详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
     1.通过对平台完整性度量和保护方法进行全面的分析,明确提出了动态完整性保护应该建立在安全策略上的思想,为当前无法依赖于动态完整性度量方法保证系统动态完整性的局面提供了一种重要的思路。为此,基于无干扰概念提出了一种非传递无干扰可信模型,并据此提出了一种动态完整性保护模型即BIBA-BLP强制访问控制模型来实施可信云计算平台组件间的信息流控制。在此基础上,借鉴PRIMA架构的信任链构建方法,构建了一套可信云计算平台完整性保护框架,即静态完整性保护框架和动态完整性保护框架,既保证了平台启动时的静态完整性,同时又确保了平台运行时的动态完整性。在构建静态完整性保护框架时,在现有硬件和软件环境下,采用SRTM技术和DRTM技术,分别提出了一种基于TrustedGRUB和TBoot(Trusted Boot)的可信启动架构,实现了平台特权虚拟域Dom0静态信任链和动态信任链的扩展,然后在此基础上再构建出了用户虚拟域的可信启动信任链。而在构建动态完整性保护框架时,根据系统可信判断条件着重从动态完整性保护框架中可信通道的3个方面的安全要求进行了实现,包括可信通道中组件的完整性保护、虚拟域之间的访问控制以及虚拟域敏感数据的安全存储与访问。在实现可信通道组件完整性保护时,通过PTEs(Page Table Entities)的监控,保证了信道中不安全组件的动态完整性;在实现虚拟域之间的访问控制时,采用BIBA-BLP多级安全策略进行信息流控制,保证了所有虚拟域的有效隔离;而在实现虚拟域敏感数据的安全存储与访问时,采用本文提出的OOAP授权协议,确保了对受保护对象的访问都是经过授权的,并防止了现有授权协议的已知安全漏洞。上述3方面的实现满足了非传递无干扰可信的要求,达到了平台运行时可信的目标。
Cloud computing is a new computing service pattern. It is rapidly developing inindustries for its advantages such as convenience, economy, high extensibility, and etc.Customers can outsource their computations and data to cloud providers. It greatly cuts downcustomers' cost on computations and storages. However, it also means the customers get outof control of their computations and data. So cloud computing security is a vital problem thatwill affect its development. In this thesis, we proposed a secure, efficient and multipurposetrusted cloud computing platform (TCCP) based on trusted computing base (TCB) from theviewpoint of cloud infrastructure security. For this purpose, we combined trusted computingtechnologies with virtual machine technologies. We researched on the TCCP from4aspects.They were security architecture, integrity measurement and protection, remote attestation, andunified identity authentication to customers. The main contributions of this thesis are listed asfollows.
     1. By rounded analyses of the methods of integrity measurement and protection, weclearly presented a thought that it should be based on security policies to achieve a dynamicintegrity protection, which provided an important idea for the current situation unable toensure the dynamic integrity of a system depending on dynamic integrity measurements.Hence, we proposed an intransitive noninterference trusted model. And then, based on it, weproposed a dynamic integrity protection model named BIBA-BLP mandatory access controlmodel to enforce information flow control between components on the TCCP. Based on theBIBA-BLP model, we proposed a suit of integrity protection frameworks used for the staticand dynamic integrity protection, referring to the method of constructing trusted chains inPRIMA. They ensured the integrity of the TCCP at boot time and runtime. For the staticintegrity protection framework, we separately proposed two trusted boot frameworks based onTrustedGRUB and TBoot (Trusted Boot), adopting SRTM and DRTM technologies underexisting hardware and software environments. They were used to do the extensions of staticand dynamic trusted chains for the privileged domain Dom0. In succession, we constructed atrusted chain for the user domain DomU. And then, for the dynamic integrity protectionframework, we implemented it mainly from3security demands of the trusted channel in it according to trusted decision conditions, including the integrity protection of components inthe trusted channel, the access control between domains, and the security storage and accessto sensitive data in domains. As for the first, we implemented it by monitoring PTEs (PageTable Entities), which ensured the dynamic integrity of insecure components in the channel.As for the second, we implemented it by adopting the multilevel security policies ofBIBA-BLP model to enforce the information flow control, which ensured the efficientseparation from domains each other. And as for the third, we implemented it by adopting anovel authorization protocol called OOAP protocol proposed in this thesis, which ensured thelegal access to all protected objects and avoided the known security leak in existingauthorization protocols. The above3implementations satisfied the trusted decision conditionsof the intransitive noninterference trusted model, and ensure the TCCP be trusted at runtime.
