基于可信计算技术的移动代码安全研究
|
摘要
互联网的飞速发展使移动代码及相关技术得到了极大的发展,广泛存在的诸如“动态内容(Active Contents)”、“脚本语言(Scripting)”、“宏(Macro)”、“应用程序(Applet)”、“自定义控制(Custom Control)”等,这类代码被统称为“移动代码”。由于移动代码的移动性、动态性和多态性,在给用户带来方便性的同时,移动代码所引发的安全问题也突现。关于移动代码的安全一直是难以解决的问题,特别是在对安全要求较高的环境中,安全问题严重影响着移动代码的发展和应用。本文主要基于可信计算思想及技术研究如何防范恶意的移动代码对主机资源的破坏以及恶意的主机对于移动代码的攻击。
当前,可信计算及其应用已经成为研究热点。可信计算在可信认证、可信度量、可信存储等方面为安全应用支撑平台的建立提供基础支持。按照可信计算技术思路,代码是否可信是基于代码的行为而言的,相比传统的以代码静态特征为依据的检测和防范手段而言,从行为的度量和控制方面研究移动代码的安全能够弥补传统技术的不足,符合信息安全的发展趋势。目前可信计算平台对于应用支持方面的研究仍存在很多值得研究的问题,本文所探讨的基于可信计算技术的移动代码安全保护就是其中一个方面,在此方面所做的探讨和研究也将对可信计算技术的进一步推广产生积极效应。
本文综述了移动代码的特征以及由此引发的安全问题,分析当前研究中存在的问题和不足之处,指出现有的静态特征码扫描技术在恶意移动代码变体以及未知类型移动代码识别方面已经存在明显缺陷和短板,要解决未知移动代码的安全防护问题必须以可信计算平台技术为基础,以移动代码的行为特征为核心,构筑主动防御体系。在信息安全保障“一个中心三重防护体系”框架下,本文针对移动代码安全提出了一个三重防护模型,以代码行为特征为基本出发点,试图从移动代码来源控制、移动代码可信验证以及移动代码行为控制三个层面建立移动代码安全的综合防御体系,并对其中的关键技术进行重点研究。具体来说,本文在以下方面进行了较为深入的研究。
1)以源头控制为主导思想,对移动代码的来源平台进行度量和证明,提出一种基于终端行为特征的可信网络连接控制方法,将终端行为特征作为度量指标,与其它方法相比能够更加实时和准确地反映平台状态,并实时地将恶意主机阻断在网络环境之外,从源头有效控制恶意移动代码的入侵。
2)移动代码“生产平台”和“消费平台”之间的信任关系建立有助于对移动代码消费平台的保护,结合自动信任协商ATN技术,依靠逐步披露的平台身份证书和行为属性证书,在陌生的移动代码生产者和移动代码消费者之间建立信任关系,该方法不仅解决了跨域平台的信任建立难题,同时保护了平台属性等隐私信息。
3)当移动代码消费平台接收到外来的移动代码时,对其进行检测和验证是抵御恶意移动代码攻击的重要环节,为此本文首次提出了以移动代码宿主解释进程的综合行为特征为依据的移动代码检测和判定方法。通过引入攻击树模型描述代码在执行过程中生成和调用的所有中间代码以及目标代码的逻辑关系,计算得到移动代码恶意性权值,进而对代码是否可信作出判别。实验表明相对于已有的静态特征识别方法和行为特征序列识别方法,本文提出的方法具有极低的漏报率和误报率,并且对于未知恶意代码的识别具有积极意义。
4)针对移动代码存在的不同形态,对其行为实施有效控制,把系统中的所有主客体划分为已标识域和未标识域,在生产系统中对移动代码实施标记,通过访问控制机制明确限定代码能够访问的资源范围,实现主机平台对恶意移动代码的“自免疫”。对于无法准确标记以及开放网络环境下的移动代码,提出了一种面向可信标识对象的移动代码访问控制模型,该模型以“管道封装”思想为基础,通过对移动代码及其相关资源的封装,限定代码的作用范围,同时通过对代码的可信状态进行区分,限制不可信的以及不确定的移动代码对本地资源的威胁。
5)基于可信计算平台技术以及密封存储机制,对移动代码所携带资源实施密封(Seal)保护,使得只有授权的用户在授权的终端平台上才能够通过解封(UnSeal)得到移动代码和其携带的敏感资源信息的明文,以此保证移动代码中敏感资源的机密性,防止恶意主机平台对于移动代码的篡改和破坏,以及恶意用户对移动代码中敏感信息的窃取。
With the rapid development of broadband network technology, mobile code technology has a great deal of development and promises well. Oftentimes mobile code takes a variety of forms including active contents,scripting,macro,applet,custom control and so on, these dynamic programs that can move across network are often referred to as "mobile code". However, the security problem with mobile code technology obstructs its wide application in real business. Among these security problems, how to protect mobile code from malicious host and how to protect host platforms from malicious mobile code are new issues that cannot be dealt by traditional technologies. In this thesis, we aim at solving these problems based on trusted computing.
Trusted computing is one of the focuses of recent research. According to trusted computing, the trustworthiness of code is based on its behavior rather than static characteristics. It meets the development trend of information security. This thesis firstly applies trusted computing technology to solve the security problems of mobile code. We hope the research work can also promote the application of trusted computing rapidly.
The security problems and security requirements in mobile code system are analyzed. It is obviously that the existing malicious code detection algorithms which are based on static characteristics have some drawbacks. We get the conclusion that in order to solve the security problems of unknown mobile codes, we should focus on the trustworthiness of its behavior based on trusted computing technology. In this thesis, we propose a three-level protection model to deal with mobile code security problems. In this model we consider code behavior characteristics as basic starting point, and try to build a comprehensive protection architecture. Main research work and key contributions of this dissertation are as follows:
1. Considering source controlling as dominate idea, we propose a trusted network connect control strategy which calculates the "healthy status" of a terminal based on analyzing the real-time characteristics of its behavior and process activity. It protects a network and its internal terminals by checking the identification and "healthy status" of each terminal attempting to access the protected network. Then the external terminal which could be getting potential risk will be isolated from the network. Compared with the existing methods which are based on static characteristics, our strategy can get better performance, especially, on identifying and isolating the terminals with potential risk.
2. Automated trust negotiation based Trust Mobile Code Verification Model (ATNMCVM) is proposed in this thesis, which establishes trust between strangers with iterative disclosure of credentials and security policies. In addition, the sensitive property and private privacy can be protected in ATNMCVM.
