摘要
对基于PC构建的可信计算平台中可信计算基的构建方式进行了分析,指出通过逻辑方式构建的可信计算基存在被篡改和绕过的可能性,并提出了一种基于密码技术构建可信计算基的方法。该方法以可信平台模块为信任根,验证可信计算基的完整性,防止可信计算基被篡改;将系统中受控可执行程序执行解释部分加密存放,密钥存放在可信平台模块,程序的执行必须通过可信计算基,防止了可信计算基被绕过。通过分析其基本原理,验证了基于密码技术可有效构建具备完整性和唯一性的可信计算基。
The constructing way for the trusted computing base in PC is analyzed. Based on the possibility that the trusted computing base may be modified and bypassed through logical ways, a constructing may based on cryptography for the trusted computing base is proposed. With trusted platform module as the trust root, the integrity of trusted computing base could be verified, and the modification of trusted computing base prevented. The interpretation of code execution is encrypted, the key is stored in the trust platform module, and the code must be executed through the trusted computing base. Analysis on its basic principle indicates that the trusted computing base based on cryptography and with integrity and uniqueness could be effectively constructed.
出处
《信息安全与通信保密》
2012年第9期116-117,共2页
Information Security and Communications Privacy
关键词
可信计算平台
可信计算基
密码技术
trusted computing platform
trusted computing base
cryptography