混合云服务安全若干理论与关键技术研究
|
摘要
针对IT领域对于计算资源集约化、规模化和专业化的需求,云计算这种新型的计算模式应运而生。云计算通过虚拟化技术对各种互联互通的资源进行有效整合和抽象,从而建立庞大的虚拟化资源池,实现资源的集中化规模化;通过网络将资源以可靠的服务模式提供给用户,使用户无需了解底层技术细节,从繁杂的IT基础设施维护工作中解放出来。由于云计算的巨大商业和社会价值,日前国内外各大IT企业(如Google、Amazon、IBM中国移动等)都先后推出了自己的云计算产品,各国政府也开始了对于云计算的初步应用研究。
在云计算不断提高生产效率的同时,其暴露出来的各种安全问题也不容忽视,云计算安全问题已经成为阻碍其发展的关键因素。近年来各大云计算提供商(如微软、Google等)都出现了许多不同程度的安全事故。Gartner 2009年的调查结果显示,70%以上受访企业的CTO表示云安全问题是影响企业应用云计算的首要问题。同时云计算目前正朝着不同云服务之问互通融合的方向发展,与多个私有云或公有云联合组成规模更大的混合云时,其安全问题更为复杂,该问题目前在学术领域亟待开展深入研究。
本文在分析混合云架构下跨云认证、授权管理等安全需求基础上,从跨云身份管理与认证、授权管理模型、云基础设施安全等方面开展研究,以期提高混合云服务的安全性。具体研究内容包括:
1.面向混合云架构下跨云进行资源访问时对用户认证的需求,从建立私有云间基于PKI体系的信任关系入手,设计了一种面向混合云的跨云用户认证机制,并对效率和安全性进行了分析,该机制综合运用PKI体制和双线性对密签体制,满足对跨云认证中用户属性令牌的完整性、真实性保护需求,实现了混合云构架下的统一用户认证。认证机制主要包括跨云认证协议设计、令牌服务、跨云参数安全交换等,为跨云授权管理提供用户认证服务支撑,与传统方式相比,该模型认证机制具备简洁高效的特点,能满足混合云环境下用户分属不同的私有云的认证域、服务访问频繁的需求。
2.综合属性访问控制和基于角色访问控制的优势,在研究跨云协同应用授权策略元素的分配关系、拥有关系、包含关系与合成关系基础上,分析了权限合成结构的时问状态、安全等级、可信环境约束关系,提出了基于策略合成的混合云授权管理模型,设计了HCAMMPC(Hybrid Cloud Authorization Management Model based on Policy Combination)模型策略合成的基本关系和授权规则,给出了模型的策略合成方法并对模型的相关结论予以证明。HCAMMPC模型具有策略动态合成、细粒度访问控制和可扩展性强的特点,能满足跨云协同服务组合应用的动态授权管理需求。
3.针对基于可信技术的云计算环境基础设施中现有的链式度量结构过于简单,无法承载其度量需求的问题,提出了一种安全可扩展的星型信任度量结构,该结构能满足大规模度量需求,为云计算环境可信度量提供基础技术保障;针对云计算基础设施缺乏构建过程的有效验证问题,提出了一种非交互式的基于TPM约束的远程证明方案,该方案可以为云平台使用者提供云平台基础设施的可信凭据,为云平台提供者和云平台使用者之间建立一种可信的远程证明机制。
As an emerging computing paradigm, a cloud computing abstract networked resources and integrates them through virtualization technology, which builds a huge virtual resource pool to manage resource. According to a dependable service model, resource is available and apparent for users over Internet, without the knowledge of details and management. Since the challenge and value are in economy, many IT enterprises are focusing on it. And governments and armies have also put forward some preliminary practices in the cloud computing fields.
Although the cloud computing upgrades the efficiency, its security problem should not be neglected, which is the key issue hinder the development of cloud computing. Recently some cloud computing providers, like Microsoft、Google and so on, have meet security incidents. In 2009 the Gartner's report shows that 70% of the interviewed CTO express their concerns on the cloud computing security that is the main problem for the applications of cloud computing. At the same time, the integration of different services is the direction of the development for cloud computing. When two or more clouds (private or public) compose a larger cloud, which is called hybrid cloud, many new security challenges are booming up just like multi-level security and cross-domain security. Now the security of hybrid cloud framework requires academic attention.
Based on the security requirements of cross-domain authentication and access control in the hybrid cloud environment, this dissertation studies the cloud infrastructure security, cross-cloud identity management, cross-cloud access control and so on to improve the security of hybrid cloud service. The contributions of this dissertation can be listed in the following aspects:
1. With the requirement of authentication in the hybrid cloud, a cross-cloud authentication mechanism is proposed, through building a trust among private clouds. And analysis on the efficiency and security is carried out. In this mechanism, Bilinear paring signcryption is integrates into PKI system, which satisfies the requirement of integrity and reality for user attribute token, and realizes a uniform authentication in a hybrid cloud framework. The authentication mechanism mainly includes the design of authentication protocol, token service and cross-cloud security exchange of parameter, provides the support of authentication for access control based atrribe-centric. Compared to the other traditional approach, the mechanism possesses more efficient and lightweight characteristic, and can satisfy the requirement of a great lot of users, frequently accessing service, high dynamic and isomerous in the hybrid cloud.
2. Large numbers of users, roles, permissions and authorization restrictions in the hybrid cloud demand to manage availably. To overcome the deficiency in the hybrid cloud cooperative service application with the current model of authorization management, colligating the advantages of ABAC and RBAC, based upon the analysis of the relationship of distribution, possession, inclusion and composition among the element set in the hybrid-cloud cooperative organization, the time, security and environment of the permissions composition structure is analyzed. And the hybrid cloud authorization management model based on policy combination is proposed, the basic connection and authorization regulation of policies composition of HCAMMPC is designed, the method of policies composition is advanced, and theorems of the HCAMMPC are proved. The HCAMMPC can compose policies dynamic, access control fine granularity and expand well, and satisfy the requirement of dynamic authorization management in the hybrid cloud cooperative service application.
3. Aiming at the problem of simplicity of daisy-chain structure for parallel and concurrent operations in cloud computing, a secure scalable star-style measurement structure is introduced. And to resolve the deficiency of attention method for construction of cloud computing infrastructure, a non-interaction remote attestation method with TPM restriction is proposed. Through these methods, the measurement and attestation requirements of cloud computing infrastructure are satisfied.