     2. Based on trusted computing technologies and a property-based signature mechanism,we proposed an elegant, secure, efficient and anonymous remote attestation protocol toTCCPs, namely, the RAA-CCP protocol. There was a need for neither bilinear parings norproperty certificates nor AIK certificates in the protocol, which greatly simplified thecertificate managements. It concurrently achieved the identity attestation and integrity stateattestation to computing nodes. Analyses and experiments show the protocol satisfies theproperties of non-forgeability, anonymity of platform identity, protection of configurationprivacy and resistance to collusion, and has fine performance even under the strong security.It well satisfies the security and performance demands of remote attestation in cloudsurroundings. Then, based on it, we proposed a protocol of remote attestation to user domainsand a vTPM migration protocol. The remote attestation protocol attested to the physical noderunning it as well as the user domain itself. And the vTPM migration protocol required thedestination platform to at least satisfy the same security properties as ones of the sourceplatform, and then allowed the vTPM instance to be migrated by encryption. This ensured thesecurity of the migration process and the destination platform.
     3. Based on the PGP trust model and the RAA-CCP protocol, we proposed an elegant,secure and scalable scheme for unified identity authentications to cloud users. The scheme iscapable to provide a strong identity authentication for all cloud services and easily achieveSingle Sign-On (SSO) by the form of a middleware. In the scheme, user managements were combined with public-key managements through the PGP model, which was very flexible forthe increase of cloud users and avoided the exhaustive certificate managements in traditionalPKI. And based on the RAA-CCP protocol, the scheme implemented an allianceauthentication without centers, which made a cross-domain authentication no longer process across-certification between CAs, and avoided massive computations when building certificatepaths and verifying the validity of certificate chains. And so it greatly raised the efficiency ofalliance authentications. Analyses show the scheme satisfies the properties of easiness,security, and universality. In addition, the scheme will be more efficient if the data inpublic-key rings keep synchronal, and at this time, the balance of loads on authenticationservers will be automatically achieved. The scheme well satisfies the demands of identityauthentications in cloud surroundings.
     In short, we set up truly trusted cloud computing surroundings through combiningtrusted computing technologies with virtual machine technologies to build TCCPs, whichensures that cloud users are indeed able to enjoy the cloud computing. The achievements inthis thesis not only promote the researches on cloud computing security, but also provide areference for the work based on trusted computing.
[1] Foster I., Zhao Y., Raicu I., et al. Cloud computing and grid computing360-degreecompared[A]. Proc. of Grid Computing Environments Workshop[C]. Piscataway: IEEEComputer Society,2008
    [3] Amazon Inc. Amazon web services customer agreement [EB/OL].http://aws.amazon.com/agreement/#7,2009.10.1
    [4] Ristenpart T., Tromer E., Shacham H., et al. Hey, you, get off of my cloud: Exploringinformation leakage in third-party compute clouds[A]. Proc. of the ACM Conference onComputer and Communications Security[C]. New York: ACM Press,2009:199-212
    [5] Youseff L., Butrico M., Da Silva D.. Toward a unified ontology of cloud computing[A].Proc. of Grid Computing Environments Workshop[C]. Piscataway: IEEE ComputerSociety,2008
    [6] Wikipedia. Cloud computing[EB/OL]. http://en.wikipedia.org/wiki/Cloud_computing,2011
    [7] Mather T., Kumaraswamy S., Latif S.. Cloud Security and Privacy[M]. USA: O’ReillyMedia,2009
