基于TEE的可信存储系统设计与实现

在对当前主流可信存储系统的分析和研究的基础上，设计并实现了符合GP标准，同时满足多种安全存储特性的可信存储系统(TSS). TSS不仅能对数据进行授权加密、保证数据的完整性和一致性，同时还提供了很多其他安全存储特性(如持久存储对象的原子操作).为了改善大数据读写性能，提出了一种在REE的内核空间中动态申请连续内存并通过通信管道将该连续物理内存映射到TEE中的方法.这种方法可以有效地减少TEE和REE之间的切换次数、内存申请次数及内存的拷贝负载.实验数据显示，与其他相关可信存储系统相比，TSS有8%到10%的性能提升.     

可信密码模块软件栈的数据加密策略

介绍了关于可信计算和可信软件栈,并特别对可信计算模块的密钥设置和种类进行说明.从数据结构和加密过程两个方面对绑定和密封这两种方式的性能进行比较和分析,讨论其共同点和适用的范围,指出密封比绑定的功能更强大,安全性更高.实验表明,对数据绑定的时间要比密封需要的时间少,解除绑定的时间要比解除密封的时间少.在时间效率方面,可信计算的这两种数据保护方式只适用于较小数据量,而对大的数据量,其操作时间将会增加很多.     

(t,n)门限方案中一种防欺骗影子交换协议

(t,n)门限方案是用于秘密共享的一种有效的方案,但该方案中参与者进行欺骗的问题还一直有待于解决,尤其是如何防止最后一个参与者进行欺骗。文章基于Shamir的(t,n)门限方案以及影子的真实性检测,提出了一种防欺骗影子交换协议用于参与者之间进行影子交换,成功的解决了最后一个参与者进行欺骗的问题。     

基于差别特征学习的神经网络图形识别

根据视沉识别的判别特征分辨特性,定义了差别特征模式（ＤＦＰ）,对前向人工神经网络进行了改进,提出了基于判别特征模式的学习方法。针对视觉识别的大小不变性、位置无关性、轮廓与实心等阶性以及变形有噪时的相对稳定性,设计了前向网络,通过调节注视中心来识别多个物体。实验结果证实,该神经网络对模式具有较好的识别稳定性。     

基于安全控制模块的高可信计算机研究

当前的可信计算机主要关注于TPM安全芯片的集成与应用,在可信根保护、文件加密存储和系统安全防护方面存在不足。在参考可信计算技术的基础上,提出了一种以内嵌的安全控制模块为物理信任根的高可信计算机解决方案。论述了整体的组成结构、工作原理,详细分析了高可信计算机中安全控制模块和可信BIOS的实现机制。相关实验结果验证了高可信计算机平台设计方案的有效性。     

Protecting Terminals by Security Domain Mechanism Based on Trusted Computing

0 IntroductionEventhoughsignificant achievement has been madeinre-search of characteristic and abnormal actions of comput-er virus and attack, the investigation of defending the un-known computer virus and attackis progressing much slower .Under the conditions that attackers are much clever , newcomputer virus is presented continuously,the difference be-tween computer virus and normal programis less and lessclear ,detecting computer virus and attack will be more andmore difficult .Andto be the…     

Development of Trusted Computing Research

0 IntroductionWiththe development of informationtechnology,infor-mation market gives all-ti me thriving appearance;theother side,the attack events increased, which have affectednational security and social stabilization. Under the situation,trusted computing (TC) is required.Current trusted computing is to adding the concept oftrust to information society. Through the current technolo-gies ,the trust society would be established and informationsecurity would bei mproved.In technical fields ,…     

Trust Based Pervasive Computing

Pervasive computing environment is a distributed and mobile space. Trust relationship must be established and ensured between devices and the systems in the pervasive computing environment. The trusted computing （TC） technology introduced by trusted computing group is a distributed-system-wide approach to the provisions of integrity protection of resources. The TC＇s notion of trust and security can be described as conformed system behaviors of a platform environment such that the conformation can be attested to a remote challenger. In this paper the trust requirements in a pervasive/ubiquitous environment are analyzed. Then security schemes for the pervasive computing are proposed using primitives offered by TC technology.     

基于SGX 技术的 Windows 遗留信息系统安全增强方案

无源代码无文档的遗留信息系统在各行各业大量存在,为防止恶意攻击者窃取其中的用户数据或隐私,提出了一种基于SGX(software guard extension)技术的Windows遗留信息系统安全增强方案。SGX是Intel公司提出的一种芯片级信息隔离安全防护新技术,已经在信息安全领域得到了广泛应用。安全增强方案通过逆向工程、静态分析等方法找到遗留信息系统的注入点,编写Hook逻辑改变敏感信息操作函数的执行流程,再通过编写SGX组件定义敏感信息加解密访问接口,实现遗留信息系统敏感信息加密保护。最后验证了方案的可行性,且额外的性能损耗在可接受的范围内,可以作为其他无源代码无文档遗留信息系统保护敏感信息的参考。     

TPM context manager and dynamic configuration management for trusted virtualization platform

It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM （trusted platform module） context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM （virtual machine） configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG （trusted computing group） static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.