在云计算不断提高生产效率的同时,其暴露出来的各种安全问题也不容忽视,云计算安全问题已经成为阻碍其发展的关键因素。近年来各大云计算提供商(如微软、Google等)都出现了许多不同程度的安全事故。Gartner 2009年的调查结果显示,70%以上受访企业的CTO表示云安全问题是影响企业应用云计算的首要问题。同时云计算目前正朝着不同云服务之问互通融合的方向发展,与多个私有云或公有云联合组成规模更大的混合云时,其安全问题更为复杂,该问题目前在学术领域亟待开展深入研究。
本文在分析混合云架构下跨云认证、授权管理等安全需求基础上,从跨云身份管理与认证、授权管理模型、云基础设施安全等方面开展研究,以期提高混合云服务的安全性。具体研究内容包括:
1.面向混合云架构下跨云进行资源访问时对用户认证的需求,从建立私有云间基于PKI体系的信任关系入手,设计了一种面向混合云的跨云用户认证机制,并对效率和安全性进行了分析,该机制综合运用PKI体制和双线性对密签体制,满足对跨云认证中用户属性令牌的完整性、真实性保护需求,实现了混合云构架下的统一用户认证。认证机制主要包括跨云认证协议设计、令牌服务、跨云参数安全交换等,为跨云授权管理提供用户认证服务支撑,与传统方式相比,该模型认证机制具备简洁高效的特点,能满足混合云环境下用户分属不同的私有云的认证域、服务访问频繁的需求。
2.综合属性访问控制和基于角色访问控制的优势,在研究跨云协同应用授权策略元素的分配关系、拥有关系、包含关系与合成关系基础上,分析了权限合成结构的时问状态、安全等级、可信环境约束关系,提出了基于策略合成的混合云授权管理模型,设计了HCAMMPC(Hybrid Cloud Authorization Management Model based on Policy Combination)模型策略合成的基本关系和授权规则,给出了模型的策略合成方法并对模型的相关结论予以证明。HCAMMPC模型具有策略动态合成、细粒度访问控制和可扩展性强的特点,能满足跨云协同服务组合应用的动态授权管理需求。
3.针对基于可信技术的云计算环境基础设施中现有的链式度量结构过于简单,无法承载其度量需求的问题,提出了一种安全可扩展的星型信任度量结构,该结构能满足大规模度量需求,为云计算环境可信度量提供基础技术保障;针对云计算基础设施缺乏构建过程的有效验证问题,提出了一种非交互式的基于TPM约束的远程证明方案,该方案可以为云平台使用者提供云平台基础设施的可信凭据,为云平台提供者和云平台使用者之间建立一种可信的远程证明机制。
As an emerging computing paradigm, a cloud computing abstract networked resources and integrates them through virtualization technology, which builds a huge virtual resource pool to manage resource. According to a dependable service model, resource is available and apparent for users over Internet, without the knowledge of details and management. Since the challenge and value are in economy, many IT enterprises are focusing on it. And governments and armies have also put forward some preliminary practices in the cloud computing fields.
Although the cloud computing upgrades the efficiency, its security problem should not be neglected, which is the key issue hinder the development of cloud computing. Recently some cloud computing providers, like Microsoft、Google and so on, have meet security incidents. In 2009 the Gartner's report shows that 70% of the interviewed CTO express their concerns on the cloud computing security that is the main problem for the applications of cloud computing. At the same time, the integration of different services is the direction of the development for cloud computing. When two or more clouds (private or public) compose a larger cloud, which is called hybrid cloud, many new security challenges are booming up just like multi-level security and cross-domain security. Now the security of hybrid cloud framework requires academic attention.
Based on the security requirements of cross-domain authentication and access control in the hybrid cloud environment, this dissertation studies the cloud infrastructure security, cross-cloud identity management, cross-cloud access control and so on to improve the security of hybrid cloud service. The contributions of this dissertation can be listed in the following aspects:
1. With the requirement of authentication in the hybrid cloud, a cross-cloud authentication mechanism is proposed, through building a trust among private clouds. And analysis on the efficiency and security is carried out. In this mechanism, Bilinear paring signcryption is integrates into PKI system, which satisfies the requirement of integrity and reality for user attribute token, and realizes a uniform authentication in a hybrid cloud framework. The authentication mechanism mainly includes the design of authentication protocol, token service and cross-cloud security exchange of parameter, provides the support of authentication for access control based atrribe-centric. Compared to the other traditional approach, the mechanism possesses more efficient and lightweight characteristic, and can satisfy the requirement of a great lot of users, frequently accessing service, high dynamic and isomerous in the hybrid cloud.
2. Large numbers of users, roles, permissions and authorization restrictions in the hybrid cloud demand to manage availably. To overcome the deficiency in the hybrid cloud cooperative service application with the current model of authorization management, colligating the advantages of ABAC and RBAC, based upon the analysis of the relationship of distribution, possession, inclusion and composition among the element set in the hybrid-cloud cooperative organization, the time, security and environment of the permissions composition structure is analyzed. And the hybrid cloud authorization management model based on policy combination is proposed, the basic connection and authorization regulation of policies composition of HCAMMPC is designed, the method of policies composition is advanced, and theorems of the HCAMMPC are proved. The HCAMMPC can compose policies dynamic, access control fine granularity and expand well, and satisfy the requirement of dynamic authorization management in the hybrid cloud cooperative service application.
3. Aiming at the problem of simplicity of daisy-chain structure for parallel and concurrent operations in cloud computing, a secure scalable star-style measurement structure is introduced. And to resolve the deficiency of attention method for construction of cloud computing infrastructure, a non-interaction remote attestation method with TPM restriction is proposed. Through these methods, the measurement and attestation requirements of cloud computing infrastructure are satisfied.
引文
[1]中国电子学会云计算专家委员会,云计算白皮书,2011.
[2]冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,(1):71-83.
[3]陈康,郑纬民.云计算:系统实例与研究现状[J].软件学报,2009,(5):1337-1348.
[4]ARMBRUAT M, FOX A, GRIFFITH R, et al. Above the clouds:a Berkeley view of cloud computing[R/OL].:http://www.grid.pku.edu.cn/cloud/Berkeley-abuovetheclouds.pdf,2009.
[5]http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf.
[6]维基百科Cloud computing[EB/OL].:http://en.wikipedia.org/wiki/Cioud_computing,2009.
[7]http://servers.pconline.com.cn/news/0903/1594026.html.
[8]http://aws.amazon.com/ec2/,2009-08-02.
[9]Computer Communication Review,2009,39(1):50-55.
[10]Mell P, Grance T. Cloud computing definition, NIST June 2009.
[11]Rajarajan Sampath, Deepak Goel. RATING:Rigorous assessment of trust in identity management[A]. Availability, Reliability and Security, First International Conference[C].2006: 10-19.
[12]Daeseon Choi, Seung-Hun Jin, Hyunsoo Yoon. Trust management for user-centric identity management on the intemet[A]. Consumer Electronics, IEEE International Symposium[C]. IEEE Press,2007.
