信息网络安全 ›› 2016, Vol. 16 ›› Issue (6): 8-14.doi: 10.3969/j.issn.1671-1122.2016.06.002

• • 上一篇    下一篇

一种可信计算平台完整性度量的新模型

邢彬(), 刘吉强, 韩臻   

  1. 北京交通大学计算机与信息技术学院,北京100044
  • 收稿日期:2016-04-18 出版日期:2016-06-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 邢彬(1984—),男,河北,博士研究生,主要研究方向为云计算、虚拟化和可信计算;刘吉强(1973—),男,北京,教授,博士,主要研究方向为应用密码学、安全协议和隐私保护;韩臻(1962—),男,北京,教授,博士,主要研究方向为信息安全体系结构、可信计算和云计算。

  • 基金资助:
    国家自然科学基金[61572066];高等学校博士学科点专项科研基金[20120009110007];发改委信息安全专项[20131309]

A New Model for Measuring the Integrity of Trusted Computing Platforms

Bin XING(), Jiqiang LIU, Zhen HAN   

  1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
  • Received:2016-04-18 Online:2016-06-20 Published:2020-05-13

摘要:

可信计算技术通过改变传统计算机的体系结构进一步增强了终端计算平台的安全性。现有用于描述可信计算平台建立过程的链式、星型和树型信任传递模型虽然能够记录计算平台中各个实体的度量结果,但是不能很好地描述这些实体间的调用和依赖关系。同时,这些模型也没有对完整性度量的时间条件进行约束,使得这些模型会因静态度量而存在TOC-TOU等安全隐患。针对上述这些问题,文章提出了一种新的描述可信计算平台建立和完整性度量的模型,即度量区域模型。该模型能够更全面地描述计算平台的完整性状态、更加灵活地描述计算平台的状态转移和信任传递过程,同时进一步放宽了对实体进行完整性度量的时间条件,使安全的预先度量成为可能。度量区域模型不仅能够兼容于现有的链式、星型和树型信任传递模型,而且能很好地应用于很多应用场景中。

关键词: 可信计算, 信任传递, 完整性度量, 度量区域

Abstract:

The existing chain-style, star-style, and tree-style trust transmission models, which are used for presenting the establishment process of trusted computing platform, can record the measurement results of the entities in the platform. Nevertheless, these models not only have some shortcomings in describing the invoking and dependence relationships between the entities, but also don’t focus on the time limitation of the integrity measurement, which might make the models be suffered from the threats such as TOC-TOU. To overcome these weakness, a new model for describing establishment process of trusted computing platform and integrity measurement is proposed, namely Measured Zone. This model can describe the integrity statuses comprehensively; describe the state transition and trust transmission flexibly; and reduce the time limitation of integrity measurement, which makes the beforehand measurement more secure.

Key words: trusted computing, trust transmission, integrity measurement, measured zone

中图分类号: