基于KVM的可信虚拟化架构模型

针对云计算安全中的虚拟化安全问题, 提出一种可改善虚拟化安全问题的可信虚拟化架构. 该架构通过在模拟处理器中添加虚拟可信平台模块, 在操作系统中添加可信平台模块驱动, 构造一个从底层基础架构到上层应用服务的可信架构. 该架构在虚拟化平台服务器中融合了可信平台模块, 可有效解决虚拟化平台服务器的安全性
问题.     

基于可信计算的移动平台设计方案

在深入研究现有可信移动平台设计方案和TCG移动可信模块相关技术的基础上,提出了带有移动可信模块的可信移动平台设计方案.平台采用基带处理器和应用处理器分离的结构,利用移动可信模块构建了以应用处理器为中心的可信区域,为移动平台提供受保护的计算和存储空间,提高了移动平台的安全性、灵活性和可靠性.分析了现有可信移动平台安全引导过程安全漏洞,提出了改进的安全引导过程,并通过谓词逻辑对改进的引导过程进行了正确性验证.     

一种面向安全SOC的可信体系结构

提出了面向安全SOC的可信体系结构,以解决其面临的诸多安全问题,可信体系结构的核心是安全域划分和安全审核硬件单元.安全域包括可信基、安全OS、可信应用以及非可信应用,各不同安全域具有静态和动态隔离性;安全SOC中的安全规则最终由安全审核单元在硬件层面来保障.在可信体系结构基础上,讨论了怎样进行安全扩展以获得更全面的安全性,即抗旁路攻击、物理攻击、防止芯片被复制伪造以及因被盗而造成安全危害.     

An Improved Grid Security Infrastructure by Trusted Computing

Current delegation mechanism of grid security infrastructure （GSI） can＇t satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.     

基于TCB子集的访问控制信息安全传递模型

综合考虑应用层向内核层传递访问控制信息的安全需求,提出了一种基于TCB子集的访问控制信息安全传递模型。应用层安全管理器与内核层安全管理器通过安全通路相联,安全通路为已加密状态,密钥存放在可信平台模块TPM(trusted platform model)中,访问控制信息进入安全通路前必须通过TPM的控制处理;安全通路解密后应用层安全通路接口把访问控制信息和校验标签传到内核层安全通路接口,随后应用层接口进行随机抽查,内核层接口返回验证证据并由应用层接口判断数据真实性和有效性。安全传递模型不仅可以有效地保证访问控制信息的安全性,还可以抵抗恶意欺骗和恶意攻击从而提高了访问控制的可靠性与有效性。     

Study on security enhancement technology for disaster tolerant system

This paper proposes a security enhancement scheme for disaster tolerant system based on trusted computing technology which combines with the idea of distributed threshold storage. This scheme takes advantage of trusted computing platform with trusted computing module, which is provided with such excellent features as security storage, remote attestation, and so on. Those features effectively ensure trustworthiness of disaster tolerant point. Furthermore, distributed storage based on Erasure code not only disposes the storage problem about a great deal of data, but also preferably avoids one node invalidation, alleviates network load and deals with joint cheat and many other security problems. Consequently, those security enhancement technologies provide mass data with global security protection during the course of disaster tolerance. Foundation Items: Supported by the National High Technology Research and Development Program of China (863 Program) (2008AA01Z404), the Science and Technical Key Project of Ministry of Education (108087) and the Scientific and Technological Project of Wuhan City (200810321130)     

Security Architecture of Trusted Virtual Machine Monitor for Trusted Computing

With analysis of limitations Trusted Computing Group （TCG） has encountered, we argued that virtual machine monitor （VMM） is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented ＂thin＂ virtual machine （VM）, Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base （TCB）. It provides isolation and integrity guarantees based on which general security requirements can be satisfied.     

Implementing Operating System Support for Extended Trusted Path in TPM-Capable Environments

Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module （TPM） technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author＇s research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.     

可信计算平台及其研究现状

可信计算平台是信息安全技术研究的一个热点。本文详细介绍了可信计算平台的组成及其体系结构,描述了可信计算平台的特点和原理机制,并对目前可信计算平台的研究现状和存在的问题进行了总结。     

Architecture of Trusted PC

This paper, focusing on the trusted computing group＇s standards, explained the key concept of trusted compuling and provided the architecture of trusted PC. It built trust bottom-up by starting with trusted hardware and adding layers of trusted software. It is a system-level solution available to all applications running on the member platforms. This solution reduces the security burden on applications and thus simplifies application programming.     

TPM context manager and dynamic configuration management for trusted virtualization platform

It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM （trusted platform module） context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM （virtual machine） configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG （trusted computing group） static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.     