    [8] Popovi K., Hocenski Z.. Cloud computing security issues and challenges[A]. Proc. ofthe33rd International Convention on Information and Communication Technology,Electronics and Microelectronics[C]. New York: IEEE Inc.,2010:344-349
    [9] Catteddu D., Hogben G. Cloud computing: Benefits, risks and recommendations forinformation security[R]. Europe: European Network and Information Security Agency(ENISA),2009
    [10]Brunette G., Mogull R.. Security guidance for critical areas of focus in cloud computingv2.1[R]. Cloud Security Alliance (CSA),2009
    [11]Hubbard D., Sutton M.. Top threats to cloud computing v1.0[R]. Cloud Security Alliance(CSA),2010
    [12]Curry S., Darbyshire J., Fisher D.W., et al. Infrastructure security: Getting to the bottomof compliance in the cloud [R]. USA: RSA Security Brief,2010
    [16]Secunia. Secunia Advisory SA37081[EB/OL]. http://secunia.com/advisories/37081/,2009
    [17]Secunia. Secunia Advisory SA36389[EB/OL]. http://secunia.com/advisories/36389/,2009
    [18]Tavis O.. An empirical study into the security exposure to hosts of hostile virtualizedenvironments[R]. USA: Google,2010
    [19]Kortchinsky, Kostya.[EB/OL]. http://www.immunityinc.com/documentation/cloudburst-vista.html,2011
    [20]King S.T., Chen P.M., Wang Yi-Min, et al. Sub Virt: Implementing malware with virtualmachines[A]. Proc. of the2006IEEE Symposium on Security and Privacy[C].Piscataway: IEEE Computer Society,2006:314-327
    [21]Brandic I., Dustdar S., Anstett T., et al. Compliant Cloud Computing (C3): Architectureand language support for user-driven compliance management in clouds[A]. Proc. of the3rd IEEE International Conference on Cloud Computing[C]. Piscataway: IEEEComputer Society,2010:244-251
    [22]Kandukuri B.R., Ramakrishna P.V., Rakshit A.. Cloud security issues[A]. Proc. of the2009IEEE International Conference on Services Computing[C]. Piscataway: IEEEComputer Society,2009:517-520
    [23]De Chaves S.A., Westphall C.B., Lamin F.R.. SLA perspective in security managementfor cloud computing[A]. Proc. of the6th International Conference on Networking andServices[C]. Piscataway: IEEE Computer Society,2010:212-217
    [24]Gentry C.. A fully homorphic encryption scheme[D]. California: Stanford University,2009
    [25]Sadeghi A.R., Schneider T., Winandy M.. Token-based cloud computing: Secureoutsourcing of data and arbitrary computations with lower latency[A]. LNCS6101: Proc.of the3rd International Conference on Trust and Trustworthy Computing[G]. Heidelberg:Springer-Verlag,2010:417-429
    [26]Jensen M., Sch ge S., Schwenk J.. Towards an anonymous access control andaccountability scheme for cloud computing[A]. Proc. of the3rd International Conferenceon Cloud Computing[C]. Piscataway: IEEE Computer Society,2010:540-541
    [27]Itani W., Kayssi A., Chehab A.. Privacy as a service: Privacy-aware data storage andprocessing in cloud computing architectures [A]. Proc. of the8th IEEE InternationalSymposium on Dependable, Autonomic and Secure Computing[C]. Piscataway: IEEEComputer Society,2009:711-716
    [28]Echeverria V., Liebrock L.M., Shin D.. Permission management system: Permission as aservice in cloud computing[A]. Proc. of the34th Annual IEEE International ComputerSoftware and Applications Conference Workshops[C]. Piscataway: IEEE ComputerSociety,2010:371-375
    [29]Kirch J.. Virtual machine security guidelines[R]. The Center for Internet Security,2007
    [30]Seitz L., Pierson J., Brunie L.. Key management for encrypted data storage in distributedsystems[A]. Proc. of the2th IEEE International Security in Storage Workshop[C].Piscataway: IEEE Computer Society,2003:20-31
    [31]Huang Jian-Zhong, Xie Chang-Sheng, Cai Bin. Research and implement of an encryptedfile system used to NAS[A]. Proc. of the2th IEEE International Security in StorageWorkshop[C]. Piscataway: IEEE Computer Society,2003:73
