共查询到20条相似文献,搜索用时 109 毫秒
1.
借助可信计算的完整性检验、认证及访问控制和密封存储等关键技术,在可信计算平台的环境下,将可信计算平台与访问控制模型相结合,提出了一个基于可信计算的访问控制模型.该模型利用TPM实现用户和软件之间的相互认证,并通过身份映射的角色来控制不同用户对软件的使用权限. 相似文献
2.
针对计算机可信计算设计理念中存在的WSN终端数据安全问题,提出了一种基于可信计算的无线传感器网络终端身份认证机制。通过引入可信平台模块(TMP),结合生物识别技术的思想,实现用户与TMP之间的相互认证,由TPM直接控制指纹模板和生物校验软件,渐少了数据传输过程中可能发生的潜在威胁,提高了无线传感器网络终端的可靠性。分析认为,该方案对可信计算在终端安全方面的研究有着重要的参考价值。 相似文献
3.
可信计算平台的工作原理与应用研究 总被引:7,自引:2,他引:7
孔维广 《武汉科技学院学报》2003,16(6):81-84
综述可信计算平台的基本思想以及当前市场需求发展趋势,提出适合中国的可信计算平台的基本要求,阐明可信计算平台的工作原理并探讨其应用方案,作出在我国的应用前号分析.同时呼吁政府部门大力支持自有知识产权的可信计算平台的研究工作。 相似文献
4.
在多种信息系统中,将虚拟化技术与可信计算相结合的方式是一种保障系统安全的有效手段.然而,传统基于可信平台模块(TPM)的可信系统存在着系统信任基础不明确与数据迁移计算开销大的不足.本文应用便携式可信模块(PTM)信任模型,基于Xen虚拟化平台提出了一种客户端可信虚拟化平台方案——OASIS,设计并实现了OASIS平台结构、可信启动信任链建立方法及数据迁移机制.本方案具有灵活高效、以用户为中心的特点,使用PTM作为系统信任基础,为用户提供个人化可信计算环境,为用户在多平台间漫游的应用场景提供极大的便利性.原型系统测试结果表明,本方案具有可行性. 相似文献
5.
可信计算平台是信息安全技术研究的一个热点。本文详细介绍了可信计算平台的组成及其体系结构,描述了可信计算平台的特点和原理机制,并对目前可信计算平台的研究现状和存在的问题进行了总结。 相似文献
6.
可信计算平台是信息安全技术研究的一个热点.本文详细介绍了可信计算平台的组成及其体系结构,描述了可信计算平台的特点和原理机制,并对目前可信计算平台的研究现状和存在的问题进行了总结. 相似文献
7.
现有的可信计算支撑软件的规范只定义了软件的功能接口,对其要达到的安全功能需求没有明确的描述,这使得可信计算支撑软件的分析和设计没有明确的安全目标.针对这一问题,结合通用准则CC的思想,提出一种可信计算支撑软件的设计方法,通过分析可信计算支撑软件的安全功能需求,并按照功能类、功能族和组件的层次对其安全功能进行了划分,确定功能组件间的依赖关系,完成了可信计算支撑软件原型的设计,能实现密码支持和完整性保护等安全目标.实验结果表明,该软件支持TPM2.0的接口调用,并能够对中国密码算法SM4提供调用支持. 相似文献
8.
9.
针对现有可信计算平台中的直接匿名认证(DAA)方案存在计算过于复杂的问题,在已有的DAA协议基础上,结合M2M网络特点,提出了一种适用于M2M网络的I-DAA方案.该方案建立在椭圆曲线上的离散对数困难性问题的基础上,利用零知识证明和双线性映射理论,在证书申请阶段将部分DAA证书中原来由TPM计算的参数改为用系统公开参数替代,极大降低了资源相对较宝贵的TPM模块的计算量.同时,该方案中TPM的秘密信息改由TPM自己选取,从而减少不必要的计算开销.另外,TPM只需要申请一次DAA证书,以后即可直接向验证方提交验证信息,避免了一些现有协议的通信瓶颈.分析结果表明,I-DAA方案在保证安全的前提下降低了总体系统中尤其是TPM侧的计算复杂度,更适合于M2M系统及其他嵌入式系统应用环境. 相似文献
10.
