排序方式: 共有184条查询结果,搜索用时 15 毫秒
81.
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform. 相似文献
82.
Two limitations of current integrity measurement architectures are pointed out: (1) a reference value is required for every measured entity to verify the system states, as is impractical however; (2) malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures. 相似文献
83.
YAN Fei ZHANG Huanguo SUN Qi SHEN Zhidong ZHANG Liqiang QIANG Weizhong 《武汉大学学报:自然科学英文版》2006,11(6):1805-1808
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment. 相似文献
84.
吕素玉 《科技情报开发与经济》2005,15(8):183-185
基于现代企业制度下企业内部存在的受托责任关系以及各种监控评价机构与组织层次对应关系,阐述了企业投资主体多元化后内部审计的定位,指出了现阶段的内部审计机构设置的优缺点,提出了理想的内部审计机构设置方案。 相似文献
85.
可信模块与强制访问控制结合的安全防护方案 总被引:1,自引:0,他引:1
基于可信计算思想,通过在现有移动终端中加入移动可信计算模块,并在核心网中加入安全服务提供者和安全软件提供商,构架了面向移动终端的统一安全防护体系,为用户提供安全服务.该方案有效利用了移动终端操作系统的特性,将基于角色的访问控制与可信验证相结合,实现了高效的可信链传递,使没有授权证书的非法软件和非法进程不能在系统中运行,... 相似文献
86.
A new authentication algorithm for grid identity trusted computing unlimited by hardware is presented;the trusted root is made as an image data.The grid entity is trusted in the soft platform when its feature of image root is entirely matched with that from the other entities’ feature database in a scale space process.To recognize and detect the stable image root feature,the non-homogeneous linear expandable scale space is proposed.Focusing on relations between the scale parameter of the inhomogeneous Gaussian function terms and the space evolution of thermal diffusion homogeneous equations,three space evolution operators are constructed to exact and mark the feature from image root.Analysis and verification are carried on the new scale space,operators and the core of making decisions for grid entities certifications. 相似文献
87.
虚拟机的信任问题是虚拟机安全的关键问题之一,可信密码模块作为计算机信任的源头,其在虚拟机上的应用也引起了越来越多的关注。提出了虚拟可信密码模块(virtual trusted cryptography module, vTCM)方案,该方案将现有可信密码模块(trusted cryptography module, TCM)方案扩展为可切换vTCM场景的vTCM物理环境来支持少量物理vTCM场景,通过vTCM场景的虚拟化调度,从而支持多个虚拟机的TCM访问,为每个虚拟机分配一个绑定的vTCM实例,并使这些实例可以轮流在物理vTCM场景中运行,以使vTCM的安全性分析可以借助TCM结论,增强vTCM的安全性。这一方案在vTCM的管理,包括vTCM迁移等操作上,也体现出了其优势。给出了该方案在KVM虚拟化平台下的实现方法,实现结果表明,该方案不但可行,并且对现有的虚拟机机制有良好的兼容性。 相似文献
88.
针对目前可信认证方案在认证效率和具体应用上的不足,提出了基于虚拟机的可信认证方案,并对Web服务器提出具体的认证策略,通过实验证明这种策略是可行和有效的。 相似文献
89.
王保民 《河北大学学报(自然科学版)》2010,30(6)
为了提高数字签名方案的安全性,提出了一种基于可信平台的签名方案,该方案采用双私钥设计,同时,利用可信平台,以及智能卡等安全设备增加了系统的安全性.为防止消息在公共信道篡改,消息和签名将被用户与签名者的一次一密密码系统加密处理.最后,给出方案的正确性证明、安全性分析. 相似文献
90.
平震宇 《成都大学学报(自然科学版)》2010,29(2):150-153
介绍了网络可信平台的研究与实现,采用可信度量机制以保证网络计算终端的安全为基础,利用远程证明机制对网络接入终端的可信性验证,根据验证结果决定对整个网络计算环境的访问控制,利用传统网络安全技术和可信计算技术实现了全新的网络安全体系结构. 相似文献