3. Inspired by the research of attack tree model, we present a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time. It is named IBC-DA. The experiments result shows that the proposed algorithm works in most cases of detection and only has minor errors in few conditions. This algorithm has very positive sense for unknown malicious code detection.
4. Combining trusted computing with object-oriented method, we propose a new trust extended object-oriented security model (TEOOSM), which can be applied to the access control system of Mobile Codes. Because mobile codes have strong ability of being independent, autonomic, mobile, and mixed with data, it is ineffective to handle their security issues with traditional access control systems. Our model encapsulates the code and data, utilize the trusted status measurement, and then effectively protect platforms, codes and data from being destroyed by malicious codes or systems.
5. Environmental key generation can be used when mobile code producer (MCP) needs mobile code consumer (MCC) to decrypt the code correctly only if some special environmental conditions are true. In this thesis, we introduce a new approach, which is based on environmental key generation, to protect sensitive information within mobile code. It is achieved through introduction of Trusted Computing technology-Sealing. Our approach uses the combination of hardware and software technology, so it is tamper-resistant to attackers.
当前,可信计算及其应用已经成为研究热点。可信计算在可信认证、可信度量、可信存储等方面为安全应用支撑平台的建立提供基础支持。按照可信计算技术思路,代码是否可信是基于代码的行为而言的,相比传统的以代码静态特征为依据的检测和防范手段而言,从行为的度量和控制方面研究移动代码的安全能够弥补传统技术的不足,符合信息安全的发展趋势。目前可信计算平台对于应用支持方面的研究仍存在很多值得研究的问题,本文所探讨的基于可信计算技术的移动代码安全保护就是其中一个方面,在此方面所做的探讨和研究也将对可信计算技术的进一步推广产生积极效应。
本文综述了移动代码的特征以及由此引发的安全问题,分析当前研究中存在的问题和不足之处,指出现有的静态特征码扫描技术在恶意移动代码变体以及未知类型移动代码识别方面已经存在明显缺陷和短板,要解决未知移动代码的安全防护问题必须以可信计算平台技术为基础,以移动代码的行为特征为核心,构筑主动防御体系。在信息安全保障“一个中心三重防护体系”框架下,本文针对移动代码安全提出了一个三重防护模型,以代码行为特征为基本出发点,试图从移动代码来源控制、移动代码可信验证以及移动代码行为控制三个层面建立移动代码安全的综合防御体系,并对其中的关键技术进行重点研究。具体来说,本文在以下方面进行了较为深入的研究。
1)以源头控制为主导思想,对移动代码的来源平台进行度量和证明,提出一种基于终端行为特征的可信网络连接控制方法,将终端行为特征作为度量指标,与其它方法相比能够更加实时和准确地反映平台状态,并实时地将恶意主机阻断在网络环境之外,从源头有效控制恶意移动代码的入侵。
2)移动代码“生产平台”和“消费平台”之间的信任关系建立有助于对移动代码消费平台的保护,结合自动信任协商ATN技术,依靠逐步披露的平台身份证书和行为属性证书,在陌生的移动代码生产者和移动代码消费者之间建立信任关系,该方法不仅解决了跨域平台的信任建立难题,同时保护了平台属性等隐私信息。
3)当移动代码消费平台接收到外来的移动代码时,对其进行检测和验证是抵御恶意移动代码攻击的重要环节,为此本文首次提出了以移动代码宿主解释进程的综合行为特征为依据的移动代码检测和判定方法。通过引入攻击树模型描述代码在执行过程中生成和调用的所有中间代码以及目标代码的逻辑关系,计算得到移动代码恶意性权值,进而对代码是否可信作出判别。实验表明相对于已有的静态特征识别方法和行为特征序列识别方法,本文提出的方法具有极低的漏报率和误报率,并且对于未知恶意代码的识别具有积极意义。
4)针对移动代码存在的不同形态,对其行为实施有效控制,把系统中的所有主客体划分为已标识域和未标识域,在生产系统中对移动代码实施标记,通过访问控制机制明确限定代码能够访问的资源范围,实现主机平台对恶意移动代码的“自免疫”。对于无法准确标记以及开放网络环境下的移动代码,提出了一种面向可信标识对象的移动代码访问控制模型,该模型以“管道封装”思想为基础,通过对移动代码及其相关资源的封装,限定代码的作用范围,同时通过对代码的可信状态进行区分,限制不可信的以及不确定的移动代码对本地资源的威胁。
5)基于可信计算平台技术以及密封存储机制,对移动代码所携带资源实施密封(Seal)保护,使得只有授权的用户在授权的终端平台上才能够通过解封(UnSeal)得到移动代码和其携带的敏感资源信息的明文,以此保证移动代码中敏感资源的机密性,防止恶意主机平台对于移动代码的篡改和破坏,以及恶意用户对移动代码中敏感信息的窃取。
With the rapid development of broadband network technology, mobile code technology has a great deal of development and promises well. Oftentimes mobile code takes a variety of forms including active contents,scripting,macro,applet,custom control and so on, these dynamic programs that can move across network are often referred to as "mobile code". However, the security problem with mobile code technology obstructs its wide application in real business. Among these security problems, how to protect mobile code from malicious host and how to protect host platforms from malicious mobile code are new issues that cannot be dealt by traditional technologies. In this thesis, we aim at solving these problems based on trusted computing.
Trusted computing is one of the focuses of recent research. According to trusted computing, the trustworthiness of code is based on its behavior rather than static characteristics. It meets the development trend of information security. This thesis firstly applies trusted computing technology to solve the security problems of mobile code. We hope the research work can also promote the application of trusted computing rapidly.
The security problems and security requirements in mobile code system are analyzed. It is obviously that the existing malicious code detection algorithms which are based on static characteristics have some drawbacks. We get the conclusion that in order to solve the security problems of unknown mobile codes, we should focus on the trustworthiness of its behavior based on trusted computing technology. In this thesis, we propose a three-level protection model to deal with mobile code security problems. In this model we consider code behavior characteristics as basic starting point, and try to build a comprehensive protection architecture. Main research work and key contributions of this dissertation are as follows:
1. Considering source controlling as dominate idea, we propose a trusted network connect control strategy which calculates the "healthy status" of a terminal based on analyzing the real-time characteristics of its behavior and process activity. It protects a network and its internal terminals by checking the identification and "healthy status" of each terminal attempting to access the protected network. Then the external terminal which could be getting potential risk will be isolated from the network. Compared with the existing methods which are based on static characteristics, our strategy can get better performance, especially, on identifying and isolating the terminals with potential risk.