[13]Audun Josang, John Fabre, Brian Hay, et al. Trust requirements in identity management[A]. ACM International Conference Proceeding Series Proceedings of the 2005 Australasian Workshop on Grid Computing and E-Research[C]. Newcastle, New South Wales, Australia,2005.
[14]Shintaro Mizuno, Kohji Yamada, Kenji Takahashi. Authentication using multiple communication channels[A]. In:Proceedings of the 2005 Workshop on Digital Identity Management[C].2005: 54-62.
[15]Audun Josang, Simon Pope. User centric identity management[A]. AusCERT Conference[C]. 2005.
[16]Audun Josang, Mohammed AIZnmai, Suriadi Suriadi. Usability and privacy in identity management architectures[A]. ACM International Conference Proceeding Series Conferences in Research and Practice in Information Technology Series Proceedings of the fifth Australasian Symposium on ACSW Frontiers[C].2007.
[17]Paul Madsen, Yuzo Koga, Kenji Takahashi. Federated identity management for protecting users from ID theft[A]. Workshop on Digital Identity Management Proceedings of the 2005 Workshop on Digital Identity Management[C].2005.
[18]Suriadi Suriadi, Ernest Foo, Audun Josang. A user-centric federated single sign-on system [A]. Proceedings ofthe 2007 IFIP International Conference on Network and Parallel Computing Workshops[A].2007.
[19]John Hughes. Profiles for the OASIS Security Assertion Markup Language(SAML)V2.0 OASIS[R],2005.
[20]Web Services Federation Language (WS-Federation) Version1.0.2003[R/OL]. http://www-106. ibm.eom/developerworks/library/ws-fed/.
[21]Web Services Security version 1.0,2002-04[R/OL]. http://www.oasis-open.org/eommittees/wws/.
[22]Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino. Establishing and protecting digital identity in federation systems[A]. In Proceedings of the 2005 workshop on Digital identity management[C]. USA:ACM Press,2005:11-19.
[23]Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. Notarized federated ID management and authentication[J]. Journal of Computer Security,2008,16(4):399-418.
[24]Abhilasham Bhargav-Spantzel, Squicciarini C, and Elisa Bertino. Privacy preserving multi-factor authentication with biometrics[A]. In:Proceedings of the second ACM workshop on Digital identity management[C]. USA, ACM Press,2006:63-72.
[25]Gall A J, John L. Managing Privacy Preferences for Federated Identity Management[J]. IM’05, 2005:28-36.
[26]Abhilasha A, Squicciarini C. Establishing and Protecting Digital Identity in Federation Systems[A]. DIM'05[C].2005:11-19.
[27]Elisa B, Bharguv A, Spantzel. Policy languages for digital identity management in federation systems[A]. In:POLICY"06[C]. IEEE,2006.
[28]胡剑,寇雅楠.基于SAML的 Web 服务中的联合单点登录的设计与实现[J].制造业自动化,2007,29(10):79-81.
[29]陈科,余堃,黄迪明.基丁安全断言标记语言辅件技术的单点登录系统分析[J].计算机应用, 2005,25(11):2574-2576.
[30]沈海波,洪帆.基于WS-Federation的Web服务跨域单点登录认证分析[J].计算机应用研究,2006:16-119.
[31]杨青,怀进鹏等.基于SAML的协同电子商务安全服务系统[J].计算机工程与应用,2002,14:228-234.
[32]高俊娜,于继万,朱华飞等.一种新的SIP SSO机制[J].计算机应用,2004,24(5):53-56.
[33]牛晓霞.Web服务架构下联邦身份管理技术的研究[D].河北:河北大学,2006.
[34]Lampson B W. Protection. Operating System Rev[J].1974,8(1):18-24.
[35]Bell D E, Lapadula L J. Secure Computer Systems:Mathematical Foundations[J]. Bedford:The Mitre Corporation,1973, (1).
[36]Ravi S, Sandhu, Edward J, Coyne, Feinstein, Charles Y. Role-Based Access Control Models[J]. IEEE Computer,1996,29(2):38-47.
[37]Ravi S, David F, Richard K. The NIST model for role based access control:towards a unified standard[A]. In Proceeding of the fifth ACM workshop on Role-Based access control[C]. ACM press,2000:47-63.
[38]Wang L Y, WIJESEKERA D, JAJODIA S. A logic-based framework for attribute based access control [A]. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering[C]. ACM press,2004:45-55.
[39]Zhang X, Li Y, Nail D. An attribute-based access matrix model[A]. In Proceedings of the 2005 ACM Symposium on Applied Computing[C]. ACM press,2005:359-363.
[40]Oh S, Park S. Task-role Based Access Control:An Improved Access Control Method for Enterprise Environment[A]. LNCS 1873, Database and Expert Systems Applications, Proceeding of 11th International Conference[C], DEXA,2000:264-273.
[41]Fenkam P, Dustdar S, Kirda E, Reif G, Gall H. Towards an access control system for mobile peer-to-peer collaborative environments[A]. In Proc. of the IEEE 11th Int'1 Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises[C]. IEEE Computer Society,2002: 95-102.
[42]Kim W, Graupner S, Sahai A. A secure platform for P2P computing in the Internet[A]. In Proc. of the 35th Hawaii Int'1 Conf. on System Sciences[A]. Hawaii:IEEE Computer Society[C],2002: 3948-3957.
[43]Ryutov T, Zhou L, Neuman C, Leithead T, Seamons K. Adaptive trust negotiation and access control[A]. In Proc. of the 10th Symp. On Access Control Models and Technologies[C]. New York: ACM Press,2005:139-146.
[44]Condor high throughput computing,2006. http://www.cs.wise.edu/condor.
[45]Legion Research Group of the University of Virginia. Legion, a worldwide virtual computer,2005. http://legion.virginia.edu/.
[46]Globus project:Globus toolkit,2006. http://www.globus.org.
[47]Yao H, Hu H, Huang B, Li R. Dynamic role and context-based access control for grid applications[A]. In Proc. of the 6th Int'1 Conf. on Parallel and Distributed Computing:Applications and Technologies[C]. IEEE Computer Society,2005:404-406.
[48]Luo J Z. Wang X P, Song A B. A semantic access control model for grid sevices[A]. In Proc. of the 9th Int'1 Conf. on Computer Supported Cooperative Work in Design[C]. Coventry:IEEE Press, 2005:350-355.
[49]Lampson B, Abadi M, Burrows M, et al. Authentication in Distributed Systems:Theory and Practice[J]. ACM Transaction on Computer Systems,1992,10(4):265-310.
