期刊文献+

基于策略的计算平台可信证明 被引量:2

Policy Based Trustworthiness Attestation for Computing Platform
下载PDF
导出
摘要 计算平台状态可信证明是可信计算研究的热点问题.基于系统策略的计算平台状态可信证明模型(Policy Based Trustworthiness Attestation Model,PBTAM)可以解决目前计算平台可信证明方法中存在的平台隐私保护等重要问题.PBTAM认为计算平台的状态是否可信与其系统可信传递策略紧密相关,如果证明平台的系统可信传递策略符合质询方的期望,那么该证明平台对于质询方是可信的.PBTAM在可信计算平台技术规范基础上,通过对证明平台的系统可信传递策略进行度量和验证,实现计算平台的可信证明.本文在对实际生产系统应用安装状态采样、统计和分析的基础之上,对PBTAM的性能进行了总结,证明了该模型的实际可行性和有效性. Trustworthiness attestation of computing platform is a focus research work in Trusted Computing. Nowadays the existing attesting approaches will cause various problem hard to overcome, such as leakage of platform privacy and feasibility of attesting mechanism. This paper presents a new attestation approach based on the trust transition policy (Policy Based Trustworthiness Attestation Model,PBTAM) .PBTAM believes that the trust state of computing platform is related with its system trust Wansition policy, if the policy conforms to the expectation of challenger, the attesting platform is regarded as trustworthy by the chaUcngcr. Based on trusted computing platform technical specifications,PBTAM implements trustworthiness attestation of computing platform by measuring and verifying the trust transition policy of attesting platform.In addition,this paper gives statistical data and samples related with application installation state in some typical information systems, and do some analysis on the performance of PBTAM to prove the model's feasibility and effectiveness.
出处 《电子学报》 EI CAS CSCD 北大核心 2009年第4期900-904,共5页 Acta Electronica Sinica
基金 国家973重点基础研究发展计划(No.2007CB311100)
关键词 可信计算 可信传递策略 可信证明 masted computing trust transition policy attestation
  • 相关文献

参考文献12

  • 1Roger L Kay.How to Implement Trusted Computing,A Guide to Tighter Enterprise Security[ OL]. https://www. tmstedeomputinggroup.org/news/Industry_ Data/Implementing_ Trust- ed_ Computing_ RK. pdf.
  • 2Microsoft. Next-generation secure Application base [ OL ]. http://www. microsoft. com/resources/ngscb.
  • 3TCG. TCG Specification Architecture Overview, Version1.2 [OL]. https://www. trustedcomputinggroup. org, 2004 - 04 - 28.
  • 4Ahmad-Reza Sadeghi, Christian Stuble. Property-based attestation for computing platforms:caring about properties, not mechanisms[ A]. in Proceedings of the 20004 workshop on New security paradigrns, Nova Scotia, CANADA. ACM Press, September 2004:66 - 77.
  • 5J Poritz,M Schunter, E V Herreweghen, and M Waldner.Property attestation-scalable and privacy-friendly security assessment of peer computers,IBM Research Report RZ 3548,2004[OL]. http://domino.watson. ibm. com/library/cyberdig. nsf/papers/215E33CB2B4F7FA485256E971XEA0D6C/$ File/ rz3548.pdf.
  • 6E Shi,A Perrig, and L van Doorn. Bind:A fine-grained attestation service for secure distributed systems[A]. In Proc. of the IEEE Symposium on Security and Privacy[C],2005. 154- 168.
  • 7Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doom. Design and implementation of a TCG-based integrity measurement architecture[ A]. The 13th Usenix Security Symposium[ C]. San Diego,2004.
  • 8A Seshadri, A Perrig, L van Doom, and P Khosla. SWATT: software-based attestation for embedded devices[ A ]. In Proceedings of IEEE Symposium on Security and Privacy [ C ]. Oakland, CA, USA: IEEE. Press,May 2004.272 - 282.
  • 9V Haldar, D Chandra, and M Franz. Semantic remote attestation-a virtual machine directed approach to trusted computing [ A]. In Proc. of the Third virtual Machine Research and Technology Symposium [ C ]. San Jose, CA, USA: USENIX, 2004. 29 - 41.
  • 10李晓勇,韩臻,沈昌祥.Windows环境下信任链传递及其性能分析[J].计算机研究与发展,2007,44(11):1889-1895. 被引量:14