2. Automated trust negotiation based Trust Mobile Code Verification Model (ATNMCVM) is proposed in this thesis, which establishes trust between strangers with iterative disclosure of credentials and security policies. In addition, the sensitive property and private privacy can be protected in ATNMCVM.
3. Inspired by the research of attack tree model, we present a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time. It is named IBC-DA. The experiments result shows that the proposed algorithm works in most cases of detection and only has minor errors in few conditions. This algorithm has very positive sense for unknown malicious code detection.
4. Combining trusted computing with object-oriented method, we propose a new trust extended object-oriented security model (TEOOSM), which can be applied to the access control system of Mobile Codes. Because mobile codes have strong ability of being independent, autonomic, mobile, and mixed with data, it is ineffective to handle their security issues with traditional access control systems. Our model encapsulates the code and data, utilize the trusted status measurement, and then effectively protect platforms, codes and data from being destroyed by malicious codes or systems.
5. Environmental key generation can be used when mobile code producer (MCP) needs mobile code consumer (MCC) to decrypt the code correctly only if some special environmental conditions are true. In this thesis, we introduce a new approach, which is based on environmental key generation, to protect sensitive information within mobile code. It is achieved through introduction of Trusted Computing technology-Sealing. Our approach uses the combination of hardware and software technology, so it is tamper-resistant to attackers.
引文
[1]卢兴华,赵强,刘志明等.安全通过方式—移动代码安全的新方法[J].计算机工程,2004,30(6):135-136.
[2]王红.移动Agent关键技术研究[博士论文].北京:中国科学院计算技术研究所,2002.
[3]郭帆.基于程序设计语言的移动代码安全研究[博士论文].合肥:中国科学技术大学,2003.
[4]吴建军.恶意主机环境下的移动代码保护[博士论文].杭州:浙江大学,2004.
[5]CNCERT/CC.CNCERT/CC 2008年网络安全工作报告[R].http://www.cert.org.cn/UserFiles/File/CNCERTCC200901.pdf.
[6]Finjan.Behavior-Based Security[EB/OL].http://www.finjan.com,2006.
[7]F.Cohen.Computer Viruses:Theory and Experiments[J].Computers and Security,1987(6):22-35.
[8]D.M.Chess,S.R.White.An Undetectable Computer Virus[C].In Proceedings of Virus Bulletin Conference,2000.
[9]George C.Necula.Proof-carrying Code[C].Proceedings of the 2nd ACM SIGPLAN Conference on Programming Language Design and Implementation,Paris,France,1997:106-119.
[10]G.Morrisett,D.Walker,K.Crary,N.Glew.From System F to Typed Assembly Language[C].ACM Transactions on Programming Languages and Systems,May 1999,21(3):527-568.
[11]M.Christodorescu,S.Jha.Static Analysis of Executables to Detect Malicious Patterns[C].In Proceedings of the 12th USENIX Security Symposium,August 2003:169-186.
[12]J.Bergeron,M.Debbabi,J.Deshamais,M.M.Erhioui,Y.Lavoie,N.Tawbi.Static Detection of Malicious Code in Executable Programs[C].1st Symposium on Requirements Engineering for Information Security,Indianapolis,IN,2001.
[13]W.Landi.Undecidability of Static Analysis[C].ACM Letters on Programming Languages and Systems(LOPLAS),December 1992.ACM Press:323-337.
[14]E.M.Myers.A Precise Interprocedural Data Flow Algorithm[C].In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages(POPL'81),Jan 1981.ACM Press:219-230.
[15]D.Geer.Behavior-Based Network Security Goes Mainstream[J].Computer,March 2006,39(3):14-17.
[16]C.Kruegel,D.Mutz,F.Valeur,G.Vigna.On the Detection of Anomalous System Call Arguments[C].In the Proceeding of the 8th European Symposium on Research in Computer Security(ESORIC S-03),Gjovik,Norway,2003:101-118.
[17]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,vol.6:151-180.
[18]K.M.C.Tan,K.S.Killourhy,R.A.Maxion.Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits[C].In the Proceeding of the Recent Advances in Intrusion Detection(RAID-02),Zurich,Switzerland,2002.
[19]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Intemet Technologies and Systems,Dec 1997.
[20]V.Prevelakis,D.Spinellis.Sandboxing Applications[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001:119-126.
[21]D.E.Bell,L.J.LaPadula.Secure Computer Systems:Mathematical Foundations[R].Technical Report ESD-TR-73-278,USAF Electronic Systems Division,Bedford,MA,USA,Nov 1973.
[22]Department of Defense of USA.Trusted Computer System Evaluation Criteria[S].DoD 5200.28-STD,Auguest 1983.
[23]L.Adleman.An Abstract Theory of Computer Viruses[J].In Lecture Notes in Computer Science,Vol 403,Spring-Verlag,1990.
[24]K.J.Biba.Integrity Considerations for Secure Computer Systems[R].Technical Report ESD-TR-76-372,USAF Electronic Systems Division,Bedford,MA,USA,April 1977.
[25]T.Fraser.LOMAC:Low Water-Mark Integrity Protection for COTS Environments[C].In Proceedings of the 2000 IEEE Symposium on Security and Privacy,Berkeley,California,May 2000.
[26]T.Fraser.LOMAC:MAC You Can Live With[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001.
[27]W.E.Boebert,R.Y.Kain.A Practical Alternative to Hierarchical Integrity Policies[C].In Proceedings of the 8th National Computer Security Conference,Gaithersburg,MD,1985.
[28]W.E.Boebert,W.D.Young,R.Y.Kain,S.A.Hansohn.Secure Ada Target:Issues,System Design,and Verification[C].In Proceedings of the 1985 Symposium on Security and Privacy,1985:176-183.
[29]O.S.Saydjari,J.M.Beckman,J.R.Leaman.LOCK Trek:Navigating Uncharted Space[C].In Proceedings of the 1989 Symposium on Security and Privacy,May 1989:167-175.
[30]O.S.Saydjari.LOCK:An Historical Perspective[C].18th Annual Computer Security Applications Conference,San Diego,California,Dec 2002:96-109.
[31]M.Adkins,G.Dolsen,J.Heaney,et al.The Argus Security Model[C].Twelfth National Computer Security Conference Proceedings,Oct 1989:123-134.
[32]T.Duff.Experiences with Viruses on Unix Systems[J].Computing Systems,1989,2(2):155-172.
[33]杨涛.SUNIX安全操作系统[博士论文].长沙:国防科技大学,1993.
[34]J.S.Fritzinger,M.Mueller.Java Security[R].Technical Report,Sun Microsystems,Inc.,1996.