[50]Abadi M, Burrows M, Lampson B, et al. A calculus for access control in distributed systems[J]. ACM Transactions on Programming Languages and Systems,1993,15(4):706-734.
[51]Ninghui Li. Delegation Logic:A Logic-based Approach Distributed Authorization[D]. New York: New York University,2000.
[52]Woo T Y C, Lam S. Authorization in Distributed Systems-A Formal Approach[A]. In Proceedings of the IEEE Symposium on Security and Privacy[C]. Oakland, CA,1993.
[53]Woo T Y C, Lam S. Authorization in Distributed Systems-A New Approach[J]. Journal of Computer Security,1993,2(2/3):107-136.
[54]Alonso G, Casati F, Kuno H, et al. Web Services Concepts, Architecture and Applications[M]. Springer,2004.
[55]Joshi J, Bhatti R, Bertino E, Ghafoor A. An Access Control Language for Multidomain Environments[J]. IEEE Internet Computing,2004,8(6):40-50.
[56]Du S, Joshi J. Supporting Authorization Query and Inter-Domain Role Mapping in Presence of Hybrid Role Hierarchy[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. Lake Tahoe, California, USA,2006:228-236.
[57]Joshi J, Bertino E. Fine-Grained Role-Based Delegation in Presence of the Hybrid Role Hierarchy[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. ACM press,2006:81-90.
[58]Lu XC, Wang H M, Wang J. Internet-Based virtual computing environment (IVCE):Concepts and architecture[J]. Science in China (Series E),2006,36(10):1081-1099.
[59]Ian Foster, Kesselman C. Globus:A Metacomputing Infrastructure Toolkit[J]. International Journal of Supercomputer Applications,1997,11(2):114-128.
[60]Xen Source Codes. http://www.xensources.com/.
[61]Xen Mailing List. http://lists.xensource.com/archives/html/xen-devel/.
[62]李明禄,翁楚良.虚拟计算的系统安全[J].中国计算机学会通讯,2008,4(4):50-55.
[63]Sailer R, Valdez E, Jaeger T, et al. sHype:Secure Hypervisor Approach to Trusted Virtualized Systems[R]. IBM Research Report, RC23511 (W0502-006),2005.
[64]Derek G. Murray, Milos G, Hand S. Improving Xen Security through Disaggregation[A]. In Proc. ACM VEE'08[C]. ACM press,2008.
[65]Xiaoxin Chen, Tal Garfinkel, Christopher E L. Overshadow:a virtualization-based approach to retrofitting protection in commodity operating systems[A]. In Proceedings of 13th international conference on Architecture support for programming languages and operating system[C]. ACM Press,2008:2-13.
[66]Griffin J L, Jaeger T, Perez R, et al. Trusted Virtual Domains:Toward Secure Distributed Services[A]. Research Report RC23595 (W0504-136)[C]. IBM T.J, Watson Research Center,2005. Presented at First Workshop on Hot Topics in Systems Dependability[C]. Yokohama, Japan,2005.
[67]Bussani A, Griffin J, Jansen B, et al. Trusted Virtual Domains:Secure Foundations for Business and It Services[R]. Research Report RC23792, IBM Research,2005.
[68]McCune J M, Jaeger T, Berger S, et al. Shamon:A System for Distributed Mandatory Access Control[A]. In the 22nd Annual Computer Security Applications Conference[C]. Miami Beach, Florida, USA,2006:23-32.
[69]Berger S, Caceres R, Pendarakis D E, et al. TVDc:Managing Security in the Trusted Virtual Datacenter[J]. Operating Systems Review,2008,42(1):40-47.
[70]Gasmi Y, Sadeghi A R, Stewin P, et al. Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains[A]. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing[C]. Alexandria, VA, USA,2008:71-80.
[71]Catuogno L, Manulis M, Lohr H, et al. Transparent Mobile Storage Protection in Trusted Virtual Domains[A]. In:23rd Large Installation System Administration Conference (LISA'09)[C].2009.
[72]金海,廖小飞.计算系统虚拟化:体系结构领域的重要挑战[J].中国计算机学会通讯,2008,4(4):15-21.
[73]陈海波.云计算平台可信性增强技术的研究[D].上海:复旦大学,2008.
[74]Daoli. http://www.daoliproject.org.
[75]林闯,孔祥震,周寰.增强计算系统可信赖性:融合虚拟化和SOA[J]软件学报,2009,20(7):1986-2004.
[76]金海.漫谈云计算[J].中国计算机学会通讯,2009,5(6):22-25.
[77]Trusted Computing Group, TPM Main Part 1 Design Principles Specification Version 1.2 Revision 1.03,2006.
[78]Kuhlmann D, Landfemann R, Ramasamy H, et al. An Open Trusted Computing Architecture-Secure virtual machines enabling user-defined policy enforcement,2003.
[79]沈吕祥,张焕国,王怀民等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166.
[80]TPM Emulator, http://tpm-emulator.berlios.de/.
[81]Berger S, Coceres R, Goldman K, et al. vTPM:Virtualizing the Trusted Platform Module[A]. In Proceedings of the 15th conference on USENIX Security Symposium[C]. Berkeley, CA, USA, USENIX Association,2006:21-31.
[82]Ryan Rileyk, Xuxian Jiang, and Dongyan Xu. Guest-transparent Prevention of Kernel Rootkits with VMM-based Guest-transparent Monitoring[A]. In Proc. International Conference on Availability, Reliability and Security ARES'09[C].2009:74-81.
[83]Krautheim F.J, Dhananjay S P, Sherman A T. Identifying Trusted Virtual Machines, 2008-07[EB/OL].:http://wiki.xensource.com/xenwiki/.
[84]Nuno Santos, Gummadi K. P, Rodrigo Rodrigues. Towards trusted cloud computing[R]. Workshop on Hot Topics in Cloud Computing,2009.
[85]Krautheim F J. Private Virtual Infrastructure for Cloud Computing[R]. Workshop on Hot Topics in Cloud Computing,2009.
[86]Housley R, Ford W, Polk.W, et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile [S]. RFC2459,1999.
[87]蒋辉十柏,蔡震,容晓峰,周利华.PKI中儿种信任模型的分析研究[J].计算机测量与控制,2003,11(3):201-204.
[88]Shamir A. Identity-based cryptosystems and signature schemes[A]. In Blakley G.R., Chaum D. eds. Advances in Cryptology-CRYPTO'84, Lecture Notes in Computer Science 196[C]. Berlin: Springer-Verlag,1984:47-53.
[89]John Malone-Lee. Identity Based Signcryption[R]. Cryptology ePrint Archive, Report 2002/098, 2002. Available at http://eprint.iacr.org.
