登录 | 注册 | 退出 | 公司首页 | 繁体中文 | 满意度调查
综合馆
可信计算技术研究
  • 摘要

    可信计算技术作为一种新型信息安全技术,已经成为信息安全领域的研究热点.在可信计算领域取得长足发展的同时,其关键技术仍存在许多问题亟待解决,近年来这方面的相关研究已经陆续展开.综述了在可信计算关键技术方面的研究成果,从构建可信终端的信任入手,建立了基于信任度的信任模型,给出了基于信息流的动态信任链构建方法,一定程度上解决了终端信任构建的实时性、安全性等问题.针对远程证明协议的安全性和效率问题,构造了首个双线性对属性远程证明方案和首个基于q-SDH假设的双线性对直接匿名证明方案.在可信计算测评方面,提出了一种基于扩展有限状态机的测试用例自动生成方法,并基于该方法研制了国内首个实际应用的可信计算平台测评系统.

  • 作者

    冯登国  秦宇  汪丹  初晓博  Feng Dengguo  Qin Yu  Wang Dan  Chu Xiaobo 

  • 作者单位

    信息安全国家重点实验室(中国科学院软件研究所) 北京100190

  • 刊期

    2011年8期 ISTIC EI PKU

  • 关键词

    可信计算  可信平台模块  可信密码模块  信任链  远程证明  可信计算测评 

参考文献
  • [1] 张焕国,陈璐,张立强. 可信网络连接研究. 计算机学报, 2010,4
  • [2] 林闯,彭雪海. 可信网络研究. 计算机学报, 2005,5
  • [3] 陈小峰,冯登国. 一种多信任域内的直接匿名证明方案. 计算机学报, 2008,7
  • [4] 李昊,胡浩,陈小峰. 可信密码模块符合性测试方法研究. 计算机学报, 2009,4
  • [5] 陈小峰. 可信平台模块的形式化分析和测试. 计算机学报, 2009,4
  • [6] 汪丹,冯登国,徐震. 基于可信虚拟平台的数据封装方案. 计算机研究与发展, 2009,8
  • [7] 初晓博,秦宇. 一种基于可信计算的分布式使用控制系统. 计算机学报, 2010,1
  • [8] 李昊,秦宇,冯登国. 基于可信平台模块的虚拟单调计数器研究. 计算机研究与发展, 2011,3
  • [9] 陈小峰,冯登国. 一种基于双线性映射的直接匿名证明方案. 软件学报, 2010,8
  • [10] 聂晓伟,冯登国. 基于动态可信度的可调节安全模型. 通信学报, 2008,10
  • [11] 陈小峰,冯登国. 可信密码模块的模型检测分析. 通信学报, 2010,1
  • [12] 刘孜文,冯登国. 基于可信计算的动态完整性度量架构. 电子与信息学报, 2010,4
  • [13] 沈昌祥,张焕国,冯登国,曹珍富,黄继武. 信息安全综述. 中国科学E辑, 2007,2
  • [14] 崔奇,石文昌. 一种通过应用程序验证TPM标准符合性的方法. 中国科学院研究生院学报, 2008,5
  • [15] 于爱民,初晓博,冯登国. 基于可信芯片的终端平台匿名身份建立方法研究. 计算机学报, 2010,9
  • [16] 秦宇,冯登国. 基于组件属性的远程证明. 软件学报, 2009,6
  • [17] 陈军. 可信平台模块安全性分析与应用. 中国科学院计算技术研究所, 2006
  • [18] 李晓勇,左晓栋,沈昌祥. 基于系统行为的计算平台可信证明. 电子学报, 2007,7
  • [19] China Internet Network Information Center. 2005 Survay report of Chinese internet security. http://www.cnnic.net.cn, 2011-01-25
  • [20] Seshadri A;Luk M;Shi E. Pioneer:Verifying code integrity and enforcing untampered code execution on legacy systems. New York:ACM, 2005
  • [21] Sailer R;Zhang Xiaolan;Jaeger T. Design and implementation of a TCG-based integrity measurement architecture. Berkeley:USENIX, 2004
  • [22] Jaeger T;Sailer R;Shankar U. PRIMA:Policy-reduced integrity measurement architecture. New York:ACM, 2006
  • [23] Shi E;Perrig A;Doorn L V. BIND: A fine-grained attestation service for secure distributed systems. Los Alamitos,CA:IEEE Computer Society, 2005
  • [24] Peng Guojun;Pan Xuanchen;Zhang Huanguo. Dynamic trustiness authentication framework based on software's behavior integrity. Los Alamitos,CA:IEEE Computer Society, 2008
  • [25] Xu Ziyao;He Yeping;Deng Lingli. An integrity assurance mechanism for run-time programs. Beilin:Springer-Verlag, 2009
  • [26] Loscocco PA;Wilson PW;Pendergrass JA. Linux kernel integrity measurement using contextual inspection. New York:ACM, 2007
  • [27] Azab AM;Ning P;Sezer EC;Zhang X. HIMA: A hypervisor-based integrity measurement agent. Los Alamitos,CA:IEEE Computer Society, 2009
  • [28] Azab AM;Ning Peng;Wang Zhi. HyperSentry:Enabling stealthy in-context measurement of hypervisor integrity. New York:ACM, 2010
  • [29] Berger S;Cáceres R;Goldman K A. vTPM:Virtualizing the trusted platform module. Berkeley:USENIX, 2006
  • [30] Common Criteria Project Sponsoring Organisation. Common criteria for information technology security evaluation.ISO/IEC International Standard 15408 version 2.1. Genevese:Common Criteria Project Sponsoring Organisation, 1999
  • [31] Sadeghi AR;Stüble C;Winandy M. Property-based TPM virtualization. Beilin:Springer-Verlag, 2008
  • [32] Camenisch J;Lysyanskaya A. A signature scheme with efficient protocols. Beilin:Springer-Verlag, 2003
