共查询到20条相似文献,搜索用时 46 毫秒
1.
基于条件谓词逻辑的可信计算形式化分析 总被引:2,自引:0,他引:2
随着可信计算应用的不断发展,针对可信计算的形式化分析理论将成为可信计算领域研究的热点。在深入研究可信计算相关技术、信任链建立和信任传递过程影响因素的基础上,提出了基于条件谓词逻辑的可信计算形式化分析方法。通过定义不同的谓词和推演规则,并在谓词逻辑中添加可信性的影响因素作为约束条件,实现对可信计算信任模型的形式化验证。利用提出的方法举例对可信计算平台安全引导过程进行了分析,并且根据分析结果提出了委托受限的安全引导过程。结果表明,基于条件谓词逻辑的形式化验证方法,能够清晰、有效的实现对可信计算信任模型的形式化分析,为可信计算应用模型的设计和完善提供参考。形式化方法的提出,对于丰富可信计算信任评估理论,促进可信计算应用发展具有一定的意义。 相似文献
2.
Development of Trusted Computing Research 总被引:1,自引:1,他引:1
ZHANG Huanguo LUO Jie JIN Gang ZHU Zhiqiang YU Fajiang YAN Fei 《武汉大学学报:自然科学英文版》2006,11(6):1407-1413
0 IntroductionWiththe development of informationtechnology,infor-mation market gives all-ti me thriving appearance;theother side,the attack events increased, which have affectednational security and social stabilization. Under the situation,trusted computing (TC) is required.Current trusted computing is to adding the concept oftrust to information society. Through the current technolo-gies ,the trust society would be established and informationsecurity would bei mproved.In technical fields ,… 相似文献
3.
CHEN Shuyi WEN Yingyou ZHAO Hong 《武汉大学学报:自然科学英文版》2006,11(6):1507-1510
0 IntroductionThe purpose of trusted computingis to solve some of to-day’s security problems through hardware changes topersonal computer . The trusted property can be extendedfromroot of trust to entire PC platformthrough the chain oftrust[1].Root of trustis a small hardware device calledtrustedplatform module (TPM) addedto PC.A well-known project of trusted computing is trustedcomputing platformalliance(TCPA) .It is calledtrusted com-puting group (TCG) now[2 ,3]. Besides this , other… 相似文献
4.
可信密码模块是以我国研发的密码算法为基础,结合国内安全需求与产业市场,借鉴国际先进的可信计算技术框架与技术理念自主创新研发的.本文中首先对可信计算平台密码技术方案和国际可信计算组织规范在密码算法、授权协议和密钥管理等几方面进行了比较.基于可信密码模块,提出的基于隐藏属性证书的远程证明方案,用属性证书代替平台配置信息,不仅能有效防止隐私性的暴露,而且可以在系统升级和备份过程中完成可信检测,提高了实现的效率. 相似文献
5.
WU Shuhua ZHU Yuefei 《武汉大学学报:自然科学英文版》2006,11(6):1433-1436
This paper, focusing on the trusted computing group's standards, explained the key concept of trusted compuling and provided the architecture of trusted PC. It built trust bottom-up by starting with trusted hardware and adding layers of trusted software. It is a system-level solution available to all applications running on the member platforms. This solution reduces the security burden on applications and thus simplifies application programming. 相似文献
6.
一种面向安全SOC的可信体系结构 总被引:2,自引:0,他引:2
提出了面向安全SOC的可信体系结构,以解决其面临的诸多安全问题,可信体系结构的核心是安全域划分和安全审核硬件单元.安全域包括可信基、安全OS、可信应用以及非可信应用,各不同安全域具有静态和动态隔离性;安全SOC中的安全规则最终由安全审核单元在硬件层面来保障.在可信体系结构基础上,讨论了怎样进行安全扩展以获得更全面的安全性,即抗旁路攻击、物理攻击、防止芯片被复制伪造以及因被盗而造成安全危害. 相似文献
7.
The Chinese specification for trusted computing, which has similar functions with those defined by the Trusted Computing Group (TCG), has adopted a different cryptography scheme. Applications designed for the TCG specifications cannot directly function on platforms complying with Chinese specifications because the two cryptography schemes are not compatible with each other. In order to transplant those applications with little to no modification, the paper presents a formal compatibility model based on Zaremski and Wing’s type system. Our model is concerned not only on the syntactic compatibility for data type, but also on the semantic compatibility for cryptographic attributes according to the feature of trusted computing. A compatibility algorithm is proposed based on the model to generate adapters for trusted computing applications. 相似文献
8.
SHEN Zhidong ZHANG Huanguo ZHANG Miao YAN Fei ZHANG Liqiang 《武汉大学学报:自然科学英文版》2006,11(6):1641-1644
0 IntroductionPeople need a secure and dependable computing environ-ment[1]. The cryptology is known as the core of com-puter security[2]. The application of cryptologyis mainly ful-filled by key management and credential mechanism.In thispaper , we should study the key management and credentialmechanismbased ontrusted computing platform,and give theactual application of these security mechanisms for buildingtrusted computing environment .1 OverviewTrusted Computing1 .1 The Original of Trus… 相似文献
9.
A Security Kernel Architecture Based Trusted Computing Platform 总被引:4,自引:0,他引:4
CHENYou-lei SHENChang-xiang 《武汉大学学报:自然科学英文版》2005,10(1):1-4
10.
可信远程证明是可信计算技术中非常重要的一部分,而可信证据又是可信远程证明的基础。但是,通过研究现有主要可信远程证明方法发现对于可信证据研究主要存在以下几个问题:首先,证据信息不充分,不能满足可信证明的需求;其次,证据信息组织不够合理;最后,由于可信性具有一定的主观性,与用户的预期相关,但现有方法中在收集证据时没有考虑用... 相似文献
11.
As a foundation component of cloud computing platforms, Virtual Machines(VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes. 相似文献
12.
《清华大学学报》2017,(5)
Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing.How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service(IaaS) platform is a problem that must be solved.The IaaS platform provides the Virtual Machine(VM),and the Trusted VM,equipped with a virtual Trusted Platform Module(vTPM),is the foundation of the trusted IaaS platform.We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes,and manage the information centrally on a cloud management platform.The architecture verifies the IaaS's trusted attestation by apprising the VM,Hypervisor,and host Operating System's(OS) trusted status.The theory and the technology roadmap were introduced,and the key technologies were analyzed.The key technologies include dynamic measurement of the Hypervisor at the process level,the protection of vTPM instances,the reinforcement of Hypervisor security,and the verification of the IaaS trusted attestation.A prototype was deployed to verify the feasibility of the system.The advantages of the prototype system were compared with the Open CIT(Intel Cloud attestation solution).A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range. 相似文献
13.
14.
基于可信计算的移动平台设计方案 总被引:3,自引:0,他引:3
在深入研究现有可信移动平台设计方案和TCG移动可信模块相关技术的基础上,提出了带有移动可信模块的可信移动平台设计方案.平台采用基带处理器和应用处理器分离的结构,利用移动可信模块构建了以应用处理器为中心的可信区域,为移动平台提供受保护的计算和存储空间,提高了移动平台的安全性、灵活性和可靠性.分析了现有可信移动平台安全引导过程安全漏洞,提出了改进的安全引导过程,并通过谓词逻辑对改进的引导过程进行了正确性验证. 相似文献
15.
为了充分利用服务端存储模式计算机的非本地存储特性,该文提出了一种适用于服务端存储的可信计算模型。该模型通过把原有的可信平台模块硬件逻辑化为服务端软件模块,不仅降低了可信计算模型实施的难度,而且提高了其灵活性和扩展性。同时该模型从客户端系统的引导阶段出发构建完整的可信链,保证了可信计算平台的安全性。原型系统实现的结果表明:由于系统中所有客户端的信任度量均在服务端完成,使服务端能制定针对局域网全网的安全策略,进而实现真正的局域网网络可信。 相似文献
16.
可信模块与强制访问控制结合的安全防护方案 总被引:1,自引:0,他引:1
基于可信计算思想,通过在现有移动终端中加入移动可信计算模块,并在核心网中加入安全服务提供者和安全软件提供商,构架了面向移动终端的统一安全防护体系,为用户提供安全服务.该方案有效利用了移动终端操作系统的特性,将基于角色的访问控制与可信验证相结合,实现了高效的可信链传递,使没有授权证书的非法软件和非法进程不能在系统中运行,... 相似文献
17.
This paper proposes a security enhancement scheme for disaster tolerant system based on trusted computing technology which
combines with the idea of distributed threshold storage. This scheme takes advantage of trusted computing platform with trusted
computing module, which is provided with such excellent features as security storage, remote attestation, and so on. Those
features effectively ensure trustworthiness of disaster tolerant point. Furthermore, distributed storage based on Erasure
code not only disposes the storage problem about a great deal of data, but also preferably avoids one node invalidation, alleviates
network load and deals with joint cheat and many other security problems. Consequently, those security enhancement technologies
provide mass data with global security protection during the course of disaster tolerance.
Foundation Items: Supported by the National High Technology Research and Development Program of China (863 Program) (2008AA01Z404), the Science
and Technical Key Project of Ministry of Education (108087) and the Scientific and Technological Project of Wuhan City (200810321130) 相似文献
18.
针对云计算安全中的虚拟化安全问题, 提出一种可改善虚拟化安全问题的可信虚拟化架构. 该架构通过在模拟处理器中添加虚拟可信平台模块, 在操作系统中添加可信平台模块驱动, 构造一个从底层基础架构到上层应用服务的可信架构. 该架构在虚拟化平台服务器中融合了可信平台模块, 可有效解决虚拟化平台服务器的安全性
问题. 相似文献
19.
TIAN Junfeng XIAO Bing WANG Zixian ZHANG Yuzhu 《武汉大学学报:自然科学英文版》2006,11(6):1853-1856
The most significant strategic development in information technology over the past years has been "trusted computing" and trusted computers have been produced. In this paper trusted mechanisms adopted by PC is imported into distributed system, such as chain of trust, trusted root and so on. Based on distributed database server system (DDSS), a novel model of trusted distributed database server system (TDDSS) is presented ultimately. In TDDSS role-based access control, two-level of logs and other technologies are adopted to ensure the trustworthiness of the system. 相似文献
20.
In this paper, we propose a trusted mobile payment environment (TMPE) based on trusted computing and virtualization technology. There are a normal operating system (OS) and a trusted OS (TOS) in TMPE. We store the image of TOS in a memory card to hinder tampering. The integrity of TOS is protected by means of a trusted platform module (TPM). TOS can only be updated through a trusted third party. In addition, virtualization technology is applied to isolate TOS from normal OS. Users complete ordinary affairs in normal OS and security-sensitive affairs in TOS. TMPE can offer users a highly protected environment for mobile payment. Moreover, TMPE has good compatibility in different hardware architectures of mobile platforms. As the evaluation shows, TMPE satisfies the requirement of mobile payment well. 相似文献