基于服务端存储的可信计算模型

为了充分利用服务端存储模式计算机的非本地存储特性,该文提出了一种适用于服务端存储的可信计算模型。该模型通过把原有的可信平台模块硬件逻辑化为服务端软件模块,不仅降低了可信计算模型实施的难度,而且提高了其灵活性和扩展性。同时该模型从客户端系统的引导阶段出发构建完整的可信链,保证了可信计算平台的安全性。原型系统实现的结果表明:由于系统中所有客户端的信任度量均在服务端完成,使服务端能制定针对局域网全网的安全策略,进而实现真正的局域网网络可信。     

The Mechanism about Key and Credential on Trusted Computing Platform and the Application Study

0 IntroductionPeople need a secure and dependable computing environ-ment[1]. The cryptology is known as the core of com-puter security[2]. The application of cryptologyis mainly ful-filled by key management and credential mechanism.In thispaper , we should study the key management and credentialmechanismbased ontrusted computing platform,and give theactual application of these security mechanisms for buildingtrusted computing environment .1 OverviewTrusted Computing1 .1 The Original of Trus…     

A Separated Domain-Based Kernel Model for Trusted Computing

This paper fist gives an investigation on trusted computing on mainstream operation system （OS）. Based on the observations, it is pointed out that Trusted Computing cannot be achieved due to the lack of separation mechanism of the components in mainstream OS. In order to provide a kind of separation mechanism, this paper proposes a separated domain-based kernel model （SDBKM）, and this model is verified by non-interference theory. By monitoring and simplifying the trust dependence between domains, this model can solve problems in trust measurement such as deny of service （DoS） attack, Host security, and reduce the overhead of measurement.     

用于互联网多媒体通信的SIP安全方案

针对传统基于软件的SIP安全方案容易被盗用、欺骗和入侵的问题,结合可信计算技术,设计了对终端系统与用户身份的双层认证结构,提出了一种使用SIP进行互联网多媒体通信的安全方案.该方案利用可信平台模块和直接匿名证明算法设计了新的SIP注册协议,提高了多媒体通信系统的安全性.文中还利用可证明安全模型证明了注册协议的安全性,并对整个方案的特点进行了分析.     

浅析云计算的安全和可信计算的应用

随着云计算的普遍应用,使云计算安全问题成为业界关注热点.用户在享受云计算提供的资源和计算等服务时,面临非法入侵和隐私泄露等威胁.为了解决云计算安全问题,需要建立一种安全可信机制,保障系统和应用的安全性.把可信计算技术应用到终端设备上,从＂信任根＂出发,借助＂信任链＂把可信逐级传递下去,最终扩展到整个终端计算系统都是安全可信的.     

可信模块与强制访问控制结合的安全防护方案

基于可信计算思想,通过在现有移动终端中加入移动可信计算模块,并在核心网中加入安全服务提供者和安全软件提供商,构架了面向移动终端的统一安全防护体系,为用户提供安全服务.该方案有效利用了移动终端操作系统的特性,将基于角色的访问控制与可信验证相结合,实现了高效的可信链传递,使没有授权证书的非法软件和非法进程不能在系统中运行,...     

BBACIMA： A Trustworthy Integrity Measurement Architecture through Behavior-Based TPM Access Control

Two limitations of current integrity measurement architectures are pointed out： （1） a reference value is required for every measured entity to verify the system states, as is impractical however; （2） malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module （TPM）. BBACIMA introduces a TPM reference monitor （TPMRM） to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR （platform configuration register） operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures.     

网络可信平台的设计与实现

介绍了网络可信平台的研究与实现,采用可信度量机制以保证网络计算终端的安全为基础,利用远程证明机制对网络接入终端的可信性验证,根据验证结果决定对整个网络计算环境的访问控制,利用传统网络安全技术和可信计算技术实现了全新的网络安全体系结构.     

基于可信计算的CSCW系统访问控制

针对现有的CSCW系统不能有效地保障终端平台的可信性以及安全策略和上层应用实施的完整性等问题,提出了基于可信计算技术的CSCW访问控制架构和协作站点间的基于角色的委托授权策略,分别描述了安全策略与共享对象密钥的分发协议、角色委托协议及策略完整性实施协议等.应用实例表明:该框架基于完整的协作实体-平台-应用信任链的构建,提供了可信的协作实体身份与访问控制平台,依赖平台远程证明和策略分发实现了在本地站点上的完整性实施;同时角色委托提高了协同工作能力,也减轻了服务器端集中式策略执行的负担.