    [32]Roy I., Setty S.T.V., Kilzer A., et al. Airavat: Security and privacy for MapReduce[A].Proc. of the7th USENIX Symposium on Networked Systems Design andImplementation[C]. Berkeley: USENIX Association,2010:297-312
    [33]Mowbray M., Pearson S.. A client-based privacy manager for cloud computing[A]. Proc.of the4th International ICST Conference on Communication System Software andMiddleware[C]. New York: ACM,2009:5
    [34]Pearson S., Shen Y., Mowbray M.. A privacy manager for cloud computing[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G]. Heidelberg:Springer-Verlag,2009:90-106
    [35]Muntés-Mulero V., Nin J.. Privacy and anonymization for very large datasets[A]. Proc. ofthe18th ACM International Conference on Information and Knowledge Management[C].NewYork: ACM Press,2009:2117-2118
    [36]Raykova M., Vo B., Bellovin S.M., et al. Secure anonymous database search[A]. Proc. ofthe2009ACM Workshop on Cloud Computing Security, Co-Located with the16th ACMComputer and Communications Security Conference[C]. New York: ACM,2009:115-126
    [37]Juels A., Kaliski Jr B.S.. PORs: Proofs of retrievability for large files[A]. Proc. of the14th ACM Conference on Computer and Communications Security[C]. New York: ACM,2007:584597
    [38]Ateniese G., Burns R., Curtmola R., et al. Provable data possession at untrusted stores[A].Proc. of the14th ACM Conference on Computer and Communications Security[C]. NewYork: ACM,2007:598-609
    [39]Ateniese G., Pietro R.D., Mancini L.V., et al. Scalable and efficient provable datapossession[A]. Proc. of the4th International Conference on Security and Privacy inCommunication Networks[C]. New York: ACM,2008
    [40]Shacham H., Waters B.. Compact proofs of retrievability[A]. LNCS5350: Proc. of the14th International Conference on the Theory and Application of Cryptology andInformation Security[G]. Heidelberg: Springer-Verlag,2008:90-107
    [41]Bowers K.D., Juels A., Oprea A.. Proofs of retrievability: Theory and implementation[A].Proc. of the2009ACM Workshop on Cloud Computing Security, Co-located with the16th ACM Computer and Communications Security Conference[C]. New York: ACM,2009:43-53
    [42]Zeng Ke. Publicly verifiable remote data integrity[A]. LNCS5308: Proc. of the10thInternational Conference on Information and Communications Security[G]. Heidelberg:Springer-Verlag,2008:419-434
    [43]Wang Qian, Wang Cong, Li Jin, et al. Enabling public verifiability and data dynamics forstorage security in cloud computing[A]. LNCS5789: Proc. of the14th EuropeanSymposium on Research in Computer Security[G]. Heidelberg: Springer-Verlag,2009:355-370
    [44]Schwarz T.S.J., Miller E.L. Store, forget, and check: Using algebraic signatures to checkremotely administered storage[A]. Proc. of the26th IEEE International Conference onDistributed Computing Systems[C]. Piscataway: IEEE Computer Society,2006.12-12
    [45]Carter J.L., Wegman M.N.. Universal classes of hash functions[J]. Journal of Computerand System Sciences,1979,18(2):143-154
    [46]Wegman M.N., Carter J.L. New classes and applications of hash functions[A]. Proc. ofthe Annual Symposium on Foundations of Computer Science[C]. New York: IEEE Inc.,1979:175-182
    [47]Yun A., Shi Chun-Hui, Kim Y.. On protecting integrity and confidentiality ofcryptographic file system for outsourced storage[A]. Proc. of the2009ACM Workshopon Cloud Computing Security, Co-Located with the16th ACM Computer andCommunications Security Conference[C]. New York: ACM,2009:6775
    [48]Li Hong-Wei, Dai Yuan-Shun, Tian Ling, et al. Identity-based authentication for cloudcomputing[A]. LNCS5931: Proc. of the1st International Conference on CloudComputing[G], Heidelberg: Springer-Verlag,2009:157-166
    [49]Yan Liang, Rong Chun-Ming, Zhao Gan-Sen. Strengthen cloud computing security withfederal identity management using hierarchical identity-based cryptography[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G], Heidelberg:Springer-Verlag,2009:167-177