[90]Liqun Chen, John Malone-Lee. Improved Identity-Based Signcryption, International Association for Cryptologic Research 2005[R].2005:362-379.
[91]冯登国.云计算安全研究[J].软件学报,2011,22(1):71-83.
[92]云计算的概念及其对网络中心战的影响.中国雷达,2009,4:23-26.
[93]Yuan E, Tong J. Attributed Based Access Control(ABAC)for Web Services[A]. In Proceedings of the IEEE International Conference on Web Services[C]. IEEE Computer Society, Orlando, Florida, USA,2005:561-569.
[94]Priebe T, Dobmeier W, Kamprath N. Supporting Attribute-based Access Control with Ontologies[A]. In Proceedings of the 1st International Conference on Availability, Reliability and Security[C]. IEEE Computer Society, Vienna, Austria,2006:465-472.
[95]Bertino E, Bonatti P A, Ferrari E. TRBAC:A Temporal Role-Based Access Control Model[J]. ACM Transactions on Information and System Security,2001,4(3):191-223.
[96]Joshi J, Bertino E, Latif U, Ghafoor A. A Generalized Temporal Role Based Access Control Model[J]. IEEE transaction on Knowledge and Data engineering,2005,17(1):4-23.
[97]Joshi J B D, Bertino E, Ghafoor A. An Analysis of Expressiveness and Design issues for the Generalized Temporal Role-Based Access Control Model[J]. IEEE Transactions on Dependable and Secure Computing,2005,2(2):157-175.
[98]Ray I, Yu L J. Towards a location-aware role-based access control model[A]. In:Proc. of the 1st IEEE Int'l Conf. on Security and Privacy for Emerging Areas in Communications Networks[C], IEEE Press,2005.234-236.
[99]Covington M J, Long W, Srinivasan S, et al. Securing Context-Aware Applications Using Environment Roles[A]. In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies[C]. ACM Press, Chantilly, Virginia, USA,2001:10-20.
[100]Mclean J. The algebra of security[A]. In:Proc. Of the 1988 IEEE Symo. On Security and Privacy[C]. Washington:IEEE Computer Society,1988:2-7.
[101]Bonatti P, Milano U, Captitani D, Vimercati S, Samarati P. An algebra for composing acces control policies[J]. ACM Trans. On Information and System Security,2005,5(1):1-35.
[102]Wijesekera D, Jajodia S. A Prepositional Policy Algebra for Access Control[J]. ACM Transaction on Information and System Security,2003,6(2):286-325.
[103]Li N, Mitchell J C, Winsborough W H. Design of A Role-based Trust Management Framework[A]. In:Proceedings of the 2002 IEEE Symposium on Security and Privacy[C]. IEEE Computer Society Press,2002.
[104]Hobbs J R. Granularity Proceeding of the IJCAI. Los[R] Angele:Morgan Kaufmann,1985: 432-435.
[105]陈喆,王亚弟,朱智强,杨星.基于行为能力结构的域间动态授权管理模型[J].信息工程大学学报,2010,11(6):641-646.
[106]陈喆,王亚弟,梁员宁.基于粒结构逻辑的域间授权策略合成方法研究[J].信息工程大学学报,2010,11(3):345-350.
[107]Michael Armbrust, Armando Fox, Rean Griffith. Above the Clouds:A Berkeley View of Cloud Computing[EB/OL].:http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.
[108]Gartner. The Top 10 Strategic Technologies for 2010. http://www.gartner.com/it/page.jsp? id=1210613.
[109]Yanpei Chen, Vern Paxson, Katz R H. What's new About Cloud Computing Security[R]. Technical Report No. UCB/EECS-2010-5,2010.
[110]沈吕祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学E辑:信息科学,2007,37(1):129-150.
[111]Arbaugh W A, Farber D J, Smith J M. A Secure and Reliable Bootstrap Architecture[A]. In: Proceeding of IEEE Symposium on Security and Privacy[C]. IEEE CS Press,1997:65-71.
[112]Itoi N, Arbaugh W A, Pollack S J, et al. Personal Secure Booting[J]. Information Security and Privacy, Springer,2001:130-144.
[113]IBM. Tpod, Trusted Platform on Demand. www.trl.ibm.com/people/munetoh/RT0564.pdf.
[114]GRUB TCG Patch to support Trusted Boot. http://trousers.sourceforge.net/grub.html.
[115]Shi E, Perrig A, Doom L V. BIND:A Fine-grained Attestation Service for Secure Distributed Systems[J]. IEEE Symposium on Security and Privacy,2005:154-168.
[116]Zhiqiang Zhu, Mingdi Xu, Huanguo Zhang. Research on Secure and Reconfigurable Architecture Based on a Fixed-Point DSP [A]. In:The 8th IEEE Interntional Conference on Dependable, Autonomic and Secure Computing[C]. Chengdu, China,2009:12-14.
[117]TCG Specification TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I). Revision 1,2005.7.
[118]TCG Specification TCG Infrastructure Working Group Core Integrity Schema Specification. Revision 1.0,2006.11.
[119]TCG Specification TCG Infrastructure Working Group Verification Result Schema. Revision 1.00,2007.5.
[120]TCG Specification TCG Infrastructure Working Group Simple Object Schema Specification. Revision 1.0,2006.11.
[121]TCG Specification TCG Infrastructure Working Group Integrity Report Schema Specification. Revision 1.0,2006.11.
[122]TCG Specification TCG Infrastructure Working Group Security Qualities Schema. Revision 7, 2007.5.
[123]TCG Specification TCG Infrastructure Working Group Reference Manifest Schema Specification. Revision 1.0,2006.11.
[124]Nibaldi G H. Specification of a Trusted Computing Base[S]. M79-228.The MITRE Corporation, Bedford, MA, USA,1979.
[125]Zhiqiang Zhu, Mingdi Xu, Huanguo Zhang. Research and Implement of Secure Bootstrap for Virtual Machine Based on Trusted Computing Platfonn[A]. In:The 8th IEEE Interntional Conference on Dependable, Autonomic and Secure Computing[C]. Chengdu, China,2009: 127-131.
[2]冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,(1):71-83.
[3]陈康,郑纬民.云计算:系统实例与研究现状[J].软件学报,2009,(5):1337-1348.
[4]ARMBRUAT M, FOX A, GRIFFITH R, et al. Above the clouds:a Berkeley view of cloud computing[R/OL].:http://www.grid.pku.edu.cn/cloud/Berkeley-abuovetheclouds.pdf,2009.
[5]http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf.
[6]维基百科Cloud computing[EB/OL].:http://en.wikipedia.org/wiki/Cioud_computing,2009.
[7]http://servers.pconline.com.cn/news/0903/1594026.html.
