全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元
投递稿件

查看量下载量

相关文章

更多...
电子学报  2013 

可信终端动态运行环境的可信证据收集机制

DOI: 10.3969/j.issn.0372-2112.2013.01.015, PP. 77-85

Keywords: 可信计算,可信平台模块,动态运行环境,可信证据,可信终端

Full-Text   Cite this paper   Add to My Lib

Abstract:

可信计算的链式度量机制不容易扩展到终端所有应用程序,因而可信终端要始终保证其动态运行环境的可信仍然困难.为了提供可信终端动态运行环境客观、真实、全面的可信证据,提出了可信终端动态运行环境的可信证据收集机制.首先,在可信终端的应用层引入一个可信证据收集代理,并将该代理作为可信平台模块(trustedplatformmodule,简称TPM)链式度量机制的重要一环,利用TPM提供的度量功能保证该代理可信;然后通过该代理收集可信终端的内存、CPU、网络端口、磁盘文件、策略配置数据和进程等的运行时状态信息,并利用TPM提供的可信存储功能,保存这些状态信息作为终端运行环境的可信证据,并保障可信证据本身的可信性.该可信证据收集机制具有良好的可扩展性,为支持面向不同应用的信任评估模型提供基础.在Windows平台中实现了一个可信证据收集代理的原型,并以一个开放的局域网为实验环境来分析可信证据收集代理所获取的终端动态运行环境可信证据以及可信证据收集代理在该应用实例中的性能开销.该应用实例验证了该方案的可行性.

 References

[1]  庄,蔡勉,李晨.基于软件行为的可信动态度量[J].武汉大学学报(理学版),2010,56(2):133-137.Zhuang Lu,Cai Mian,Li Chen,Software behavior-based trusted dynamic measurement[J].Journal of Wuhan University(Natural Science Edition),2010,56(2):133-137.(in Chinese)
[2]  Avizienis A,Laprie J C,Randell B,Landwehr CE.Basic concepts and taxonomy of dependable and secure computing[J].IEEE Trans on Dependable Secure Computing,2004,1(1):11-33.
[3]  S Yoshizawa,A Baba,K Matsunami,et al.Unsupervised speaker adaptation based on sufficient HMM statistics of selected speakers[A]. Eurospeech 2001[C].2001.1219-1222.
[4]  Carl I Cohen,Carol Magai,Robert Yaffee,Lorna Walcott-Brown.Racial differences in syndromal and subsyndromal depression in an older urban population[J].Psychiatric Services,56:1556-1563.
[5]  See S.Sun''s grid model[J].Grid Economics and Business Models,2004,23:173-184.
[6]  Snort-lightweight intrusion detection for networks[EB/OL].http://www.snort.org,2011-4-13.
[7]  Trusted Computing Group.TPM main specification,Version 1.2 rev.85 [EB/OL].http://www.trustedcomputinggroup.com,2011-4-25.
[8]  沈昌祥,张焕国,冯登国等.信息安全综述[J].中国科学E辑,2007,37(2):129-150.Shen Changxiang,Zhang Hu- anguo,Feng Dengguo,etal.Survey of information security [J].Science in China,Series:E,2007,37(2):129-150.(in Chinese)
[9]  B Kauer.OSLO:Improving the security of trusted computing[A].Proceedings of the 16th USENIX Security Symposium[C].Boston,MA,USA,2007.6-10.
[10]  T Jaeger,R Sailer,U Shankar.PRIMA:policy-reduced integrity measurement architecture[A].SACMAT ''06[C].Lake Talon,California,USA,2006.19-28.
[11]  L Gu,X Ding,R H Deng,B Xie,H Mei.Remote attestation on program execution[A].Conference on Computer and Communications Security Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing[C].Alexandria,Virginia,USA,2008.11-20.
[12]  H Wang,Y Guo,X Chen.Saconf:Semantic attestation of software configurations[A].ATC ''09:Proceedings of the 6th International Conference on Autonomic and Trusted Computing,Brisbane[C].Australia,2009.120-133.
[13]  Aarthi Nagarajan,Vijay Varadharajan,Michael Hitchens,ALOPA:Authorization logic for property attestation in trusted platforms[A].Proceedings of the 6th International Conference on Autonomic and Trusted Computing[C].Brisbane,Australia,2009.134-148.
[14]  C Gebhardt,C Dalton.Lala:a late launch application[A].Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing[C].New York,NY,USA,2009.1-8.
[15]  谭良,孟伟明,周明天.直接匿名证言协议的性能估算新方法[J].计算机学报,2012,35(7):1553-1562.
[16]  R Sailer,X Zhang,T Jaeger,L v Doorn.Design and implementation of a TCG-based integrity measurement architecture[A].Proceedings of the 13th USENIX Security Symposium[C].San Diego,CA,USA,2004.223-238.
[17]  李晓勇,左晓栋,沈昌祥.基于系统行为的计算平台可信证明[J].电子学报,2007,35(7):1234-1239.Li Xiao-yong,Zuo Xiao-dong,Shen Chang-xiang.System behavior based trustworthiness attestation for computing platform[J].Acta Electronica Sinica,2007,35(7):1234-1239.(in Chinese)
[18]  CNCERT/CC.CNCERT/CC2005-2010年网络安全工作报告[EB/OL].http://www.cncert.org.cn/upload/2005-2010CNCE RTCCAnnualReport-Chinese.pdf,2011-5-17.
[19]  Elaine Shi,Adrian Perrig,Leendert Van Doorn.BIND:A time-of-use attestation service for secure distributed systems[A].Proceedings of IEEE Symposium on Security and Privacy[C].Oakland ,CA ,USA,2005.154-168.
[20]  Arvind Seshadri,Mark Luk,Elaine Shi,et al.Pioneer:Verifying integrity and guaranteeing execution of code on legacy platforms[A].Proceedings of ACM Symposium on Operating Systems Principles (SOSP)[C].Brighton,UK,2005.1-16.
[21]  Arvind Seshadri.Pioneer web page[EB/OL].http://www.cs.cmu.edu/~arvinds/pioneer.html,2011-04-3.
[22]  Nick L Petroni Jr,Timothy Fraser,Jesus Molina,William A Arbaugh.Copilot-a coprocessor-based kernel runtime integrity monitor[A].USENIX Security Symposium[C].San Diego,CA,2004.179-194.
[23]  李晓勇,沈昌祥.一个动态可信应用传递模型的研究[J].华中科技大学学报:自然科学版,2005,33(12):310-312.Li Xiaoyong,Shen Changxiang.Research to a dynamic application transitive trust mode[J].J Huazhong Univ of Sci & Tech (Nature Science Edition),2005,33(12):310-312.(in Chinese)
[24]  Garfinkel T,Pfaff B,Chow J,et al.Terra:A virtual machine-based platform for Trusted Computing[A].SOSP''03[C].Bolton Landing,New York,USA,2003.193-206.
[25]  R Sailer,X Zhang,T Jaeger,L van Doorn.Design and implementation of a TCG-based integrity measurement architecture[EB/OL].IBM Research Report,http://www.ece.cmu.edu/~adrian/731-sp04/readings/rc23064.pdf,2011-2-15.
[26]  古亮,郭耀,王华,等.基于TPM的运行时软件可信证据收集机制[J].软件学报,2010,21(2):373-387.Gu Liang,Guo Yao,Wang Hua,et al.Runtime software trustworthiness evidence collection mechanism based on TPM [J].Journal of Software,2010,21(2):373-387.(in Chinese)
[27]  Paul England,Butler Lampson,John Manferdelli,Marcus Peinado,Bryan Willman.A trusted open platform[J].Computer archive,2003,36(7):55-62.
[28]  Hiroshi Maruyama,Frank Seliger,Nataraj Nagaratnam,et al.Trusted Platform on Demand (TPod)[R].US Patent Publication (Source:USPTO) No.US 7591014 B2 published on 15-Sep-2009.
[29]  刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879.[JP2]Liu Zi-wen,Feng Deng-guo.TPM-based dynamic integrity measurement architecture[J].Journal of Electronics & Information Technology,2010,32(4):875-879.(in Chinese)[JP]

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133