  • [33] Brickel E;Camenisch J;Chen L. Direct anonymous attestation. New York:ACM, 2004
  • [34] He Ge;Tate SR. A direct anonymous attestation scheme for embedded devices. Beilin:Springer-Verlag, 2007
  • [35] Camenisch J;Lysyanskaya A. Signature schemes and anonymous credentialsfrom bilinear maps. Beilin:Springer-Verlag, 2004
  • [36] Brickel E;Chen Liqun;Li Jiangtao. A new direct anonymous attestation scheme from bilinear maps. Berlin:Springer-verlag, 2008
  • [37] Boneh D;Boyen X. Short signatures without random oracles. Beilin:Springer-Verlag, 2004
  • [38] Chen Xiaofeng;Feng Dengguo. Direct anonymous attestation for next generation TPM. Journal of Computers, 2008,50
  • [39] Chen Liqun;Morrissey P;Smart N P. DAA.Fixing the pairing based protocols,PB 2009/198. http://eprint.iacr.org/2009/198, 2009-05-20
  • [40] Chen Liqun. A DAA scheme using batch proof and verification. Beilin:Springer-Verlag, 2010
  • [41] Avizienis A;Laprie J C;Randell B. Basic concepts of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 2004,01
  • [42] Chen Liqun;Page D;Smart N P. On the design and implementation of an efficient DAA scheme. Beilin:Springer-Verlag, 2010
  • [43] Sailer R;Doorn V L;Ward J P. The roie of TPM in enterprise security,PB RC23363. New York:IBM, 2004
  • [44] Poritz J;Schunter M;Herreweghen E V. Property attestation scalable and privacy friendly security assessment of peer computer,PB RZ3548. New York:IBM, 2004
  • [45] Sadeghi A R;Stüble C. Property-based attestation for computing platforms: Caring about properties,not Mechanisms. New York:ACM, 2004
  • [46] Chen Liqun;Landfermann R;L(o)hr H. A protocol for property-based attestation. New York:ACM, 2006
  • [47] Kühn U;Selhorst M;Stüble C. Realizing property-based attestation and sealing with commonly available hard- and software. New York:ACM, 2007
  • [48] Chen Liqun;Lohr H;Manulis M. Property-based Attestation without a Trusted Third Party. Beilin:Springer-Verlag, 2008
  • [49] Haldar V;Chandra D;Franz M. Semantic remote attestation:A virtual machine directed approach to trusted computing. Berkeley:USENIX, 2004
  • [50] Seshadri A;Perrig A;Doorn L V. SWATT:Software-based attestation for embedded devices. Los Alamitos,CA:IEEE Computer Society, 2004
  • [51] Trusted Computing Group. TCG specification architecture overview,version 1.2. http://www.trustedcomputinggroup.org, 2011-01-25
  • [52] Neumann P G. Principled assuredly trustworthy composable architectures. http:'//www.csl.sri.com/neumann/chats4.html, 2011-01-25
  • [53] Ellison R J;Moore A P. Trustworthy refinement through intrusion-aware design (TRIAD),PB ADA414865. Pittsburgh:Software Engineering Institute, 2002
  • [54] Cisco System. Network admission control (NAC) executive overview. http://www.cisco.comn/en/US/solutions/collateral/ns340/ns394/ns171/ns466/ns617/net_implementation_white_paper0900aecd8051 fc24.pdf, 2011-01-25
  • [55] Microsoft Corporation. Network access protection platform architecture. http://download.microsoft.com/ download/ 3/9/ f/ 39ff0ca3-56d1-4d93-af46-98f92134d040/NAPArch.doc, 2011-01-25
  • [56] Trusted Computing Group. TNC architecture for interoperability. http://www.trustedcomputinggroup.org/resources/tnc_architecture for interoperability_specification, 2011-01-25
  • [57] Goldman K;Perez R;Sailer R. Linking remote attestation to secure tunnel endpoints. New York:ACM, 2006
  • [58] Gasmi Y;Sadeghi A R;Stewin P. Beyond secure channels. New York:ACM, 2007
