基于可信计算的安全操作系统研究
|
摘要
安全操作系统作为主流的安全技术,需要有相对更加底层的安全支持,否则自身的安全容易遭到破坏,从而危及整个系统的安全。尤其是安全操作系统自身的完整性,包括敏感数据的完整性,安全策略、安全标签的完整性,以及策略实施系统的完整性等,极易遭受攻击。对于这些关键位置的保护,安全操作系统现有的机制或者存在很多安全漏洞,或者引用了极强的安全假设。
本文引入可信计算技术研究对操作系统的安全增强。首先分析了现有安全操作系统中完整性保护方法的不足,提出了一种动态完整性度量方法,实现了操作系统状态的可信验证;然后探讨了安全操作系统中标签自身的安全问题,给出了一套针对安全标签的保护方案;最后讨论了安全操作系统的边界扩展问题,利用可信计算,结合远程证明,封装存储等相关技术,‘扩展了安全操作系统的控制范围。本文主要取得以下几方面创新性成果:
1.针对安全操作系统中的完整性保护问题,提出了一种基于内存空间的动态度量方法,有效解决了基于文件系统的静态度量中存在的TOC-TOU(检验时刻与使用时刻不同步)问题,并通过算法分析和改进提高了动态度量的效率,增强了动态度量在复杂环境下的可用性,为操作系统的完整性提供了保障。
2.针对安全操作系统中带有属性的安全标签容易受到篡改的问题,提出了基于可信计算的策略标签保护架构,该架构使用加密文件系统、完整性度量等机制将可信的概念植入到安全操作系统的内部,将系统的安全标签置于可信计算芯片的保护范围内,保证其不会遭受篡改,从而增强了整个操作系统的安全性。
3.提出了安全操作系统边界扩展方法,利用可信计算,以虚拟边界的方式扩展了一台主机上安全操作系统的控制范围,使其能对虚拟边界内分发的数据进行有效的控制和管理(无论数据是否位于传统意义上的物理边界内),从而保护数据所有者的权利,增强安全操作系统的实用性。
总的来说,本文利用可信计算技术对操作系统进行了安全增强,同时也对安全操作系统保护范围进行了扩展,拓宽了安全操作系统的应用。本文的研究成果不仅为安全操作系统的研究提供了支撑,还为基于可信计算的安全技术的研究方向提供了一定的借鉴。
The compromising of the secure OS (operation system), one of the mainstream security technologies, could threaten the safety of the entire system. Therefore, it is crucial to have relatively low-level security supports for the secure OS itself. Among all the threats of being compromised, the compromising on the integrity of the secure OS happens most frequently. The integrity of the secure OS consists of the integrity of the sensitive data, the integrity of the secure policies, the integrity of the labels, and the integrity of the reference monitors. Existing integrity protection techniques provided by the secure OS either have much vulnerability or use inadequately strong security assumptions. It is desirable to have a more secure integrity protection technique for the secure OS.
This thesis leverages the trusted computing technique to enforce the security of the OS. The shortages of protection methods of the integrity are analyzed. By using trusted computing technique, this thesis proposes a dynamic measurement method which realizes the trusted verification of the OS state. A policy-label protection mechanism is proposed to address the safety problem of the security labels. This thesis also presents a method to extend the edge of the control area of the secure OS by adopting trusted computing techniques such as remote attestation and sealed storage. The main contributions of this thesis are listed as follows:
1. Dynamic measurement based on trusted computing. This thesis proposes a memory-based dynamic measurement method that solves the TOC-TOU (time of check with time of use) problem seen in the existing static file-system-based measurement method. The improvement on the dynamic measurement based on the algorithm analysis is also proposed to efficiency as well as the usability of the measurement under complicated environment.
2. Trusted computing based Policy-label protection. This thesis proposes TLPA (TPM-based Label Protection Architecture) to protect the easily compromised security policies and labels in the access control system. By using mechanisms of integrity measurement, encrypt file system, etc., security labels are protected in the trust zone which enhances the safety of the access control system as well as the secure OS.
3. Trusted virtual edge. This thesis proposes a method to extend the control area of secure OS by using a form of trusted virtual edge. In this approach, the dominating area of a secure OS is not constrained by its physical boundary. The data managed by the secure OS is thereby protected no matter it is stored locally or distributed to other physical machine.
In summary, this thesis enforces the security and enlarges the dominating area of secure OS by using trusted computing technique. The researches proposed by this thesis can not only support the secure OS research but also be used a reference of trusted computing-based work.
本文引入可信计算技术研究对操作系统的安全增强。首先分析了现有安全操作系统中完整性保护方法的不足,提出了一种动态完整性度量方法,实现了操作系统状态的可信验证;然后探讨了安全操作系统中标签自身的安全问题,给出了一套针对安全标签的保护方案;最后讨论了安全操作系统的边界扩展问题,利用可信计算,结合远程证明,封装存储等相关技术,‘扩展了安全操作系统的控制范围。本文主要取得以下几方面创新性成果:
1.针对安全操作系统中的完整性保护问题,提出了一种基于内存空间的动态度量方法,有效解决了基于文件系统的静态度量中存在的TOC-TOU(检验时刻与使用时刻不同步)问题,并通过算法分析和改进提高了动态度量的效率,增强了动态度量在复杂环境下的可用性,为操作系统的完整性提供了保障。
2.针对安全操作系统中带有属性的安全标签容易受到篡改的问题,提出了基于可信计算的策略标签保护架构,该架构使用加密文件系统、完整性度量等机制将可信的概念植入到安全操作系统的内部,将系统的安全标签置于可信计算芯片的保护范围内,保证其不会遭受篡改,从而增强了整个操作系统的安全性。
3.提出了安全操作系统边界扩展方法,利用可信计算,以虚拟边界的方式扩展了一台主机上安全操作系统的控制范围,使其能对虚拟边界内分发的数据进行有效的控制和管理(无论数据是否位于传统意义上的物理边界内),从而保护数据所有者的权利,增强安全操作系统的实用性。
总的来说,本文利用可信计算技术对操作系统进行了安全增强,同时也对安全操作系统保护范围进行了扩展,拓宽了安全操作系统的应用。本文的研究成果不仅为安全操作系统的研究提供了支撑,还为基于可信计算的安全技术的研究方向提供了一定的借鉴。
The compromising of the secure OS (operation system), one of the mainstream security technologies, could threaten the safety of the entire system. Therefore, it is crucial to have relatively low-level security supports for the secure OS itself. Among all the threats of being compromised, the compromising on the integrity of the secure OS happens most frequently. The integrity of the secure OS consists of the integrity of the sensitive data, the integrity of the secure policies, the integrity of the labels, and the integrity of the reference monitors. Existing integrity protection techniques provided by the secure OS either have much vulnerability or use inadequately strong security assumptions. It is desirable to have a more secure integrity protection technique for the secure OS.
This thesis leverages the trusted computing technique to enforce the security of the OS. The shortages of protection methods of the integrity are analyzed. By using trusted computing technique, this thesis proposes a dynamic measurement method which realizes the trusted verification of the OS state. A policy-label protection mechanism is proposed to address the safety problem of the security labels. This thesis also presents a method to extend the edge of the control area of the secure OS by adopting trusted computing techniques such as remote attestation and sealed storage. The main contributions of this thesis are listed as follows:
1. Dynamic measurement based on trusted computing. This thesis proposes a memory-based dynamic measurement method that solves the TOC-TOU (time of check with time of use) problem seen in the existing static file-system-based measurement method. The improvement on the dynamic measurement based on the algorithm analysis is also proposed to efficiency as well as the usability of the measurement under complicated environment.
2. Trusted computing based Policy-label protection. This thesis proposes TLPA (TPM-based Label Protection Architecture) to protect the easily compromised security policies and labels in the access control system. By using mechanisms of integrity measurement, encrypt file system, etc., security labels are protected in the trust zone which enhances the safety of the access control system as well as the secure OS.
3. Trusted virtual edge. This thesis proposes a method to extend the control area of secure OS by using a form of trusted virtual edge. In this approach, the dominating area of a secure OS is not constrained by its physical boundary. The data managed by the secure OS is thereby protected no matter it is stored locally or distributed to other physical machine.
In summary, this thesis enforces the security and enlarges the dominating area of secure OS by using trusted computing technique. The researches proposed by this thesis can not only support the secure OS research but also be used a reference of trusted computing-based work.
引文
[1]中国互联网络信息中心.第26次中国互联网络发展状况统计报告[EB/OL]. [2010-07-01].http://www.cnnic.net.cn/uploadfiles/pdf/2010/7/15/100708.pdf
[2]中国互联网网络安全报告 (2010年上半年)[EB/OL][2010-09-29]. http://www.cert.org.cn/UserFiles/File/2010%20first%20half.pdf
[3]CSC-STD-001-83, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria[R]. DoD Computer Security Center, Aug 1983.
[4]DoD 5200.28-STD, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria[R]. National Computer Security Center, Ft. Meade,MD, USA, Dec 1985.
[5]C. Mundie, P. de Vries, P. Haynes, M. Corwine. Microsoft whitepaper on trustworthy computting[R]. Technical report, Microsoft Corporation, October 2002.
[6]N.Petroni Jr., T. Fraser, et al. Copilot-a coprocessor-based kernel runtime integrity monitor. In Proceedings of the 13th conference on USENIX Security Symposium[C]. Volume 13. San Diego, CA. page 13-13.2004.
[7]Trusted Computing Group. TPM Main Part 1 Design Principles Specification, Version 1.2. Level 2 Revision 103 [EB/OL].9 July,2007.
[8]Trusted Computing Group. TPM Main Part 2 TPM Structures Specification, Version 1.2. Level 2 Revision 103 [EB/OL].26 October,2006.
[9]Trusted Computing Group. TPM Main Part 3 Commands Specification, Version 1.2 Level 2 Revision 103 [EB/OL].26 October,2006.
[10]Trusted Computing Group. TCG Software Stack Specification, Version 1.2 [EB/OL].7 March,2007. http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification.
[11]Trusted Computing Group. TCG Trusted Network Connect, TNC Architecture for Interoperability Specification Version 1.4 Revision 4 [EB/OL].18 May 2009. http://www. trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[12]Microsoft. Security Model for the Next-Generation Secure Computing Base [EB/OL]. http://www.microsoft.com/resources/ngscb/documents/ngscb_security_model.doc,2003.
[13]Intel. LaGrande Technology Architectural Overview [EB/OL]. http://www.intel.com/tech nology/security/downloads/LT_Arch_Overview.pdf,2003.
[14]国家密码管理局.可信计算密码支撑平台功能与接口规范[EB/OL]2007年12月.http://www.oscca.gov.cn/
[15]秦宇.可信虚拟平台安全机制研究[D]:[博士].北京:中国科学院软件研究所,2008.
[16]J. Smith and F. Weingarten. Research challenges for the next generation internent.Technical report[R]. Research Directions for NGI,1997.
[17]Baker, Dixie B. Fortresses built upon sand[C]. In NSPW'96:Proceedings of the 1996 workshop on new security paradigms, volume 0-89791-944-0, pages148-153. ACM,1996.
[18]P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turnerand J. F. Farrell. The inevitability of failure:the flawed assumption of securityin modern computing environments[C]. In Proceedings of the 21th NationalInformation Systmes Security Conference, pages 303-314. ACM,1998.
[19]Clark Weissman. Security Controls in the ADEPT-50 Time Sharing System. Proceedings of the 1069 AFIPS Fall Joint Computer Conference, AFIPS Press,1969, pp.119-133.
[20]D. E. Bell and L. J. La Padula. Secure Computer System Unified Exposition and MULTICS Interpretation[R]. Technical Report MTR-2997. MITRE Corporation, Bedford, MA,1976.
[21]K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR3153, MITRE Corp.,1977.
[22]David Ferraiolo and Richard Kuhn. Role-based access controls[C]. In In 15th NIST/NCSC National Computer Security Conference, pages 554-563, Baltimore, MD, Oct 1992.
[23]W. E. Boebert and R. Y. Kain. A pratical alternative to hiearchial integrity policies[C]. In Proc.8th National Computer Security Conference, pages 18-27. Gaithersburg, MD,1985.
[24]E. McCauley and P. Drognowski.. Ksos:The design of a secure operating system[C]. In 1979 NCC AFIPS Conference Proceedings, volume 48, pages 345-353. AFIPS Press,1979.
[25]P.G.Neumann, L.Robinson,Karl N. Levitt,R.S.Boyer, and A.R.Saxena. A rovabley secure operating system[R]. Technical report, Stanford Research Institute,1975.
[26]Ernest F. Brickell, Jan Camenisch, Liqun Chen:Direct anonymous attestation[C]. ACM Conference on Computer and Communications Security 2004:132-145
[27]John Marchesini, Sean W. Smith, Omen Wild, Rich MacDonald. Experimenting with TCPA/TCG Hardware, Or:How I Learned to Stop Worrying and Love The Bear[R]. Technical Report TR2003-476, Department of Computer Science, Dartmouth College. December 2003.
[28]W. A. Arbaugh, D. J. Farber, J. M. Smith. A reliable bootstrap architecture[C]. In Proceedings of IEEE Symposium on Security and Privacy, pages 65-71, May 1997.
[29]Selhorst M., Stueble C.:Trusted GRUB, University of Bochum,2004 [EB/OL]. http://www.prosec.rub.de/trusted_grub.html
[30]BM. TCG Grub,2005 [EB/OL]. http://trousers.sourceforge.net/grub.html
[31]GNU GRUB [EB/OL]. http://www.gnu.org/software/grub/
[32]Bernhard Kauer. Authenticated booting for L4.2004 [EB/OL]. http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf
[33]徐震,沈丽红,汪丹.一种可配置的可信引导系统[J].中国科学院研究生院学报,2008,25(5),626-630.
[34]黄强,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版).2004,50(S1):15-18.
[35]方艳湘,黄涛Linux可信启动的设计与实现[J].计算机工程.2006,32(9):51-53.
[36]王禹,王震宇,姚立宁.嵌入式平台TPM扩展及可信引导设计与实现[J].计算机工程与设计,2009,30(9):2089-2092.
[37]Reiner SAILER, Xiaolan ZHANG, Trent JAEGER, and Leendert van DOORN. Design and implementation of a TCG-based integrity measurement architecture[C]. In Proceedings of the 13th USENIX Security Symposium, August 9-13,2004, San Diego, CA, USA, pages 223-238,2004.
[38]Trent Jaeger, Reiner Sailer, Umesh Shankar:PRIMA:Policy-Reduced Integrity Measurement Architecture[C]. In Proceedings of the eleventh ACM symposium on Access control models and technologies. Lake Tahoe, California, USA.2006.19-28.
[39]Elaine Shi, Adrian Perrig, Leendert Van Doom.:BIND:A Fine-grained Attestation Service for Secure Distributed Systems[C]. Proc of the IEEE Symposium on Security and Privacy. Oakland, CA, USA:IEEE Press,2005.154-168.
[40]Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, C. Durward McDonell:Linux Kernel Integrity Measurement Using Contextual Inspection[C]. Proceedings of the 2007 ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.21-29.
[41]Mark Thober J. Aaron Pendergrass C. Durward McDonell:Improving coherency of runtime integrity measurement[C]. Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.2008. Pages 51-60.
[42]Liang Gu, Xuhua Ding, Robert H. Deng, Bing Xie, and Hong Mei:Remote Attestation on Program Execution[C]. In Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.2008. Pages 11-20.
[43]IBM Watson Research. Secure Systems Department:tcgLinux-TPM-based Linux Run-time Attestation. [EB/OL]. http://www.research.ibm.com/secure_systems_department/projects/tcglinux.
[44]Jonathan Poritz, Matthias Schunter, Els Van Herreweghen, Michael Waidner. Property Attestation-Scalable and Privacy-friendly Security Assessment of Peer Computers [R]. IBM Research, Technical Report RZ 3548, October 5,2004.
[45]A. Sadeghi, C. Stable. Property-based Attestation for Computing Platforms:Caring about properties, not mechanisms [C]. New Security Paradigms Workshop, Nova Scotia, Canada, ACM Press:67-77, September 2004.
[46]Liqun Chen, Rainer Landfermann, Hans Lohr. A protocol for property-based attestation [C]. In Proceedings of the first ACM workshop on Scalable trusted computing, Nova Scotia Canada, ACM Press:7-16,2006.
[47]Ulrich Kuhn, Marcel Selhorst, Christian Stable. Realizing property-based attestation and sealing with commonly available hard- and software [C].In Proceedings of the 2007 ACM workshop on Scalable trusted computing, Alexandria, Virginia, USA, November 2007.
[48]冯登国,秦宇.可信计算环境证明方法研究[J].计算机学报.2008,31(9),1640-1652.
[49]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6),1625-1641
[50]Jan Camenisch:Better Privacy for Trusted Computing Platforms[C]. In Proceedings of the 9th European Symposium on Research in Computer Security (ESOPICS 2004). Berlin: Springer-Verlag,2004.73-88.
[51]B. Smyth, L. Chen, and M. Ryan. Direct anonymous attestation (DAA):ensuring privacy with corrupt administrators[C]. In F. Stajano, editor, Proceedings of Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2007), volume 4572 of LNCS, pages 218-231. Springer-Verlag,2007.
[52]Michael Backes, Matteo Maffei, Dominique Unruh. Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol[C]. In Proceedings of the IEEE Symposium on Security and Privacy 2008, pages 202-215. May 2008.
[53]Adrian Leung, Liqun Chen, Chris J. Mitchell. On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA) [C]. In Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications (TRUST 2008), pages 179-190. Villach, Austria.
[54]Brickell, E., Chen, L., Li, J.:A new direct anonymous attestation scheme from bilinear maps[C]. In In the 1st international conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications (TRUST 2008), pages 166-178. Villach, Austria.
[55]Chen Xiaofeng Feng Dengguo. Direct Anonymous Attestation for Next Generation TPM [J]. JOURNAL OF COMPUTERS,2008,3(12),43-50.
[56]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报.2009,32(7):1304-1310.
[57]Trusted Computing Group. TNC IF-T:Binding to TLS, Version 1.0. Revision 16 [EB/OL]. 18 May,2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[58]Trusted Computing Group. TNC IF-MAP Binding for SOAP, Version 1.1. Revision 5 [EB/OL].18 May,2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[59]Trusted Computing Group. TNC IF-TNCCS, Version 1.2. Revision 6 [EB/OL].18 May, 2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[60]Trusted Computing Group. TNC IF-IMC, Version 1.2. Revision 8 [EB/OL].5 Febrary, 2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[61]Trusted Computing Group. TNC IF-IMV, Version 1.2. Revision 8 [EB/OL].5 Febrary, 2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[62]Trusted Computing Group. TNC IF-PEP:Protocol Bindings for RADIUS, Version 1.2. Revision 8 [EB/OL].5 Febrary,2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[63]Trusted Computing Group. IWG IF-PTS, Version 1.0. Revision 1.0 [EB/OL].17 November, 2006. http://www.trustedcomputinggroup.org/ http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[64]James P. Anderson. Computer Security Technology Planning Study Volume Ⅱ. ESD-TR-73-51, Vol.Ⅱ, Electronic Systems Division[M], Air Force Systems Command, Hanscom Field, Bedford, MA, USA, Oct 1972.
[65]石文昌,孙玉芳.安全操作系统研究的发展[J].计算机科学,2002,29(6),5-12
[66]Jaehong Park, Ravi Sandhu. Towards usage control models beyond traditional access control[C]. In proceedings of the 7th ACM symposium on access control models and technologies, June 2002.
[67]G. J. Popek, M. Kampe, C. S. Kline, E. J. Walton. UCLA Data Secure Unix[C]. AFIPS Conf. Proc., Vol.48,1979 National Computer Conference, AFIPS Press, Arlington, VA, USA,1979, pp.355-364.
[68]Secure Computing Corporation. Assurance in the Fluke Microkernel:Formal Security Policy Model. CDRL Sequence No.A003, Secure Computing Corporation,2675 Long Lake Road, Roseville, Minnesota 55113, Feb 1999.
[69]Wright C, Cowan C, Smalley S, et al. Linux Security Modules:General Security Support for the Linux Kernel [C]//Proc of the 11th USENIX Security Symposium:USENIX Association,2002:17-31.
[70]Loscocco P, Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating System[C].2001 USENIX Annual Technical Conference,2001
[71]David Safford, Mimi Zohar. A Trusted Linux Client (TLC). Technical Report [EB/OL]. http://www.research.ibm.com/gsal/tcpa/tlc.pdf
[72]Microsoft. Trusted platform module services in windows longhorn,2005 [EB/OL]. http://www.microsoft.com/resources/ngscb/.
[73]Dirk Kuhlmann, Rainer Landfermann, Harigovind Ramasamy. An Open Trusted Computing Architecture--Secure virtual machines enabling user-defined policy enforcement [EB/OL]. http://www.opentc.net/otc_HighLevelOverview/
[74]David Kyle, Jose Carlos Brustoloni. Uclinux:a linux security module for trusted-computing-based usage controls enforcement[C]. In Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02,2007, Alexandria, Virginia, USA.
[75]Axelle Apvrille, David Gordon, Serge Hallyn, Makan Pourzandi, and Vincent Roy:DigSig: Run-time Authentication of Binaries at Kernel Level[C]. In Proceedings of LISA '04: Eighteenth Systems Administration Conference[C]. Atlanta, GA:USENIX Association November,2004.59-66.
[76]Bertrand Anckaert, Matias Madou, and Koen De Bosschere:A Model for Self-Modifying Code [M]. Springer Berlin/Heidelberg.2006.352-368.
[77]Yongdong Wu, Zhigang Zhao, and Tian Wei Chui:An Attack on SMC-Based Software Protection[M]. Springer Berlin/Heidelberg.2007.232-248.
[78]Daniel P.Bovet & Marco Cesati:Understanding the Linux Kernel [M]. O'REILLY Media, Inc.2003.674-676.
[79]Radhakrishnan M, Solworth J A:Application security support in the operating system kernel. [C] In Proceedings of the 2006 ACM Symposium on Information, computer and communications security. Taipei, Taiwan:ACM Press,2006:201-211.
[80]Hicks B, Rueda S, Jaeger T, et al. From trusted to secure:Building and executing applications that enforce system security [C]. In Proc of the USENIX Annual Technical Conference. Santa Clara, CA:USENIX Association,2007:Article No.16.
[81]Song Z, Lee S, Masuoka R. Trusted Web Service[C]. Proceedings of Workshop on Advances in Trusted Computing. Tokyo, Japan:the Ministry of Economy, Trade and Industry, Japan,2006
[82]Sevinc P E, Strasser M, Basin D. Securing the Distribution and Storage of Secrets with Trusted Platform Modules[C]. Workshop in Information Security Theory and Practices (WISTP'07), Crete, Greece:Springer-Verlag.2007:53-66.
[83]L'opez J, Mana A, Yag"ue M I.XML-Based Distributed Access Control System[C]. In: Proc.3rd Int. Conference on Electronic Commerce and Web Technologies, Germany: Springer-Verlag Berlin Heidelberg 2002.
[84]Krishnan R, Sandhu R. Enforcement Architecture and Implementation Model for Group-Centric Information Sharing[C]. In Proc.1st International Workshop on Security and Communication Networks (IWSCN), Trondheim, Norway:IEEE.2009
[85]Abbadi I, Mitchell C. Digital Rights Management using a Mobile Phone[C]. In Proc. of the ninth international conference on Electronic commerce. Minneapolis, Minnesota, USA: ACM.2007:185-194.
[86]Nadalin A, Kaler C, Monzillo R, Hallam-Baker P. Web Services Security:SOAP Message Security 1.1. OASIS Standard Specification[S].2006.
[87]Park J, Sandhu R. The UCONABC usage control model [J]. ACM Transactions on Information and System Security.2004,7(1):128-174.
[88]Zhang X W, Seifert J P, Sandhu R. Security Enforcement Model for Distributed Usage Control[C]. In Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008):IEEE Computer Society.2008:10-18
[89]Berthold A, Alam M, Breu R, Hafner M, Pretschner J, Seifert J P, Zhang X W. A Technical Architecture For Enforcing Usage Control Requirements in Service-Oriented Architectures[C]. In Proc. of the 2007 ACM Workshop on Secure Web Services, Virginia, USA:ACM.2007:18-25.
[90]聂晓伟,冯登国.基于可信平台的一种访问控制策略框架——TXACML[J]计算机研究与发展,2008,45(10):1676-1686
[91]Kuhn U, Kursawe K, Lucks S, et al. Secure Data Management in Trusted Computing [C]. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES). Berlin:Springer,2005:324-338.
[92]Kuhn U, Selhorst M, Stable C. Realizing Property-Based Attestation and Sealing with Commonly Available Hard- and Software [C]. In Proceedings of the 2007 ACM workshop on Scalable trusted computing. New York:ACM Press,2007:50-57.
[93]E. Stewart Lee. Essays about Computer Security [M]. Cambridge, London, UK,1999.
[94]Carl Landwehr, C. L. Heitmeyer and J. McLean. A security model for military message system [J]. ACM Transactions on Computer Systems,9(3):198-222,198.
[95]F. Cohen. Computer viruses:Theory and experiments [J]. Computer and Security,6:22-35, 1987.
[96]Paul A. Karger, Vernon R. Austel and David C. Toll. A New Mandantory SecurityPolicy Combining Securecy and Integrity[R]. Rearch Report RC21717. IBM Corp.,2000.
[97]S. Osborn, R. Sandhu, Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies [J]. ACM Transactions on Information and System Security,3(2):85-106,2000.
[98]J Winter Trusted computing building blocks for embedded linux-based ARM trustzone platforms[C]. In Proceedings of the 2008 ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA:ACM Press,2008:21-30
[99]Masoom Alam, Jean-Pierre Seifert, Qi Li, Xinwen Zhang. Usage control platformization via trustworthy SELinux[C]. In proceedings of the 2008 ACM symposium on Information, computer and communications security, March 2008
[100]Agreiter Berthold, Muhammad Alam, Ruth Breu, Michael Hafner, Alexander Pretschner, Jean-Pierre Seifert, Xinwen Zhang. A technical architecture for enforcing usage control requirements in service-oriented architectures[C]. In Proceedings of the 2007 ACM workshop on Secure web services, November 2007.
[2]中国互联网网络安全报告 (2010年上半年)[EB/OL][2010-09-29]. http://www.cert.org.cn/UserFiles/File/2010%20first%20half.pdf
[3]CSC-STD-001-83, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria[R]. DoD Computer Security Center, Aug 1983.
[4]DoD 5200.28-STD, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria[R]. National Computer Security Center, Ft. Meade,MD, USA, Dec 1985.
[5]C. Mundie, P. de Vries, P. Haynes, M. Corwine. Microsoft whitepaper on trustworthy computting[R]. Technical report, Microsoft Corporation, October 2002.
[6]N.Petroni Jr., T. Fraser, et al. Copilot-a coprocessor-based kernel runtime integrity monitor. In Proceedings of the 13th conference on USENIX Security Symposium[C]. Volume 13. San Diego, CA. page 13-13.2004.
[7]Trusted Computing Group. TPM Main Part 1 Design Principles Specification, Version 1.2. Level 2 Revision 103 [EB/OL].9 July,2007.
[8]Trusted Computing Group. TPM Main Part 2 TPM Structures Specification, Version 1.2. Level 2 Revision 103 [EB/OL].26 October,2006.
[9]Trusted Computing Group. TPM Main Part 3 Commands Specification, Version 1.2 Level 2 Revision 103 [EB/OL].26 October,2006.
[10]Trusted Computing Group. TCG Software Stack Specification, Version 1.2 [EB/OL].7 March,2007. http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification.
[11]Trusted Computing Group. TCG Trusted Network Connect, TNC Architecture for Interoperability Specification Version 1.4 Revision 4 [EB/OL].18 May 2009. http://www. trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[12]Microsoft. Security Model for the Next-Generation Secure Computing Base [EB/OL]. http://www.microsoft.com/resources/ngscb/documents/ngscb_security_model.doc,2003.
[13]Intel. LaGrande Technology Architectural Overview [EB/OL]. http://www.intel.com/tech nology/security/downloads/LT_Arch_Overview.pdf,2003.
[14]国家密码管理局.可信计算密码支撑平台功能与接口规范[EB/OL]2007年12月.http://www.oscca.gov.cn/
[15]秦宇.可信虚拟平台安全机制研究[D]:[博士].北京:中国科学院软件研究所,2008.
[16]J. Smith and F. Weingarten. Research challenges for the next generation internent.Technical report[R]. Research Directions for NGI,1997.
[17]Baker, Dixie B. Fortresses built upon sand[C]. In NSPW'96:Proceedings of the 1996 workshop on new security paradigms, volume 0-89791-944-0, pages148-153. ACM,1996.
[18]P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turnerand J. F. Farrell. The inevitability of failure:the flawed assumption of securityin modern computing environments[C]. In Proceedings of the 21th NationalInformation Systmes Security Conference, pages 303-314. ACM,1998.
[19]Clark Weissman. Security Controls in the ADEPT-50 Time Sharing System. Proceedings of the 1069 AFIPS Fall Joint Computer Conference, AFIPS Press,1969, pp.119-133.
[20]D. E. Bell and L. J. La Padula. Secure Computer System Unified Exposition and MULTICS Interpretation[R]. Technical Report MTR-2997. MITRE Corporation, Bedford, MA,1976.
[21]K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR3153, MITRE Corp.,1977.
[22]David Ferraiolo and Richard Kuhn. Role-based access controls[C]. In In 15th NIST/NCSC National Computer Security Conference, pages 554-563, Baltimore, MD, Oct 1992.
[23]W. E. Boebert and R. Y. Kain. A pratical alternative to hiearchial integrity policies[C]. In Proc.8th National Computer Security Conference, pages 18-27. Gaithersburg, MD,1985.
[24]E. McCauley and P. Drognowski.. Ksos:The design of a secure operating system[C]. In 1979 NCC AFIPS Conference Proceedings, volume 48, pages 345-353. AFIPS Press,1979.
[25]P.G.Neumann, L.Robinson,Karl N. Levitt,R.S.Boyer, and A.R.Saxena. A rovabley secure operating system[R]. Technical report, Stanford Research Institute,1975.
[26]Ernest F. Brickell, Jan Camenisch, Liqun Chen:Direct anonymous attestation[C]. ACM Conference on Computer and Communications Security 2004:132-145
[27]John Marchesini, Sean W. Smith, Omen Wild, Rich MacDonald. Experimenting with TCPA/TCG Hardware, Or:How I Learned to Stop Worrying and Love The Bear[R]. Technical Report TR2003-476, Department of Computer Science, Dartmouth College. December 2003.
[28]W. A. Arbaugh, D. J. Farber, J. M. Smith. A reliable bootstrap architecture[C]. In Proceedings of IEEE Symposium on Security and Privacy, pages 65-71, May 1997.
[29]Selhorst M., Stueble C.:Trusted GRUB, University of Bochum,2004 [EB/OL]. http://www.prosec.rub.de/trusted_grub.html
[30]BM. TCG Grub,2005 [EB/OL]. http://trousers.sourceforge.net/grub.html
[31]GNU GRUB [EB/OL]. http://www.gnu.org/software/grub/
[32]Bernhard Kauer. Authenticated booting for L4.2004 [EB/OL]. http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf
[33]徐震,沈丽红,汪丹.一种可配置的可信引导系统[J].中国科学院研究生院学报,2008,25(5),626-630.
[34]黄强,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版).2004,50(S1):15-18.
[35]方艳湘,黄涛Linux可信启动的设计与实现[J].计算机工程.2006,32(9):51-53.
[36]王禹,王震宇,姚立宁.嵌入式平台TPM扩展及可信引导设计与实现[J].计算机工程与设计,2009,30(9):2089-2092.
[37]Reiner SAILER, Xiaolan ZHANG, Trent JAEGER, and Leendert van DOORN. Design and implementation of a TCG-based integrity measurement architecture[C]. In Proceedings of the 13th USENIX Security Symposium, August 9-13,2004, San Diego, CA, USA, pages 223-238,2004.
[38]Trent Jaeger, Reiner Sailer, Umesh Shankar:PRIMA:Policy-Reduced Integrity Measurement Architecture[C]. In Proceedings of the eleventh ACM symposium on Access control models and technologies. Lake Tahoe, California, USA.2006.19-28.
[39]Elaine Shi, Adrian Perrig, Leendert Van Doom.:BIND:A Fine-grained Attestation Service for Secure Distributed Systems[C]. Proc of the IEEE Symposium on Security and Privacy. Oakland, CA, USA:IEEE Press,2005.154-168.
[40]Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, C. Durward McDonell:Linux Kernel Integrity Measurement Using Contextual Inspection[C]. Proceedings of the 2007 ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.21-29.
[41]Mark Thober J. Aaron Pendergrass C. Durward McDonell:Improving coherency of runtime integrity measurement[C]. Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.2008. Pages 51-60.
[42]Liang Gu, Xuhua Ding, Robert H. Deng, Bing Xie, and Hong Mei:Remote Attestation on Program Execution[C]. In Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA.2008. Pages 11-20.
[43]IBM Watson Research. Secure Systems Department:tcgLinux-TPM-based Linux Run-time Attestation. [EB/OL]. http://www.research.ibm.com/secure_systems_department/projects/tcglinux.
[44]Jonathan Poritz, Matthias Schunter, Els Van Herreweghen, Michael Waidner. Property Attestation-Scalable and Privacy-friendly Security Assessment of Peer Computers [R]. IBM Research, Technical Report RZ 3548, October 5,2004.
[45]A. Sadeghi, C. Stable. Property-based Attestation for Computing Platforms:Caring about properties, not mechanisms [C]. New Security Paradigms Workshop, Nova Scotia, Canada, ACM Press:67-77, September 2004.
[46]Liqun Chen, Rainer Landfermann, Hans Lohr. A protocol for property-based attestation [C]. In Proceedings of the first ACM workshop on Scalable trusted computing, Nova Scotia Canada, ACM Press:7-16,2006.
[47]Ulrich Kuhn, Marcel Selhorst, Christian Stable. Realizing property-based attestation and sealing with commonly available hard- and software [C].In Proceedings of the 2007 ACM workshop on Scalable trusted computing, Alexandria, Virginia, USA, November 2007.
[48]冯登国,秦宇.可信计算环境证明方法研究[J].计算机学报.2008,31(9),1640-1652.
[49]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6),1625-1641
[50]Jan Camenisch:Better Privacy for Trusted Computing Platforms[C]. In Proceedings of the 9th European Symposium on Research in Computer Security (ESOPICS 2004). Berlin: Springer-Verlag,2004.73-88.
[51]B. Smyth, L. Chen, and M. Ryan. Direct anonymous attestation (DAA):ensuring privacy with corrupt administrators[C]. In F. Stajano, editor, Proceedings of Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2007), volume 4572 of LNCS, pages 218-231. Springer-Verlag,2007.
[52]Michael Backes, Matteo Maffei, Dominique Unruh. Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol[C]. In Proceedings of the IEEE Symposium on Security and Privacy 2008, pages 202-215. May 2008.
[53]Adrian Leung, Liqun Chen, Chris J. Mitchell. On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA) [C]. In Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications (TRUST 2008), pages 179-190. Villach, Austria.
[54]Brickell, E., Chen, L., Li, J.:A new direct anonymous attestation scheme from bilinear maps[C]. In In the 1st international conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications (TRUST 2008), pages 166-178. Villach, Austria.
[55]Chen Xiaofeng Feng Dengguo. Direct Anonymous Attestation for Next Generation TPM [J]. JOURNAL OF COMPUTERS,2008,3(12),43-50.
[56]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报.2009,32(7):1304-1310.
[57]Trusted Computing Group. TNC IF-T:Binding to TLS, Version 1.0. Revision 16 [EB/OL]. 18 May,2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[58]Trusted Computing Group. TNC IF-MAP Binding for SOAP, Version 1.1. Revision 5 [EB/OL].18 May,2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[59]Trusted Computing Group. TNC IF-TNCCS, Version 1.2. Revision 6 [EB/OL].18 May, 2009. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[60]Trusted Computing Group. TNC IF-IMC, Version 1.2. Revision 8 [EB/OL].5 Febrary, 2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[61]Trusted Computing Group. TNC IF-IMV, Version 1.2. Revision 8 [EB/OL].5 Febrary, 2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[62]Trusted Computing Group. TNC IF-PEP:Protocol Bindings for RADIUS, Version 1.2. Revision 8 [EB/OL].5 Febrary,2007. http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[63]Trusted Computing Group. IWG IF-PTS, Version 1.0. Revision 1.0 [EB/OL].17 November, 2006. http://www.trustedcomputinggroup.org/ http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications
[64]James P. Anderson. Computer Security Technology Planning Study Volume Ⅱ. ESD-TR-73-51, Vol.Ⅱ, Electronic Systems Division[M], Air Force Systems Command, Hanscom Field, Bedford, MA, USA, Oct 1972.
[65]石文昌,孙玉芳.安全操作系统研究的发展[J].计算机科学,2002,29(6),5-12
[66]Jaehong Park, Ravi Sandhu. Towards usage control models beyond traditional access control[C]. In proceedings of the 7th ACM symposium on access control models and technologies, June 2002.
[67]G. J. Popek, M. Kampe, C. S. Kline, E. J. Walton. UCLA Data Secure Unix[C]. AFIPS Conf. Proc., Vol.48,1979 National Computer Conference, AFIPS Press, Arlington, VA, USA,1979, pp.355-364.
[68]Secure Computing Corporation. Assurance in the Fluke Microkernel:Formal Security Policy Model. CDRL Sequence No.A003, Secure Computing Corporation,2675 Long Lake Road, Roseville, Minnesota 55113, Feb 1999.
[69]Wright C, Cowan C, Smalley S, et al. Linux Security Modules:General Security Support for the Linux Kernel [C]//Proc of the 11th USENIX Security Symposium:USENIX Association,2002:17-31.
[70]Loscocco P, Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating System[C].2001 USENIX Annual Technical Conference,2001
[71]David Safford, Mimi Zohar. A Trusted Linux Client (TLC). Technical Report [EB/OL]. http://www.research.ibm.com/gsal/tcpa/tlc.pdf
[72]Microsoft. Trusted platform module services in windows longhorn,2005 [EB/OL]. http://www.microsoft.com/resources/ngscb/.
[73]Dirk Kuhlmann, Rainer Landfermann, Harigovind Ramasamy. An Open Trusted Computing Architecture--Secure virtual machines enabling user-defined policy enforcement [EB/OL]. http://www.opentc.net/otc_HighLevelOverview/
[74]David Kyle, Jose Carlos Brustoloni. Uclinux:a linux security module for trusted-computing-based usage controls enforcement[C]. In Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02,2007, Alexandria, Virginia, USA.
[75]Axelle Apvrille, David Gordon, Serge Hallyn, Makan Pourzandi, and Vincent Roy:DigSig: Run-time Authentication of Binaries at Kernel Level[C]. In Proceedings of LISA '04: Eighteenth Systems Administration Conference[C]. Atlanta, GA:USENIX Association November,2004.59-66.
[76]Bertrand Anckaert, Matias Madou, and Koen De Bosschere:A Model for Self-Modifying Code [M]. Springer Berlin/Heidelberg.2006.352-368.
[77]Yongdong Wu, Zhigang Zhao, and Tian Wei Chui:An Attack on SMC-Based Software Protection[M]. Springer Berlin/Heidelberg.2007.232-248.
[78]Daniel P.Bovet & Marco Cesati:Understanding the Linux Kernel [M]. O'REILLY Media, Inc.2003.674-676.
[79]Radhakrishnan M, Solworth J A:Application security support in the operating system kernel. [C] In Proceedings of the 2006 ACM Symposium on Information, computer and communications security. Taipei, Taiwan:ACM Press,2006:201-211.
[80]Hicks B, Rueda S, Jaeger T, et al. From trusted to secure:Building and executing applications that enforce system security [C]. In Proc of the USENIX Annual Technical Conference. Santa Clara, CA:USENIX Association,2007:Article No.16.
[81]Song Z, Lee S, Masuoka R. Trusted Web Service[C]. Proceedings of Workshop on Advances in Trusted Computing. Tokyo, Japan:the Ministry of Economy, Trade and Industry, Japan,2006
[82]Sevinc P E, Strasser M, Basin D. Securing the Distribution and Storage of Secrets with Trusted Platform Modules[C]. Workshop in Information Security Theory and Practices (WISTP'07), Crete, Greece:Springer-Verlag.2007:53-66.
[83]L'opez J, Mana A, Yag"ue M I.XML-Based Distributed Access Control System[C]. In: Proc.3rd Int. Conference on Electronic Commerce and Web Technologies, Germany: Springer-Verlag Berlin Heidelberg 2002.
[84]Krishnan R, Sandhu R. Enforcement Architecture and Implementation Model for Group-Centric Information Sharing[C]. In Proc.1st International Workshop on Security and Communication Networks (IWSCN), Trondheim, Norway:IEEE.2009
[85]Abbadi I, Mitchell C. Digital Rights Management using a Mobile Phone[C]. In Proc. of the ninth international conference on Electronic commerce. Minneapolis, Minnesota, USA: ACM.2007:185-194.
[86]Nadalin A, Kaler C, Monzillo R, Hallam-Baker P. Web Services Security:SOAP Message Security 1.1. OASIS Standard Specification[S].2006.
[87]Park J, Sandhu R. The UCONABC usage control model [J]. ACM Transactions on Information and System Security.2004,7(1):128-174.
[88]Zhang X W, Seifert J P, Sandhu R. Security Enforcement Model for Distributed Usage Control[C]. In Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008):IEEE Computer Society.2008:10-18
[89]Berthold A, Alam M, Breu R, Hafner M, Pretschner J, Seifert J P, Zhang X W. A Technical Architecture For Enforcing Usage Control Requirements in Service-Oriented Architectures[C]. In Proc. of the 2007 ACM Workshop on Secure Web Services, Virginia, USA:ACM.2007:18-25.
[90]聂晓伟,冯登国.基于可信平台的一种访问控制策略框架——TXACML[J]计算机研究与发展,2008,45(10):1676-1686
[91]Kuhn U, Kursawe K, Lucks S, et al. Secure Data Management in Trusted Computing [C]. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES). Berlin:Springer,2005:324-338.
[92]Kuhn U, Selhorst M, Stable C. Realizing Property-Based Attestation and Sealing with Commonly Available Hard- and Software [C]. In Proceedings of the 2007 ACM workshop on Scalable trusted computing. New York:ACM Press,2007:50-57.
[93]E. Stewart Lee. Essays about Computer Security [M]. Cambridge, London, UK,1999.
[94]Carl Landwehr, C. L. Heitmeyer and J. McLean. A security model for military message system [J]. ACM Transactions on Computer Systems,9(3):198-222,198.
[95]F. Cohen. Computer viruses:Theory and experiments [J]. Computer and Security,6:22-35, 1987.
[96]Paul A. Karger, Vernon R. Austel and David C. Toll. A New Mandantory SecurityPolicy Combining Securecy and Integrity[R]. Rearch Report RC21717. IBM Corp.,2000.
[97]S. Osborn, R. Sandhu, Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies [J]. ACM Transactions on Information and System Security,3(2):85-106,2000.
[98]J Winter Trusted computing building blocks for embedded linux-based ARM trustzone platforms[C]. In Proceedings of the 2008 ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA:ACM Press,2008:21-30
[99]Masoom Alam, Jean-Pierre Seifert, Qi Li, Xinwen Zhang. Usage control platformization via trustworthy SELinux[C]. In proceedings of the 2008 ACM symposium on Information, computer and communications security, March 2008
[100]Agreiter Berthold, Muhammad Alam, Ruth Breu, Michael Hafner, Alexander Pretschner, Jean-Pierre Seifert, Xinwen Zhang. A technical architecture for enforcing usage control requirements in service-oriented architectures[C]. In Proceedings of the 2007 ACM workshop on Secure web services, November 2007.