[35]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Internet Technologies and Systems,Dec 1997.
[36]A.Berman,V.Bourassa,E.Selberg.TRON:Process-specific File Protection for the UNIX Operating System[C].In Proceedings of the 1995 USENIX Winter Technical Conference:165-175.
[37]G.Edjlali,A.Acharya,V.Chaudhary.History-based Access Control for Mobile Code.In Proceedings of the Fifth ACM Conference on Computer and Communications Security,1998.
[38]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,6(3):151-180.
[39]S.Forrest,S.A.Hofmeyr,A.Somayaji.A Sense of Self for UNIX Processes[C].In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy,Los Alamitos.CAZ:IEEE Computer Society Press,1996.
[40]I.Goldberg,D.Wagner,R.Thomas,et al.A Secure Environment for Untrusted Helper Applications[C].In Proceedings of the 6th USENIX Security Symposium,July 1996:1-14.
[41]D.A.Wagner.Janus:An Approach for Confinement of Untrusted Applications[R].Technical Report CSD-99-1056.Berkeley:University of California,1999.
[42]Execute Disable Bit Functionality[EB/OL].http://www.intel.com/business/bss/infrastructure/security/xdbit.htm,2004-9-2.
[43]Nikhil Rastogi.Amd & Intel 64bit Processors Offer Virus Protection[EB/OL].http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=5044,2004-9-2.
[44]E.Grevstad.CPU-Based Security:The NX Bit[EB/OL].http://hardware.earthweb.com/chips/article.php/3358421,2004-9-2.
[45]Microsoft Security Bulletin(MS00-078)[EB/OL].http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx,2004-9-2.
[46]J.H.Saltzer,M.D.Schroeder.The Protection of Information in Computer Systems[C].In Proceedings of the IEEE,Vol.63,No.9,Sep 1975:1278-1308.
[47]A.Silberschatz,P.B.Galvin,G.Gagne.Operating System Concepts(Sixth Edition)[M].New York:John Wiley & Sons,2002.
[48]M.I.Seltzer,Y.Endo,C.Small,K.A.Smith.Dealing With Disaster:Surviving Misbehaved Kernel Extensions[C].Proceedings of the USENIX 2nd Symposium on OS Design and Implementation,Seattle,WA,October 28-31,1996.
[49]Rootkit 综述[EB/OL].http://oldsite.linuxaid.com.cn/solution/showsol.jsp?i=383,2004-9-2.
[50]J.Clemens.Knark:Linux Kernel Subversion[EB/OL].http://www.sans.org/resources/idfaq/knark.php,2004-9-2.
[51]周正.安全操作系统的恶意代码自身免疫机制研究[博士论文].武汉:海军工程大学,2008.
[52]A.R.Sadeghi,C.Stuble.Property-based Attestation for Computing Platforms:Caring about Properties,not Mechanisms[C].In Proceedings of the New Security Paradigm Workshop (NSPW),ACM,2004:67-77.
[53]T.C.Group.TCG Specification architecture overview,Version1.2[EB/OL].https://www.trustedcomputinggroup.org,2003.
[54]T.C.P.Alliance.TCPA Design Philosophies and Concepts Version 1.0[EB/OL].https://www.trustedcomputinggroup.org,Jan 2001.
[55]赵佳.可信认证关键技术研究[博士论文].北京:北京交通大学,2008.
[56]T.C.Group.TCG Specification Architecture Overview[EB/OL].https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf,2007.
[57]赵勇.重要信息系统安全体系结构及实用模型研究[博士论文].北京:北京交通大学,2008.
[58]B.L.Vito,P.H.Palmquist,E.R.Anderson,M.L.Johnston.Specification and Verification of the ASOS Kernel[C].IEEE Computer Society Symposium on Research in Security and Privacy.Oakland,Colicornia,USA:IEEE Press,1990:61-74.
[59]G.H.Nibaldi.Specification of a Trusted Computing Base[R].Technical Report,M79-228.The MITRE Corporation,Bedford,MA,USA,Nov 1979.
[60]Department of Defense Computer Security Center.Department of Defense Trusted Computer System Evaluation Criteria[S].DoD,USA,Dec 1985.
[61]B.Pfitzmann,J.Riordan,et al.The PERSEUS System Architecture[R].IBM Technical Report NO.93381.IBM Research Division,Zurich,2001.
[62]S.Pearson,B.Balacheff.Trusted Computing Platforms:TCPA Technology in Context.Prentice Hall,2003.
[63]T.C.Group.TCG Specification Architecture Overview,Version1.2[OL].https://www.trustedcomputinggroup.org,2004-04-28.
[64]Intel.LaGrande Technology Architecture[EB/OL].http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf.
[65]AMD.AMD Platform for Trustworthy Computing[C].http://www.microsoft.com/whdc/winhec/papers03.mspx,2003.
[66]Microsoft.Next-generation Secure Application Base[EB/OL].http://www.microsoft.corn/resources/ngscb.
[67]Microsoft.Network Access Protection Platform Architecture[EB/OL].http://www.microsoft.com/windowsserver2003/techinfo/overview/naparch.mspx,April 2005.
[68]Cisco.Network Admission Control[EB/OL].http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd800fd d66.shtml.
[69]T.C.Group.TCG Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.3,Revision 6[EB/OL].https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_3_r6.pdf,2008.
[70]R.Anderson.TCPA/Palladium Frequently Asked Questions[EB/OL].http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.
[71]E.W.Felten.Understanding Trusted Computing,Will Its Benefits Outweigh Its Drawbacks?[J].IEEE Security & Privacy,May/June 2003:60-62.
[72]N.Luhmann.Trust and Power[M].Chichester:John Wiley and Sons,1979.
[73]M.Deutsch.Cooperation and Trust:Some Theoretical Notes[M].In M.R.Jones,editor,Nebraska symposium on motivation,University of Nebraska,1962:275-319.
[74]M.Deutsch.The Resolution of Conflict:Constructive and Destructive Processes.New Haven,CT:Yale University,1972.
[75]D.Gambetta.Can We Trust Trust?[M].In D.Gambetta,Trust:Making and Breaking Cooperative Relations,chapter 13,pp.213-237.Department of Sociology,University of Oxford,electronic edition,2000.
[76]沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学,2007,37(2):129-155.
[77]张焕国,罗捷,金刚,朱志强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[78]闵应骅.可信系统与网络[J].计算机工程与科学,2001,23(5):21-23.
[79]C.Mundie,et al.Trustworthy Computing.Microsoft PressPass,White Paper[EB/OL].http://www.microsoft.com/presspass/exec/craig/10-02trustworthywp.asp.