    [50]Crampton J., Martin K., Wild P.. On key assignment for hierarchical access control[A].Proc. of the19th IEEE Computer Security Foundations Workshop[C]. Piscataway: IEEEComputer Society,2006:98-111
    [51]Damiani E., De Vimercati S., Foresti S., et al. An experimental evaluation of multi-keystrategies for data outsourcing[A]. IFIP232: Proc. of the IFIP TC-1122nd InternationalInformation Security Conference[G]. Heidelberg: Springer-Verlag,2007.385396
    [52]Wang Wei-Chao, Li Zhi-Wei, Owens R., et al. Secure and efficient access to outsourceddata[A]. Proc. of the2009ACM Workshop on Cloud Computing Security, Co-Locatedwith the16th ACM Computer and Communications Security Conference[C]. New York:ACM,2009:55-65
    [53]Goyal V., Pandey O., Sahai A., et al. Attribute-based encryption for fine-grained accesscontrol of encrypted data[A]. Proc. of the13th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2006:89-98
    [54]Yu Shu-Cheng, Wang Cong, Ren Kui, et al. Achieving secure, scalable, and fine-graineddata access control in cloud computing[A]. Proc. of the29th IEEE Conference onInformation Communications[C]. Piscataway: IEEE Computer Society,2010:534-542
    [55]Malek B., Miri A.. Combining attribute-based and access systems[A]. Proc. of the12thIEEE International Conference on Computational Science and Engineering:2009IEEEInternational Conference on Privacy, Security, Risk, and Trust[C]. Piscataway: IEEEComputer Society,2009:305312
    [56]Ostrovsky R., Sahai A., Waters B.. Attribute-based encryption with non-monotonic accessstructures[A]. Proc. of the14th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2007.195-203
    [57]Bethencourt J., Sahai A., Waters B.. Ciphertext-policy attribute-based encryption[A].Proc. of the2007IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,2007:321-334
    [58]Roy S., Chuah M.. Secure data retrieval based on ciphertext policy attribute-basedencryption (CP-ABE) system for the DTNs[R]. Technical Report,2009
    [59]Ibraimi L., Petkovic M., Nikova S., et al. Ciphertext-policy attribute-based thresholddecryption with flexible delegation and revocation of user attributes[R]. Centre forTelematics and Information Technology, University of Twente,2009
    [60]Hu Luo-Kai, Ying Shi, Jia Xiang-Yang, et al. Towards an approach of semantic accesscontrol for cloud computing[C]. LNCS5931: Proc. of the1st International Conferenceon Cloud Computing[G], Heidelberg: Springer-Verlag,2009:145-156
    [61]Bonatti P., De Capitani di Vimercati S, Samarati P.. An algebra for composing accesscontrol policies[J]. ACM Transactions on Information and System Security (TISSEC),2002,5(1):1-35
    [62]Wijesekera D., Jajodia S.. A propositional policy algebra for access control[J]. ACMTransactions on Information and System Security (TISSEC),2003,6(2):286-325
    [63]Agarwal S., Sprick B.. Access control for semantic web services[A]. Proc. of the IEEEInternational Conference on Web Services[C]. IEEE,2004:770-773
    [64]Shafiq B., Joshi J.B.D., Bertino E., et al. Secure interoperation in a multidomainenvironment employing RBAC policies[J]. IEEE Transactions on Knowledge and DataEngineering,2005,17(11):1557-1577
    [65]Sailer R., Valdez E., Jaeger T., et al. sHyper: Secure Hypervisor Approach to TrustedVirtualized Systems[R]. Yorktown Heights, NewYork: IBM Thomas J. Watson ResearchCenter,2005
    [66]Murray D.G., Milos G., Hand S.. Improving Xen security through disaggregation[A]. Proc.of the4th International Conference on Virtual Execution Environments[C]. New York:ACM,2008:151-160
    [67]Azab A.M., Ning P., et al. HyperSentry: enabling stealthy in-context measurement ofhypervisor integrity[A]. Proc. of the17th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2010:38-49
    [68]Seshadri A., Luk M., Qu Ning, et al. SecVisor: A tiny hypervisor to provide lifetimekernel code integrity for commodity OSes[A]. Proc. of the21th ACM SIGOPSSymposium on Operating Systems Principles[C]. New York: ACM,2007:335-350
