摘要
计算平台状态可信证明是可信计算研究的热点问题.基于系统策略的计算平台状态可信证明模型(Policy Based Trustworthiness Attestation Model,PBTAM)可以解决目前计算平台可信证明方法中存在的平台隐私保护等重要问题.PBTAM认为计算平台的状态是否可信与其系统可信传递策略紧密相关,如果证明平台的系统可信传递策略符合质询方的期望,那么该证明平台对于质询方是可信的.PBTAM在可信计算平台技术规范基础上,通过对证明平台的系统可信传递策略进行度量和验证,实现计算平台的可信证明.本文在对实际生产系统应用安装状态采样、统计和分析的基础之上,对PBTAM的性能进行了总结,证明了该模型的实际可行性和有效性.
Trustworthiness attestation of computing platform is a focus research work in Trusted Computing. Nowadays the existing attesting approaches will cause various problem hard to overcome, such as leakage of platform privacy and feasibility of attesting mechanism. This paper presents a new attestation approach based on the trust transition policy (Policy Based Trustworthiness Attestation Model,PBTAM) .PBTAM believes that the trust state of computing platform is related with its system trust Wansition policy, if the policy conforms to the expectation of challenger, the attesting platform is regarded as trustworthy by the chaUcngcr. Based on trusted computing platform technical specifications,PBTAM implements trustworthiness attestation of computing platform by measuring and verifying the trust transition policy of attesting platform.In addition,this paper gives statistical data and samples related with application installation state in some typical information systems, and do some analysis on the performance of PBTAM to prove the model's feasibility and effectiveness.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2009年第4期900-904,共5页
Acta Electronica Sinica
基金
国家973重点基础研究发展计划(No.2007CB311100)
关键词
可信计算
可信传递策略
可信证明
masted computing
trust transition policy
attestation