[80]屈延文.软件行为学[M].北京:电子工业出版社,2004.
[81]黄强.基于可信计算的终端安全体系结构研究[博士论文].武汉:海军工程大学,2007.
[82]黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版),2004,50(S1):12-14. Huang Tao,Shen Changxiang.A Trusted Bootstrap Scenario Based Trusted Server[J].Journal of Wuhan University(Nature Science)(in Chinese),2004,50(S1):12-14.
[83]W.A.Arbaugh,D.J.Farber,A.D.Keromytis,J.M.Smith.A Secure and Reliable Bootstrap Architecture[C].In IEEE Symposium on Security and Privacy,1997:65-71.
[84]Christian Stiible.tGRUB[R].http://www.prosec.Rub.de/tGRUB/README,2004.
[85]T.Jaeger,R.Sailer,U Shankar.PRIMA:Policy-Reduced Integrity Measurement Architecture [C].In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies(SACMAT 2006),Lake Tahoe,California,2006:134-143.
[86]Information Assurance Technical Framework Release 3.1[R].National Security Agency,Information Assurance Solution Technical Directors,2002.
[87]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J].信息安全与通信保密,2004,(9):17-19.
[88]陈幼雷.可信计算模型及体系结构研究:[博士论文].武汉:武汉大学,2006.
[89]Liu Weiwei,Li Xiaoyong,Han Zhen.A Trusted Source-Based Model of Mobile Code Security[C].In the 2007 International Conference on Machine Learning and Cybernetics,HongKong,2007.
[90]T.C.Group.Standardizing Network Access Control:TNC and Microsoft NAP to Interoperate[OL].http://www.trustedcomputinggroup.org/tnc/,2007.
[91]李晓勇,左晓栋,沈昌祥.基于系统行为的计算平台可信证明[J].电子学报,2007,35(7):1234-1239.
[92]刘伟,杨林,戴浩等.一种新的网络接入控制方法及其认证会话性能分析[J].计算机学报,2007,30(10):1806-1812.
[93]Matt Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
[94]陈立新.计算机病毒防治百事通[M].北京:清华大学出版社,2001.
[95]F.Cohen.Models of Practical Defenses Against Computer Viruses[J].IFIP-TC11,Computers and Security,Vol.7 No.6,Dec 1988.
[96]M.Cohen.A New Integrity Based Model for Limited Protection Against Computer Viruses.Masters Thesis,The Pennsylvania State University,College Park,PA,1988.
[97]E.H.Spafford.Computer Viruses as Artificial Life[J].Artificial Life,Volume 1,Number 3,Spring 1994:249-265.
[98]M.Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
[99]陈泽茂.恶意代码的研究[博士论文].武汉:海军工程大学,2005.
[100]Microsoft Corporation.深层病毒防护指南-第2章:恶意软件威胁[EB/OL].http://www.microso ft.com/china/technet/security/guidance/avdind_2.mspx,2004-9-2.
[101]J.Nazario,et al.The Future of Internet Worms.Presented at the Blackhat Briefings,Las Vegas,July,2001.http://www.crimelabs.net/docs/worm.html,2004-9-2.
[102]中国互联网协会.恶意软件定义(征求意见稿)[EB/OL].http://www.isc.org.cn/ShowArticle.php?id=7277.
[103]B.Schneier.Attack Trees-Modeling Security Threats[J].Dr Dobb's Journal,1999,24(12):21-29.
[104]王辉,刘淑芬.一种可扩展的内部威胁预测模型[J].计算机学报,2006,29(8):1346-1355.
[105]李江涛.基于行为的病毒分析和检测[硕士论文].北京:北京交通大学,2008.
[106]W.H.Winsborough,K.E.Seamons,V.E.Jones.Automated Trust Negotiation[C].DARPA Information Survivability Conference and Exposition Volume Ⅰ.Washington:IEEE Press,Jan 2000:88-102.
[107]李建新,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133.Li JianXin,Huai JinPeng,Li XianXian,Research on Automated Trust Negotiation[J].Journal of Software,2006,17(1):124-133.
[108]廖振松,金海,李赤松.基于属性的信任协商模型[J].华中科技大学学报,2006,34(5):32-35.Liao Zhensong,Jin Hai,Li Chisong.Model of Attribute-Based Trust Negotiation[J].Journal of Huazhong University of Science and Technology,2006,34(5):32-35.
[109]D.E.Bell,L.J.LaPadula.Secure Computer Systems:A Mathematical Model[R].Techincal Report,M74-244,the MITRE Corporation,1973.
[110]K.J.Biba.Integrity Considerations for Secure Computer System[R].Technical Report,ESD-76-372.Bedford,MA:OSAF Electronic System Division,Hanscom Air Force Base,1977.
[111]D.D.Clark,D.R.Wilson.A Comparison of Commercial and Military Computer Security Policity[C].Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,1987:184-194.
[112]H.Maruyama,Y.Funaki,T.Nakamura,S.Munetoh,Y.Yamashita.Linux with TCPA Integrity Measurement[R].IBM,Research Report:RT0575,Jan 2003.
[113]李晓勇.可信分布式计算环境[博士论文].北京:北京交通大学,2008.
[114]汪成为,郑小军,彭木昌.面向对象分析、设计和应用(第一版)[M].北京:北京国防工业出版社,1992年9月:1-66.
[115]郑志荣.操作系统安全结构框架研究[博士论文].武汉:海军工程大学,2006.
[116]盛可军.基于组织机构的应用区域边界安全体系结构的研究[博士论文].武汉:海军工程大学,2006.
[117]訾小超,茅兵,谢立.面向对象访问控制模型的研究和实现[J].计算机应用与技术,2004,21(1):4-6.
[118]Liu Weiwei,Liu Jiqiang,Han Zhen,Shen Changxiang.Trust Extended Object-oriented Security Model[C].In IET 2nd International Conference on Wireless,Mobile and Multimedia Networks(ICWMMN 2008),2008:486-489.
[119]J.Riordan,B.Schneier.Environmental Key Generation towards Clueless Agents[J].Mobile Agents and Security,Springer-Verlag LNCS 1419,1998:15-24.
[120]H.K.Tan,L.Moreau.Certificates for Mobile Code Security[C].Proceedings of the 17th ACM Symposium on Applied Computing(SAC2002),Feb 2001:76-81.
[121]Long Qin,Si Duanfeng.A Hybrid Security Framework of Mobile Code.COMPSAC 2004,2004:390-395.
