Abstract: China's classified protection system has entered the 2.0 era, which is changed from the traditional protection of computer information system to the construction of network space active defense system under new computing environments such as cloud computing, mobile Internet, Internet of things, industrial control and big data. It focuses on securing critical information infrastructure. This paper outlines China's Independent and innovative trusted computing active immune architecture 3.0 and deeply analyzes its role in the hierarchical protection 2.0 standard system. The research results show that the technical architecture can achieve the different level of trust in the computing environment, regional boundary, the communication network of compute node, both comply with the principle of moderate security of level protection, and improve the practical engineering. In the end, it gives an application of the CCTV high-level information system. The practical results show that the trusted 3.0 computing architecture has active defense capability and can fundamentally guarantee the network security of high security level business system.

Key words: trusted computing, classified protection, active defense, security immune, active immune

摘要： 我国等级保护制度已进入2.0时代，由传统的计算机信息系统防护转向云计算、移动互联、物联网、工业控制和大数据等新型计算环境下的网络空间主动防御体系建设，重点确保关键信息基础设施安全.概要介绍了我国自主创新的可信3.0主动免疫计算架构，深入分析了其在等级保护20标准体系中的作用，研究结果表明该技术架构在计算环境、区域边界、通信网络的计算节点上实现了不同完备程度的信任传递，既符合等级保护的“适度安全”原则，又提升了工程的可实施性.最后给出了可信计算3.0在中央电视台高等级信息系统中的应用示范效果.实践结果表明可信3.0计算架构具备主动防御能力，能够从根本上保障高安全等级业务系统的网络安全.

关键词: 可信计算, 等级保护, 主动防御, 安全免疫, 主动免疫