[8]http://aws.amazon.com/ec2/,2009-08-02.
[9]Computer Communication Review,2009,39(1):50-55.
[10]Mell P, Grance T. Cloud computing definition, NIST June 2009.
[11]Rajarajan Sampath, Deepak Goel. RATING:Rigorous assessment of trust in identity management[A]. Availability, Reliability and Security, First International Conference[C].2006: 10-19.
[12]Daeseon Choi, Seung-Hun Jin, Hyunsoo Yoon. Trust management for user-centric identity management on the intemet[A]. Consumer Electronics, IEEE International Symposium[C]. IEEE Press,2007.
[13]Audun Josang, John Fabre, Brian Hay, et al. Trust requirements in identity management[A]. ACM International Conference Proceeding Series Proceedings of the 2005 Australasian Workshop on Grid Computing and E-Research[C]. Newcastle, New South Wales, Australia,2005.
[14]Shintaro Mizuno, Kohji Yamada, Kenji Takahashi. Authentication using multiple communication channels[A]. In:Proceedings of the 2005 Workshop on Digital Identity Management[C].2005: 54-62.
[15]Audun Josang, Simon Pope. User centric identity management[A]. AusCERT Conference[C]. 2005.
[16]Audun Josang, Mohammed AIZnmai, Suriadi Suriadi. Usability and privacy in identity management architectures[A]. ACM International Conference Proceeding Series Conferences in Research and Practice in Information Technology Series Proceedings of the fifth Australasian Symposium on ACSW Frontiers[C].2007.
[17]Paul Madsen, Yuzo Koga, Kenji Takahashi. Federated identity management for protecting users from ID theft[A]. Workshop on Digital Identity Management Proceedings of the 2005 Workshop on Digital Identity Management[C].2005.
[18]Suriadi Suriadi, Ernest Foo, Audun Josang. A user-centric federated single sign-on system [A]. Proceedings ofthe 2007 IFIP International Conference on Network and Parallel Computing Workshops[A].2007.
[19]John Hughes. Profiles for the OASIS Security Assertion Markup Language(SAML)V2.0 OASIS[R],2005.
[20]Web Services Federation Language (WS-Federation) Version1.0.2003[R/OL]. http://www-106. ibm.eom/developerworks/library/ws-fed/.
[21]Web Services Security version 1.0,2002-04[R/OL]. http://www.oasis-open.org/eommittees/wws/.
[22]Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino. Establishing and protecting digital identity in federation systems[A]. In Proceedings of the 2005 workshop on Digital identity management[C]. USA:ACM Press,2005:11-19.
[23]Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. Notarized federated ID management and authentication[J]. Journal of Computer Security,2008,16(4):399-418.
[24]Abhilasham Bhargav-Spantzel, Squicciarini C, and Elisa Bertino. Privacy preserving multi-factor authentication with biometrics[A]. In:Proceedings of the second ACM workshop on Digital identity management[C]. USA, ACM Press,2006:63-72.
[25]Gall A J, John L. Managing Privacy Preferences for Federated Identity Management[J]. IM’05, 2005:28-36.
[26]Abhilasha A, Squicciarini C. Establishing and Protecting Digital Identity in Federation Systems[A]. DIM'05[C].2005:11-19.
[27]Elisa B, Bharguv A, Spantzel. Policy languages for digital identity management in federation systems[A]. In:POLICY"06[C]. IEEE,2006.
[28]胡剑,寇雅楠.基于SAML的 Web 服务中的联合单点登录的设计与实现[J].制造业自动化,2007,29(10):79-81.
[29]陈科,余堃,黄迪明.基丁安全断言标记语言辅件技术的单点登录系统分析[J].计算机应用, 2005,25(11):2574-2576.
[30]沈海波,洪帆.基于WS-Federation的Web服务跨域单点登录认证分析[J].计算机应用研究,2006:16-119.
[31]杨青,怀进鹏等.基于SAML的协同电子商务安全服务系统[J].计算机工程与应用,2002,14:228-234.
[32]高俊娜,于继万,朱华飞等.一种新的SIP SSO机制[J].计算机应用,2004,24(5):53-56.
[33]牛晓霞.Web服务架构下联邦身份管理技术的研究[D].河北:河北大学,2006.
[34]Lampson B W. Protection. Operating System Rev[J].1974,8(1):18-24.
[35]Bell D E, Lapadula L J. Secure Computer Systems:Mathematical Foundations[J]. Bedford:The Mitre Corporation,1973, (1).
[36]Ravi S, Sandhu, Edward J, Coyne, Feinstein, Charles Y. Role-Based Access Control Models[J]. IEEE Computer,1996,29(2):38-47.
[37]Ravi S, David F, Richard K. The NIST model for role based access control:towards a unified standard[A]. In Proceeding of the fifth ACM workshop on Role-Based access control[C]. ACM press,2000:47-63.
[38]Wang L Y, WIJESEKERA D, JAJODIA S. A logic-based framework for attribute based access control [A]. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering[C]. ACM press,2004:45-55.
[39]Zhang X, Li Y, Nail D. An attribute-based access matrix model[A]. In Proceedings of the 2005 ACM Symposium on Applied Computing[C]. ACM press,2005:359-363.
[40]Oh S, Park S. Task-role Based Access Control:An Improved Access Control Method for Enterprise Environment[A]. LNCS 1873, Database and Expert Systems Applications, Proceeding of 11th International Conference[C], DEXA,2000:264-273.
[41]Fenkam P, Dustdar S, Kirda E, Reif G, Gall H. Towards an access control system for mobile peer-to-peer collaborative environments[A]. In Proc. of the IEEE 11th Int'1 Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprises[C]. IEEE Computer Society,2002: 95-102.
[42]Kim W, Graupner S, Sahai A. A secure platform for P2P computing in the Internet[A]. In Proc. of the 35th Hawaii Int'1 Conf. on System Sciences[A]. Hawaii:IEEE Computer Society[C],2002: 3948-3957.
[43]Ryutov T, Zhou L, Neuman C, Leithead T, Seamons K. Adaptive trust negotiation and access control[A]. In Proc. of the 10th Symp. On Access Control Models and Technologies[C]. New York: ACM Press,2005:139-146.
[44]Condor high throughput computing,2006. http://www.cs.wise.edu/condor.
[45]Legion Research Group of the University of Virginia. Legion, a worldwide virtual computer,2005. http://legion.virginia.edu/.
[46]Globus project:Globus toolkit,2006. http://www.globus.org.
[47]Yao H, Hu H, Huang B, Li R. Dynamic role and context-based access control for grid applications[A]. In Proc. of the 6th Int'1 Conf. on Parallel and Distributed Computing:Applications and Technologies[C]. IEEE Computer Society,2005:404-406.
[48]Luo J Z. Wang X P, Song A B. A semantic access control model for grid sevices[A]. In Proc. of the 9th Int'1 Conf. on Computer Supported Cooperative Work in Design[C]. Coventry:IEEE Press, 2005:350-355.
[49]Lampson B, Abadi M, Burrows M, et al. Authentication in Distributed Systems:Theory and Practice[J]. ACM Transaction on Computer Systems,1992,10(4):265-310.
[50]Abadi M, Burrows M, Lampson B, et al. A calculus for access control in distributed systems[J]. ACM Transactions on Programming Languages and Systems,1993,15(4):706-734.
[51]Ninghui Li. Delegation Logic:A Logic-based Approach Distributed Authorization[D]. New York: New York University,2000.
[52]Woo T Y C, Lam S. Authorization in Distributed Systems-A Formal Approach[A]. In Proceedings of the IEEE Symposium on Security and Privacy[C]. Oakland, CA,1993.
[53]Woo T Y C, Lam S. Authorization in Distributed Systems-A New Approach[J]. Journal of Computer Security,1993,2(2/3):107-136.
[54]Alonso G, Casati F, Kuno H, et al. Web Services Concepts, Architecture and Applications[M]. Springer,2004.
[55]Joshi J, Bhatti R, Bertino E, Ghafoor A. An Access Control Language for Multidomain Environments[J]. IEEE Internet Computing,2004,8(6):40-50.
[56]Du S, Joshi J. Supporting Authorization Query and Inter-Domain Role Mapping in Presence of Hybrid Role Hierarchy[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. Lake Tahoe, California, USA,2006:228-236.
[57]Joshi J, Bertino E. Fine-Grained Role-Based Delegation in Presence of the Hybrid Role Hierarchy[A]. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies[C]. ACM press,2006:81-90.
[58]Lu XC, Wang H M, Wang J. Internet-Based virtual computing environment (IVCE):Concepts and architecture[J]. Science in China (Series E),2006,36(10):1081-1099.
[59]Ian Foster, Kesselman C. Globus:A Metacomputing Infrastructure Toolkit[J]. International Journal of Supercomputer Applications,1997,11(2):114-128.
[60]Xen Source Codes. http://www.xensources.com/.
[61]Xen Mailing List. http://lists.xensource.com/archives/html/xen-devel/.
[62]李明禄,翁楚良.虚拟计算的系统安全[J].中国计算机学会通讯,2008,4(4):50-55.
[63]Sailer R, Valdez E, Jaeger T, et al. sHype:Secure Hypervisor Approach to Trusted Virtualized Systems[R]. IBM Research Report, RC23511 (W0502-006),2005.
[64]Derek G. Murray, Milos G, Hand S. Improving Xen Security through Disaggregation[A]. In Proc. ACM VEE'08[C]. ACM press,2008.
[65]Xiaoxin Chen, Tal Garfinkel, Christopher E L. Overshadow:a virtualization-based approach to retrofitting protection in commodity operating systems[A]. In Proceedings of 13th international conference on Architecture support for programming languages and operating system[C]. ACM Press,2008:2-13.
[66]Griffin J L, Jaeger T, Perez R, et al. Trusted Virtual Domains:Toward Secure Distributed Services[A]. Research Report RC23595 (W0504-136)[C]. IBM T.J, Watson Research Center,2005. Presented at First Workshop on Hot Topics in Systems Dependability[C]. Yokohama, Japan,2005.
[67]Bussani A, Griffin J, Jansen B, et al. Trusted Virtual Domains:Secure Foundations for Business and It Services[R]. Research Report RC23792, IBM Research,2005.
[68]McCune J M, Jaeger T, Berger S, et al. Shamon:A System for Distributed Mandatory Access Control[A]. In the 22nd Annual Computer Security Applications Conference[C]. Miami Beach, Florida, USA,2006:23-32.
[69]Berger S, Caceres R, Pendarakis D E, et al. TVDc:Managing Security in the Trusted Virtual Datacenter[J]. Operating Systems Review,2008,42(1):40-47.
[70]Gasmi Y, Sadeghi A R, Stewin P, et al. Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains[A]. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing[C]. Alexandria, VA, USA,2008:71-80.
[71]Catuogno L, Manulis M, Lohr H, et al. Transparent Mobile Storage Protection in Trusted Virtual Domains[A]. In:23rd Large Installation System Administration Conference (LISA'09)[C].2009.
[72]金海,廖小飞.计算系统虚拟化:体系结构领域的重要挑战[J].中国计算机学会通讯,2008,4(4):15-21.
[73]陈海波.云计算平台可信性增强技术的研究[D].上海:复旦大学,2008.
[74]Daoli. http://www.daoliproject.org.
[75]林闯,孔祥震,周寰.增强计算系统可信赖性:融合虚拟化和SOA[J]软件学报,2009,20(7):1986-2004.
[76]金海.漫谈云计算[J].中国计算机学会通讯,2009,5(6):22-25.
[77]Trusted Computing Group, TPM Main Part 1 Design Principles Specification Version 1.2 Revision 1.03,2006.
[78]Kuhlmann D, Landfemann R, Ramasamy H, et al. An Open Trusted Computing Architecture-Secure virtual machines enabling user-defined policy enforcement,2003.
[79]沈吕祥,张焕国,王怀民等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166.
[80]TPM Emulator, http://tpm-emulator.berlios.de/.
[81]Berger S, Coceres R, Goldman K, et al. vTPM:Virtualizing the Trusted Platform Module[A]. In Proceedings of the 15th conference on USENIX Security Symposium[C]. Berkeley, CA, USA, USENIX Association,2006:21-31.
[82]Ryan Rileyk, Xuxian Jiang, and Dongyan Xu. Guest-transparent Prevention of Kernel Rootkits with VMM-based Guest-transparent Monitoring[A]. In Proc. International Conference on Availability, Reliability and Security ARES'09[C].2009:74-81.
[83]Krautheim F.J, Dhananjay S P, Sherman A T. Identifying Trusted Virtual Machines, 2008-07[EB/OL].:http://wiki.xensource.com/xenwiki/.
[84]Nuno Santos, Gummadi K. P, Rodrigo Rodrigues. Towards trusted cloud computing[R]. Workshop on Hot Topics in Cloud Computing,2009.
[85]Krautheim F J. Private Virtual Infrastructure for Cloud Computing[R]. Workshop on Hot Topics in Cloud Computing,2009.
[86]Housley R, Ford W, Polk.W, et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile [S]. RFC2459,1999.
[87]蒋辉十柏,蔡震,容晓峰,周利华.PKI中儿种信任模型的分析研究[J].计算机测量与控制,2003,11(3):201-204.
[88]Shamir A. Identity-based cryptosystems and signature schemes[A]. In Blakley G.R., Chaum D. eds. Advances in Cryptology-CRYPTO'84, Lecture Notes in Computer Science 196[C]. Berlin: Springer-Verlag,1984:47-53.
[89]John Malone-Lee. Identity Based Signcryption[R]. Cryptology ePrint Archive, Report 2002/098, 2002. Available at http://eprint.iacr.org.
[90]Liqun Chen, John Malone-Lee. Improved Identity-Based Signcryption, International Association for Cryptologic Research 2005[R].2005:362-379.
[91]冯登国.云计算安全研究[J].软件学报,2011,22(1):71-83.
[92]云计算的概念及其对网络中心战的影响.中国雷达,2009,4:23-26.
[93]Yuan E, Tong J. Attributed Based Access Control(ABAC)for Web Services[A]. In Proceedings of the IEEE International Conference on Web Services[C]. IEEE Computer Society, Orlando, Florida, USA,2005:561-569.
[94]Priebe T, Dobmeier W, Kamprath N. Supporting Attribute-based Access Control with Ontologies[A]. In Proceedings of the 1st International Conference on Availability, Reliability and Security[C]. IEEE Computer Society, Vienna, Austria,2006:465-472.
[95]Bertino E, Bonatti P A, Ferrari E. TRBAC:A Temporal Role-Based Access Control Model[J]. ACM Transactions on Information and System Security,2001,4(3):191-223.
[96]Joshi J, Bertino E, Latif U, Ghafoor A. A Generalized Temporal Role Based Access Control Model[J]. IEEE transaction on Knowledge and Data engineering,2005,17(1):4-23.
[97]Joshi J B D, Bertino E, Ghafoor A. An Analysis of Expressiveness and Design issues for the Generalized Temporal Role-Based Access Control Model[J]. IEEE Transactions on Dependable and Secure Computing,2005,2(2):157-175.
[98]Ray I, Yu L J. Towards a location-aware role-based access control model[A]. In:Proc. of the 1st IEEE Int'l Conf. on Security and Privacy for Emerging Areas in Communications Networks[C], IEEE Press,2005.234-236.
[99]Covington M J, Long W, Srinivasan S, et al. Securing Context-Aware Applications Using Environment Roles[A]. In:Proceedings of the 6th ACM Symposium on Access Control Models and Technologies[C]. ACM Press, Chantilly, Virginia, USA,2001:10-20.
[100]Mclean J. The algebra of security[A]. In:Proc. Of the 1988 IEEE Symo. On Security and Privacy[C]. Washington:IEEE Computer Society,1988:2-7.
[101]Bonatti P, Milano U, Captitani D, Vimercati S, Samarati P. An algebra for composing acces control policies[J]. ACM Trans. On Information and System Security,2005,5(1):1-35.
[102]Wijesekera D, Jajodia S. A Prepositional Policy Algebra for Access Control[J]. ACM Transaction on Information and System Security,2003,6(2):286-325.
[103]Li N, Mitchell J C, Winsborough W H. Design of A Role-based Trust Management Framework[A]. In:Proceedings of the 2002 IEEE Symposium on Security and Privacy[C]. IEEE Computer Society Press,2002.
[104]Hobbs J R. Granularity Proceeding of the IJCAI. Los[R] Angele:Morgan Kaufmann,1985: 432-435.
[105]陈喆,王亚弟,朱智强,杨星.基于行为能力结构的域间动态授权管理模型[J].信息工程大学学报,2010,11(6):641-646.
[106]陈喆,王亚弟,梁员宁.基于粒结构逻辑的域间授权策略合成方法研究[J].信息工程大学学报,2010,11(3):345-350.
[107]Michael Armbrust, Armando Fox, Rean Griffith. Above the Clouds:A Berkeley View of Cloud Computing[EB/OL].:http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.
[108]Gartner. The Top 10 Strategic Technologies for 2010. http://www.gartner.com/it/page.jsp? id=1210613.
[109]Yanpei Chen, Vern Paxson, Katz R H. What's new About Cloud Computing Security[R]. Technical Report No. UCB/EECS-2010-5,2010.
[110]沈吕祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学E辑:信息科学,2007,37(1):129-150.
[111]Arbaugh W A, Farber D J, Smith J M. A Secure and Reliable Bootstrap Architecture[A]. In: Proceeding of IEEE Symposium on Security and Privacy[C]. IEEE CS Press,1997:65-71.
[112]Itoi N, Arbaugh W A, Pollack S J, et al. Personal Secure Booting[J]. Information Security and Privacy, Springer,2001:130-144.
[113]IBM. Tpod, Trusted Platform on Demand. www.trl.ibm.com/people/munetoh/RT0564.pdf.
[114]GRUB TCG Patch to support Trusted Boot. http://trousers.sourceforge.net/grub.html.
[115]Shi E, Perrig A, Doom L V. BIND:A Fine-grained Attestation Service for Secure Distributed Systems[J]. IEEE Symposium on Security and Privacy,2005:154-168.
[116]Zhiqiang Zhu, Mingdi Xu, Huanguo Zhang. Research on Secure and Reconfigurable Architecture Based on a Fixed-Point DSP [A]. In:The 8th IEEE Interntional Conference on Dependable, Autonomic and Secure Computing[C]. Chengdu, China,2009:12-14.
[117]TCG Specification TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I). Revision 1,2005.7.
[118]TCG Specification TCG Infrastructure Working Group Core Integrity Schema Specification. Revision 1.0,2006.11.
[119]TCG Specification TCG Infrastructure Working Group Verification Result Schema. Revision 1.00,2007.5.
[120]TCG Specification TCG Infrastructure Working Group Simple Object Schema Specification. Revision 1.0,2006.11.
[121]TCG Specification TCG Infrastructure Working Group Integrity Report Schema Specification. Revision 1.0,2006.11.
[122]TCG Specification TCG Infrastructure Working Group Security Qualities Schema. Revision 7, 2007.5.
[123]TCG Specification TCG Infrastructure Working Group Reference Manifest Schema Specification. Revision 1.0,2006.11.
[124]Nibaldi G H. Specification of a Trusted Computing Base[S]. M79-228.The MITRE Corporation, Bedford, MA, USA,1979.
[125]Zhiqiang Zhu, Mingdi Xu, Huanguo Zhang. Research and Implement of Secure Bootstrap for Virtual Machine Based on Trusted Computing Platfonn[A]. In:The 8th IEEE Interntional Conference on Dependable, Autonomic and Secure Computing[C]. Chengdu, China,2009: 127-131.