[122]E.Shi,A.Perrig,L.Van Doom.Bind:A Fine-grained Attestation Service for Secure Distributed Systems[C].In Proceedings of the IEEE Symposium on Security and Privacy,2005:154-168.
[123]Peng Shuanghe,Han Zhen.Single Sign On Using U-Key on Trusted Platform[C].The 8th International Conference on Signal Processing Proceedings(ICSP06),2006.
[124]T.C.Group.TPM Main Part 3 Commands Specification Version 1.2 Revision 62[S]. https://www.trustedApplicationgroup.org,2003.
[125]Liu Weiwei,Han Zhen,Wang Qinglong.An Approach to the Sensitive Information Protection for Mobile Code[C].In The First International Symposium on Data,Privacy,and E-Commerce,2007:289-291.
[2]王红.移动Agent关键技术研究[博士论文].北京:中国科学院计算技术研究所,2002.
[3]郭帆.基于程序设计语言的移动代码安全研究[博士论文].合肥:中国科学技术大学,2003.
[4]吴建军.恶意主机环境下的移动代码保护[博士论文].杭州:浙江大学,2004.
[5]CNCERT/CC.CNCERT/CC 2008年网络安全工作报告[R].http://www.cert.org.cn/UserFiles/File/CNCERTCC200901.pdf.
[6]Finjan.Behavior-Based Security[EB/OL].http://www.finjan.com,2006.
[7]F.Cohen.Computer Viruses:Theory and Experiments[J].Computers and Security,1987(6):22-35.
[8]D.M.Chess,S.R.White.An Undetectable Computer Virus[C].In Proceedings of Virus Bulletin Conference,2000.
[9]George C.Necula.Proof-carrying Code[C].Proceedings of the 2nd ACM SIGPLAN Conference on Programming Language Design and Implementation,Paris,France,1997:106-119.
[10]G.Morrisett,D.Walker,K.Crary,N.Glew.From System F to Typed Assembly Language[C].ACM Transactions on Programming Languages and Systems,May 1999,21(3):527-568.
[11]M.Christodorescu,S.Jha.Static Analysis of Executables to Detect Malicious Patterns[C].In Proceedings of the 12th USENIX Security Symposium,August 2003:169-186.
[12]J.Bergeron,M.Debbabi,J.Deshamais,M.M.Erhioui,Y.Lavoie,N.Tawbi.Static Detection of Malicious Code in Executable Programs[C].1st Symposium on Requirements Engineering for Information Security,Indianapolis,IN,2001.
[13]W.Landi.Undecidability of Static Analysis[C].ACM Letters on Programming Languages and Systems(LOPLAS),December 1992.ACM Press:323-337.
[14]E.M.Myers.A Precise Interprocedural Data Flow Algorithm[C].In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages(POPL'81),Jan 1981.ACM Press:219-230.
[15]D.Geer.Behavior-Based Network Security Goes Mainstream[J].Computer,March 2006,39(3):14-17.
[16]C.Kruegel,D.Mutz,F.Valeur,G.Vigna.On the Detection of Anomalous System Call Arguments[C].In the Proceeding of the 8th European Symposium on Research in Computer Security(ESORIC S-03),Gjovik,Norway,2003:101-118.
[17]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,vol.6:151-180.
[18]K.M.C.Tan,K.S.Killourhy,R.A.Maxion.Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits[C].In the Proceeding of the Recent Advances in Intrusion Detection(RAID-02),Zurich,Switzerland,2002.
[19]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Intemet Technologies and Systems,Dec 1997.
[20]V.Prevelakis,D.Spinellis.Sandboxing Applications[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001:119-126.
[21]D.E.Bell,L.J.LaPadula.Secure Computer Systems:Mathematical Foundations[R].Technical Report ESD-TR-73-278,USAF Electronic Systems Division,Bedford,MA,USA,Nov 1973.
[22]Department of Defense of USA.Trusted Computer System Evaluation Criteria[S].DoD 5200.28-STD,Auguest 1983.
[23]L.Adleman.An Abstract Theory of Computer Viruses[J].In Lecture Notes in Computer Science,Vol 403,Spring-Verlag,1990.
[24]K.J.Biba.Integrity Considerations for Secure Computer Systems[R].Technical Report ESD-TR-76-372,USAF Electronic Systems Division,Bedford,MA,USA,April 1977.
[25]T.Fraser.LOMAC:Low Water-Mark Integrity Protection for COTS Environments[C].In Proceedings of the 2000 IEEE Symposium on Security and Privacy,Berkeley,California,May 2000.
[26]T.Fraser.LOMAC:MAC You Can Live With[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001.
[27]W.E.Boebert,R.Y.Kain.A Practical Alternative to Hierarchical Integrity Policies[C].In Proceedings of the 8th National Computer Security Conference,Gaithersburg,MD,1985.
[28]W.E.Boebert,W.D.Young,R.Y.Kain,S.A.Hansohn.Secure Ada Target:Issues,System Design,and Verification[C].In Proceedings of the 1985 Symposium on Security and Privacy,1985:176-183.
[29]O.S.Saydjari,J.M.Beckman,J.R.Leaman.LOCK Trek:Navigating Uncharted Space[C].In Proceedings of the 1989 Symposium on Security and Privacy,May 1989:167-175.
[30]O.S.Saydjari.LOCK:An Historical Perspective[C].18th Annual Computer Security Applications Conference,San Diego,California,Dec 2002:96-109.
[31]M.Adkins,G.Dolsen,J.Heaney,et al.The Argus Security Model[C].Twelfth National Computer Security Conference Proceedings,Oct 1989:123-134.
[32]T.Duff.Experiences with Viruses on Unix Systems[J].Computing Systems,1989,2(2):155-172.
[33]杨涛.SUNIX安全操作系统[博士论文].长沙:国防科技大学,1993.
[34]J.S.Fritzinger,M.Mueller.Java Security[R].Technical Report,Sun Microsystems,Inc.,1996.
[35]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Internet Technologies and Systems,Dec 1997.
[36]A.Berman,V.Bourassa,E.Selberg.TRON:Process-specific File Protection for the UNIX Operating System[C].In Proceedings of the 1995 USENIX Winter Technical Conference:165-175.
[37]G.Edjlali,A.Acharya,V.Chaudhary.History-based Access Control for Mobile Code.In Proceedings of the Fifth ACM Conference on Computer and Communications Security,1998.
[38]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,6(3):151-180.
[39]S.Forrest,S.A.Hofmeyr,A.Somayaji.A Sense of Self for UNIX Processes[C].In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy,Los Alamitos.CAZ:IEEE Computer Society Press,1996.
[40]I.Goldberg,D.Wagner,R.Thomas,et al.A Secure Environment for Untrusted Helper Applications[C].In Proceedings of the 6th USENIX Security Symposium,July 1996:1-14.
[41]D.A.Wagner.Janus:An Approach for Confinement of Untrusted Applications[R].Technical Report CSD-99-1056.Berkeley:University of California,1999.
[42]Execute Disable Bit Functionality[EB/OL].http://www.intel.com/business/bss/infrastructure/security/xdbit.htm,2004-9-2.
[43]Nikhil Rastogi.Amd & Intel 64bit Processors Offer Virus Protection[EB/OL].http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=5044,2004-9-2.
[44]E.Grevstad.CPU-Based Security:The NX Bit[EB/OL].http://hardware.earthweb.com/chips/article.php/3358421,2004-9-2.
[45]Microsoft Security Bulletin(MS00-078)[EB/OL].http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx,2004-9-2.
[46]J.H.Saltzer,M.D.Schroeder.The Protection of Information in Computer Systems[C].In Proceedings of the IEEE,Vol.63,No.9,Sep 1975:1278-1308.
[47]A.Silberschatz,P.B.Galvin,G.Gagne.Operating System Concepts(Sixth Edition)[M].New York:John Wiley & Sons,2002.
[48]M.I.Seltzer,Y.Endo,C.Small,K.A.Smith.Dealing With Disaster:Surviving Misbehaved Kernel Extensions[C].Proceedings of the USENIX 2nd Symposium on OS Design and Implementation,Seattle,WA,October 28-31,1996.
[49]Rootkit 综述[EB/OL].http://oldsite.linuxaid.com.cn/solution/showsol.jsp?i=383,2004-9-2.
[50]J.Clemens.Knark:Linux Kernel Subversion[EB/OL].http://www.sans.org/resources/idfaq/knark.php,2004-9-2.
[51]周正.安全操作系统的恶意代码自身免疫机制研究[博士论文].武汉:海军工程大学,2008.
[52]A.R.Sadeghi,C.Stuble.Property-based Attestation for Computing Platforms:Caring about Properties,not Mechanisms[C].In Proceedings of the New Security Paradigm Workshop (NSPW),ACM,2004:67-77.
[53]T.C.Group.TCG Specification architecture overview,Version1.2[EB/OL].https://www.trustedcomputinggroup.org,2003.
[54]T.C.P.Alliance.TCPA Design Philosophies and Concepts Version 1.0[EB/OL].https://www.trustedcomputinggroup.org,Jan 2001.
[55]赵佳.可信认证关键技术研究[博士论文].北京:北京交通大学,2008.
[56]T.C.Group.TCG Specification Architecture Overview[EB/OL].https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf,2007.
[57]赵勇.重要信息系统安全体系结构及实用模型研究[博士论文].北京:北京交通大学,2008.
[58]B.L.Vito,P.H.Palmquist,E.R.Anderson,M.L.Johnston.Specification and Verification of the ASOS Kernel[C].IEEE Computer Society Symposium on Research in Security and Privacy.Oakland,Colicornia,USA:IEEE Press,1990:61-74.
[59]G.H.Nibaldi.Specification of a Trusted Computing Base[R].Technical Report,M79-228.The MITRE Corporation,Bedford,MA,USA,Nov 1979.
[60]Department of Defense Computer Security Center.Department of Defense Trusted Computer System Evaluation Criteria[S].DoD,USA,Dec 1985.
[61]B.Pfitzmann,J.Riordan,et al.The PERSEUS System Architecture[R].IBM Technical Report NO.93381.IBM Research Division,Zurich,2001.
[62]S.Pearson,B.Balacheff.Trusted Computing Platforms:TCPA Technology in Context.Prentice Hall,2003.
[63]T.C.Group.TCG Specification Architecture Overview,Version1.2[OL].https://www.trustedcomputinggroup.org,2004-04-28.
[64]Intel.LaGrande Technology Architecture[EB/OL].http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf.
[65]AMD.AMD Platform for Trustworthy Computing[C].http://www.microsoft.com/whdc/winhec/papers03.mspx,2003.
[66]Microsoft.Next-generation Secure Application Base[EB/OL].http://www.microsoft.corn/resources/ngscb.
[67]Microsoft.Network Access Protection Platform Architecture[EB/OL].http://www.microsoft.com/windowsserver2003/techinfo/overview/naparch.mspx,April 2005.
[68]Cisco.Network Admission Control[EB/OL].http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd800fd d66.shtml.
[69]T.C.Group.TCG Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.3,Revision 6[EB/OL].https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_3_r6.pdf,2008.
[70]R.Anderson.TCPA/Palladium Frequently Asked Questions[EB/OL].http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.
[71]E.W.Felten.Understanding Trusted Computing,Will Its Benefits Outweigh Its Drawbacks?[J].IEEE Security & Privacy,May/June 2003:60-62.
[72]N.Luhmann.Trust and Power[M].Chichester:John Wiley and Sons,1979.
[73]M.Deutsch.Cooperation and Trust:Some Theoretical Notes[M].In M.R.Jones,editor,Nebraska symposium on motivation,University of Nebraska,1962:275-319.
[74]M.Deutsch.The Resolution of Conflict:Constructive and Destructive Processes.New Haven,CT:Yale University,1972.
[75]D.Gambetta.Can We Trust Trust?[M].In D.Gambetta,Trust:Making and Breaking Cooperative Relations,chapter 13,pp.213-237.Department of Sociology,University of Oxford,electronic edition,2000.
[76]沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学,2007,37(2):129-155.
[77]张焕国,罗捷,金刚,朱志强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[78]闵应骅.可信系统与网络[J].计算机工程与科学,2001,23(5):21-23.
[79]C.Mundie,et al.Trustworthy Computing.Microsoft PressPass,White Paper[EB/OL].http://www.microsoft.com/presspass/exec/craig/10-02trustworthywp.asp.
[80]屈延文.软件行为学[M].北京:电子工业出版社,2004.
[81]黄强.基于可信计算的终端安全体系结构研究[博士论文].武汉:海军工程大学,2007.
[82]黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版),2004,50(S1):12-14. Huang Tao,Shen Changxiang.A Trusted Bootstrap Scenario Based Trusted Server[J].Journal of Wuhan University(Nature Science)(in Chinese),2004,50(S1):12-14.
[83]W.A.Arbaugh,D.J.Farber,A.D.Keromytis,J.M.Smith.A Secure and Reliable Bootstrap Architecture[C].In IEEE Symposium on Security and Privacy,1997:65-71.
[84]Christian Stiible.tGRUB[R].http://www.prosec.Rub.de/tGRUB/README,2004.
[85]T.Jaeger,R.Sailer,U Shankar.PRIMA:Policy-Reduced Integrity Measurement Architecture [C].In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies(SACMAT 2006),Lake Tahoe,California,2006:134-143.
[86]Information Assurance Technical Framework Release 3.1[R].National Security Agency,Information Assurance Solution Technical Directors,2002.
[87]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J].信息安全与通信保密,2004,(9):17-19.
[88]陈幼雷.可信计算模型及体系结构研究:[博士论文].武汉:武汉大学,2006.
[89]Liu Weiwei,Li Xiaoyong,Han Zhen.A Trusted Source-Based Model of Mobile Code Security[C].In the 2007 International Conference on Machine Learning and Cybernetics,HongKong,2007.
[90]T.C.Group.Standardizing Network Access Control:TNC and Microsoft NAP to Interoperate[OL].http://www.trustedcomputinggroup.org/tnc/,2007.
[91]李晓勇,左晓栋,沈昌祥.基于系统行为的计算平台可信证明[J].电子学报,2007,35(7):1234-1239.
[92]刘伟,杨林,戴浩等.一种新的网络接入控制方法及其认证会话性能分析[J].计算机学报,2007,30(10):1806-1812.
[93]Matt Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
[94]陈立新.计算机病毒防治百事通[M].北京:清华大学出版社,2001.
[95]F.Cohen.Models of Practical Defenses Against Computer Viruses[J].IFIP-TC11,Computers and Security,Vol.7 No.6,Dec 1988.
[96]M.Cohen.A New Integrity Based Model for Limited Protection Against Computer Viruses.Masters Thesis,The Pennsylvania State University,College Park,PA,1988.
[97]E.H.Spafford.Computer Viruses as Artificial Life[J].Artificial Life,Volume 1,Number 3,Spring 1994:249-265.
[98]M.Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
[99]陈泽茂.恶意代码的研究[博士论文].武汉:海军工程大学,2005.
[100]Microsoft Corporation.深层病毒防护指南-第2章:恶意软件威胁[EB/OL].http://www.microso ft.com/china/technet/security/guidance/avdind_2.mspx,2004-9-2.
[101]J.Nazario,et al.The Future of Internet Worms.Presented at the Blackhat Briefings,Las Vegas,July,2001.http://www.crimelabs.net/docs/worm.html,2004-9-2.
[102]中国互联网协会.恶意软件定义(征求意见稿)[EB/OL].http://www.isc.org.cn/ShowArticle.php?id=7277.
[103]B.Schneier.Attack Trees-Modeling Security Threats[J].Dr Dobb's Journal,1999,24(12):21-29.
[104]王辉,刘淑芬.一种可扩展的内部威胁预测模型[J].计算机学报,2006,29(8):1346-1355.
[105]李江涛.基于行为的病毒分析和检测[硕士论文].北京:北京交通大学,2008.
[106]W.H.Winsborough,K.E.Seamons,V.E.Jones.Automated Trust Negotiation[C].DARPA Information Survivability Conference and Exposition Volume Ⅰ.Washington:IEEE Press,Jan 2000:88-102.
[107]李建新,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133.Li JianXin,Huai JinPeng,Li XianXian,Research on Automated Trust Negotiation[J].Journal of Software,2006,17(1):124-133.
[108]廖振松,金海,李赤松.基于属性的信任协商模型[J].华中科技大学学报,2006,34(5):32-35.Liao Zhensong,Jin Hai,Li Chisong.Model of Attribute-Based Trust Negotiation[J].Journal of Huazhong University of Science and Technology,2006,34(5):32-35.
[109]D.E.Bell,L.J.LaPadula.Secure Computer Systems:A Mathematical Model[R].Techincal Report,M74-244,the MITRE Corporation,1973.
[110]K.J.Biba.Integrity Considerations for Secure Computer System[R].Technical Report,ESD-76-372.Bedford,MA:OSAF Electronic System Division,Hanscom Air Force Base,1977.
[111]D.D.Clark,D.R.Wilson.A Comparison of Commercial and Military Computer Security Policity[C].Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,1987:184-194.
[112]H.Maruyama,Y.Funaki,T.Nakamura,S.Munetoh,Y.Yamashita.Linux with TCPA Integrity Measurement[R].IBM,Research Report:RT0575,Jan 2003.
[113]李晓勇.可信分布式计算环境[博士论文].北京:北京交通大学,2008.
[114]汪成为,郑小军,彭木昌.面向对象分析、设计和应用(第一版)[M].北京:北京国防工业出版社,1992年9月:1-66.
[115]郑志荣.操作系统安全结构框架研究[博士论文].武汉:海军工程大学,2006.
[116]盛可军.基于组织机构的应用区域边界安全体系结构的研究[博士论文].武汉:海军工程大学,2006.
[117]訾小超,茅兵,谢立.面向对象访问控制模型的研究和实现[J].计算机应用与技术,2004,21(1):4-6.
[118]Liu Weiwei,Liu Jiqiang,Han Zhen,Shen Changxiang.Trust Extended Object-oriented Security Model[C].In IET 2nd International Conference on Wireless,Mobile and Multimedia Networks(ICWMMN 2008),2008:486-489.
[119]J.Riordan,B.Schneier.Environmental Key Generation towards Clueless Agents[J].Mobile Agents and Security,Springer-Verlag LNCS 1419,1998:15-24.
[120]H.K.Tan,L.Moreau.Certificates for Mobile Code Security[C].Proceedings of the 17th ACM Symposium on Applied Computing(SAC2002),Feb 2001:76-81.
[121]Long Qin,Si Duanfeng.A Hybrid Security Framework of Mobile Code.COMPSAC 2004,2004:390-395.
[122]E.Shi,A.Perrig,L.Van Doom.Bind:A Fine-grained Attestation Service for Secure Distributed Systems[C].In Proceedings of the IEEE Symposium on Security and Privacy,2005:154-168.
[123]Peng Shuanghe,Han Zhen.Single Sign On Using U-Key on Trusted Platform[C].The 8th International Conference on Signal Processing Proceedings(ICSP06),2006.
[124]T.C.Group.TPM Main Part 3 Commands Specification Version 1.2 Revision 62[S]. https://www.trustedApplicationgroup.org,2003.
[125]Liu Weiwei,Han Zhen,Wang Qinglong.An Approach to the Sensitive Information Protection for Mobile Code[C].In The First International Symposium on Data,Privacy,and E-Commerce,2007:289-291.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |