支撑,确保了我们播放系统的可信系统的安全,已经运行了四五年了。证明了我们的技术是创新的,是自主的。我们要坚持发展我们可信的产业,构建我们国家网络安全的发展,谢谢大家。