直接匿名证言(DAA)既解决了隐私CA的瓶颈问题,又实现对TPM的认证和匿名,是当前可信计算平台身份证明最好的理论解决方案之一,TCG在TPMv1.2中将其作为解决平台身份证明问题的标准.但该标准中仅仅重点描述了DAA实现认证和匿名的原理、复杂运算和关键步骤,并没有给出具体和完整的协议流程.基于DAA基本原理设计了可信平台身份证明的安全协议:AI-DAA.该协议不仅能够实现可信平台身份认证和隐私保护,而且还能保证协议实体之间的双向身份认证和信息传输的机密性.协议安全性分析表明,AI-DAA不仅能防止消息重放攻击,而且还能抵御中间人攻击. 相似文献
11.
SHEN Zhidong ZHANG Huanguo ZHANG Miao YAN Fei ZHANG Liqiang 《武汉大学学报:自然科学英文版》2006,11(6):1641-1644
0 IntroductionPeople need a secure and dependable computing environ-ment[1]. The cryptology is known as the core of com-puter security[2]. The application of cryptologyis mainly ful-filled by key management and credential mechanism.In thispaper , we should study the key management and credentialmechanismbased ontrusted computing platform,and give theactual application of these security mechanisms for buildingtrusted computing environment .1 OverviewTrusted Computing1 .1 The Original of Trus… 相似文献
12.
移动Agent的显著优点是能根据自己的选择从一个网络位置移动到另一个位置,但是由于目前网络环境的安全问题,它的这一优点并未得到很好的发挥。采用将移动Agent私有密钥传送到TPM(Trusted Platform Module)内部的方法解决移动Agent在迁移过程中所遇到的安全问题,从而使移动Agent充分发挥自身的优势。 相似文献
13.
14.
《清华大学学报》2016,(3)
It is essential to design a protocol to allow sensor nodes to attest to their trustworthiness for missioncritical applications based on Wireless Sensor Networks(WSNs). However, it is a challenge to evaluate the trustworthiness without appropriate hardware support. Hence, we present a hardware-based remote attestation protocol to tackle the problem within WSNs. In our design, each sensor node is equipped with a Trusted Platform Module(TPM) which plays the role of a trusted anchor. We start with the formulation of remote attestation and its security. The complete protocol for both single-hop and multi-hop attestations is then demonstrated. Results show the new protocol is effective, efficient, and secure. 相似文献
15.
闫建红 《太原师范学院学报(自然科学版)》2012,(3):57-62
介绍了关于可信计算和可信软件栈,并特别对可信计算模块的密钥设置和种类进行说明.从数据结构和加密过程两个方面对绑定和密封这两种方式的性能进行比较和分析,讨论其共同点和适用的范围,指出密封比绑定的功能更强大,安全性更高.实验表明,对数据绑定的时间要比密封需要的时间少,解除绑定的时间要比解除密封的时间少.在时间效率方面,可信计算的这两种数据保护方式只适用于较小数据量,而对大的数据量,其操作时间将会增加很多. 相似文献
16.
ZHAO Bo ZHANG Huanguo HUANG Rui 《武汉大学学报:自然科学英文版》2007,12(1):21-24
Trusted platform model (TPM) is special-purpose integrated circuits (ICs) built into a variety of platforms to enable strong user authentication and machine attestation-essential to prevent inappropriate access to confidential and sensitive information and to protect against compromised networks. Existing TPM products have some limitations. This paper adopts J2810TPM Single Chip cryptogram MCU produced by Jetway Company to construct typical TPM after comparing existing TPM products. Finally, an improved construction approach of TPM based on J2810 is proposed. 相似文献
17.
HUANG Qiang SHEN Changxiang FANG Yanxiang 《武汉大学学报:自然科学英文版》2007,12(1):13-16
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied. 相似文献
18.
TUGuo-qing ZHANGHuan-guo WANGLi-na YUDan-dan 《武汉大学学报:自然科学英文版》2005,10(1):35-38
To build a trusted platform based on Trusted Computing Platform Alliance (TCPA)‘s recommendation, we analyze the integrity mechanism for such a PC platform in this paper. By combinning access control model with information flow model, we put forward a combined process-based lattice model to enforce security. This model creates a trust chain by which we can manage a series of processes from a core root of trust module to some other application modules. In the model,once the trust chain is created and managed correctly,the integrity of the computer‘s hardware and sofware has been mainfained, so does the confidentiality and authenticity. Moreover, a relevant implementation of the model is explained. 相似文献
19.
SHI Wenchang 《武汉大学学报:自然科学英文版》2006,11(6):1493-1497
Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems. 相似文献
20.
Trusted computing (TC) is an emerging tech- nology to enhance the security of various computing plat- forms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolu- tion, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and imple- ment a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method. 相似文献