二级参考文献13

  • 1黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版),2004,50(A01):12-14. 被引量:19
  • 2田俊峰,肖冰,马晓雪,王子贤.TDDSS中可信模型及其分析[J].计算机研究与发展,2007,44(4):598-605. 被引量:4
  • 3[3]Menascé D A.Security performance[J].IEEE Internet Computing,2003,7(3):84-87
  • 4William A Arbaugh,David J Farber,Jonathan M Smith.A secure and reliable bootstrap architecture[C].IEEE Computer Society Conf on Security and Privacy,Oakland,1997
  • 5Reiner Sailer,Xiaolan Zhang,Trent Jaeger,et al.Design and implementation of a TCG-based integrity measurement architecture[C].The 13th Usenix Security Symposium,San Diego,2004
  • 6Hiroshi Maruyama,Taiga Nakamura,Seiji Munetoh,et al.Linux with TCPA integrity measurement[R].IBM,Tech Rep:RT0575,2003
  • 7TCG.TCG Specification Architecture Overview,Version1.2[OL].Https://www.Trustedcomputinggroup.org,2004-04-28
  • 8TCG.TCG PC Specification Implementation Specification,Version 1.1[OL].https://www.trustedcomputinggroup.org,2003-08-18
  • 9国家计算机网络应急技术处理协调中心.CNCERT/CC 2005年网络安全工作报告[OL].http://www.cncert.org.cn/upload/2005CNCERTCCAnnualReport_ Chinese.pdf,2006-02-17
  • 10Daniel A Menasce Security performance[J].IEEE Internet Computing,2003,7(3):84-87

共引文献24

同被引文献15

  • 1TCG.TCG trusted network cormect TNC architecture for interoperability specification [EB/OL] .htlps://www.trusted Applicationgroup.org,2005.
  • 2CNCERT/CC.CNCERT/CC2007上半年年网络安全工作报告[R].http://www.cert.org.cn/UserFiles/File/CNCERTCC 200701. pdf.
  • 3Roger L Kay.How to implement trusted computing,a guide to tighter enterprise security[EB/OL], https://www.trustedcomputinggroup.org/news/Industry_Data/Implementing_Trusted_ Computing_RK.pdf.
  • 4Microsoft. Next-generation secure Application base [EB/OL]. http://www.microsoft.com/resources/ngscb.
  • 5TCG.TCG specification architecture overview[EB/OL].https:// www.trustedApplicationgroup.org.
  • 6Ahmad-Reza Sadeghi, Christian Stuble. Property-based attestation for computing platforms:Caring about properties,not mechanisms[C].New Security Paradigms Workshop,2004.
  • 7Poritz J,Schunter M,Herreweghen E V, et al.Property attestation- scalable and privacy-friendly security assessment of peer computers[EB/OL], http://domino.watson.ibm.com/library/cyberdig.ns f/papers/215 E33CB2B4F7FA485256E97002AOD6C/$ File/rz3548.pdf,2004.
  • 8Seshadri A,Perrig A,van Doom L,et al.SWAtt:Software-based attestation for embedded devices[C].Proceedings of IEEE Symposium on Security and Privacy,2004.
  • 9Haldar V, Chandra D,Franz M.Semantic remote attestation-a virtual machine directed approach to trusted computing[C].Proc of the Third virtual Machine Research and Technology Symposium.San Jose,CA,USA:USENIX,2004:29-41.
  • 10Haldar V, Franz M.Symmetric behavior-based trust:A new paradigm for internet computing[C].Nova Scotia:New Security Paradigms Workshop(NSPW),2004.

引证文献2

二级引证文献3

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部