  • [59] Armknecht F;Gasmi Y;Sadeghi A R. An efficientimplementation of trusted channels based on openssl. New York:ACM, 2008
  • [60] 国家密码管理局. 可信密码支撑平台技术规范. http://www.oscca.gov.cn/, 2011-01-25
  • [61] Sadeghi A R;Selhorst C;Stüble C. TCG inside? -A note on TPM specification compliance. New York:ACM, 2006
  • [62] 张焕国;严飞;傅建明. 可信计算平台测评理论与关键技术研究. 中国科学(信息科学), 2010,02
  • [63] Trusted Computing Group. TCG certification program announcement. http://www.infineon.corn/cms/en/corporate/press/news/releases/2009/INFCC.S200912-015.html,http://www.trustedcomputinggroup.org/certification, 2011-01-25
  • [64] Trusted Computing Group. Protection profile of PC client specific trusted platform module TPM Family 1.2. http://www.trustedcomputinggroup.org/resources/tpm_12_prot ection_ profile/, 2011-01-25
  • [65] Trusted Computing Group. Security conformance evaluation of the infineon TPM confirmed by common criteria certificate. http://www.infineon.com/cms/en/corporate/press/news/releases/2009/INFCCS200912-015.html, 2011-01-25
  • [66] Bruschi D;Cavallaro L;Lanzi A. Replay attack in TCG specification and solution. CA:IEEE Computer Society, 2005
  • [67] Chen Liqun;Ryan M.Attack. Solution and verification for shared authorisation data in TCG TPM. Berkeley:USENIX, 2005
  • [68] Backes M;Maffei M;Unruh D. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. Los Alamitos,CA:IEEE Computer Society, 2008
  • [69] Datta A;Franklin J;Garg D. A logic of secure systems and its application to trusted computing. Los Alamitos,CA:1EEE Computer Society, 2009
  • [70] Trusted Computing Group. TPM main specification,version 1.2. http://www.trustedcomputinggroup.Org, 2011-01-25
  • [71] 汪丹;冯登国. 基于信任度的信任链模型. 北京:科学出版社, 2010
  • [72] Hu Hao;Feng Dengguo. BIFh Architectural support for information flow integrity measurement. Los Alamitos,CA:IEEE Computer Society, 2008
  • [73] Qin Yu;Feng Dengguo;Liu Chunyong. TPM context manager and dynamic configuration management for trusted virtuatization platform. WUHAN DAXUE XUEBAO(LIXUE BAN), 2008,05
  • [74] Chen Xiaofeng;Feng Dengguo. A new direct anonymous attestation from bilinear maps. Los Alamitos,CA:IEEEComputer Society, 2008
  • [75] Feng Dengguo;Xu Jing;Chen Xiaofeng. An efficient direct anonymous attestation scheme with forward security. WSEAS Transas on Communications, 2009,08
  • [76] Microsoft. Security model for the next-generation secure computing base. Http://www.microsoft.Com/resources/ngscb/documents/ngscb_ security model.Doc, 2011-01-25
  • [77] 冯登国;秦宇. 一种基于TCM的属性证明协议. 中国科学(信息科学), 2010,02
  • [78] Qin Yu;Feng Dengguo;Xu Zhen. An anonymous property based attestation protocol from bilinear maps. Los Alamitos,CA:IEEE Computer Society, 2009
  • [79] Li Hao;Hu Hao. UCFS, Building a usage controlled file system with a trusted platform module. 北京:清华大学出版社, 2009
  • [80] Yu Aimin;Feng Dengguo;Liu Ren. TBDRM:A TPM-based secure DRM architecture. Los Alamitos,CA:IEEE Computer Society, 2009
  • [81] Intel. Trusted execution technology architecture overview. http://www.Intel.Com/technology/security/arch-overview.Pdf, 2011-01-25
  • [82] Hu Hao;Li Hao;Feng Dengguo. L-UCON:Towards layered access control with UCON. Los Alamitos,CA:IEEE Computer Society, 2009
  • [83] 中国密码学会. 中国密码学发展报告2008. 北京:电子工业出版社, 2009
  • [84] 冯登国. 安全协议--理论与实践. 北京:清华大学出版社, 2011
  • [85] Petroni NJr;Fraser T. Copilot-A coprocessor-based kernel runtime integrity monitor. Berkeley:USENIX, 2004
查看更多︾
相似文献 查看更多>>
18.207.130.162