    [69]Wang Zhi, Jiang Xu-Xian, Cui Wei-Dong, et al. Countering kernel rootkits withlightweight hook protection[A]. Proc. of the16th ACM Conference Computer andCommunications Security[C]. New York: ACM,2009:545-554
    [70]Raj H., Nathuji R., Singh A., et al. Resource management for isolation enhanced cloudservices[A]. Proc. of the2009ACM Workshop on Cloud Computing Security,Co-Located with the16th ACM Computer and Communications Security Conference[C].New York: ACM,2009:77-84
    [71]Garfinkel T., Rosenblum M.. A virtual machine introspection based architecture forintrusion detection[A]. Proc. of the10th Annual Network and Distributed SystemsSecurity Symposium[C]. The Internet Society,2003:191-206
    [72]Payne B.D, Carbone M., Sharif M., et al. Lares: An architecture for secure activemonitoring using virtualization[A]. Proc. of the2008IEEE Symposiumon on Securityand Privacy[C]. New York: IEEE Inc.,2008:233-247
    [73]Sharif M.I., Lee W., Cui Wei-Dong, et al. Secure in-VM monitoring using hardwarevirtualizaiton[A]. Proc. of the16th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2009:477-487
    [74]Liu Qian, Weng Chuliang, Li Minglu, et al. An in-VM measuring framework forincreasing virtual machine security in clouds[J]. IEEE Security&Privacy,2010,8(6):56-62
    [75]Reimer D., Thomas A., Ammous G., et al. Opening black boxes: Using semanticinformation to combat virtual machine image sprawl[A]. Proc. of the4th InternationalConference on Virtual Execution Environments[C]. New York: ACM,2008:111-120
    [76]Wei Jin-Peng, Zhang Xiao-Lan, Ammons G., et al. Managing security of virtual machineimages in a cloud environment[A]. Proc. of the2009ACM Workshop on CloudComputing Security, Co-Located with the16th ACM Computer and CommunicationsSecurity Conference[C]. New York: ACM,2009:91-96
    [77]Pfaff B., Garfinkel T., Rosenblum M.. Virtualization aware file systems: Getting beyondthe limitations of virtual disks[A]. Proc. of the3rd Symposium on Networked SystemsDesign&Implementation[C]. Berkeley: USENIX Association,2006:353-366
    [78]Santos N., Gummadi K.P., Rodrigues R.. Towards trusted cloud computing[A]. Proc. ofthe2009Workshop on Hot Topics in Cloud Computing[C]. Berkeley: USENIXAssociation,2009:3
    [79]Mao Wen-Bo. Also talking about the cloud[EB/OL].http://blog.csdn.net/wenbomao/archive/2009/03/03/3952761.aspx,2009
    [80]Barham P., Dragovic B., Fraser K., et al. Xen and the art of virtualization[A]. Proc. of the19th ACM Symposium on Operating Systems Principles[C]. New York: ACM,2003:164-177
    [81]Wiki Community. PV on HVM[EB/OL]. http://wiki.xen.org/wiki/PV_on_HVM,2012
    [82]Common Criteria Project Sponsoring Organisation. Common criteria for informationtechnology security evaluation. ISO/IEC International Standard15408version2.1[S].Genevese: Common Criteria Project Sponsoring Organisation,1999
    [83]Avizienis A., Laprie J.C., Randell B., et al. Basic concepts and taxonomy of dependableand secure computing[J]. IEEE Transactions on Dependable and Secure Computing,2004,1(1):11-33
    [84]T.C.P.Alliance. TCPA design philosophies and concepts (version1.0)[EB/OL].https://www.trustedcomputinggroup.org,2001.01
    [85]Trusted Computing Group. TPM main specification (1.2Edition)[EB/OL].http://www.trustedcomputinggroup.org,2005.10
    [86]Nurmi D., Wolski R., Grzegorczyk C., et al. The eucalyptus open-sourcecloud-computing system[A]. Proc. of the9th IEEE/ACM International Symposium onCluster Computing and the Grid[C]. Piscataway: IEEE Computer Society,2009:124-131
    [89]Berger S., Cáceres R., Goldman K.A., et al. vTPM: Virtualizing the trusted platformmodule[A]. Proc. of the15th USENIX Security Symposium[C]. Berkeley: USENIXAssociation,2006:305-320
    [90]Selhorst M., Stüble C.. TrustedGRUB web site[EB/OL].http://projects.sirrix.com/trac/trustedgrub,2009.12
    [91]GRUB-IMA[EB/OL]. http://sourceforge.jp/projects/openpts/wiki/GRUB-IMA
    [92]Kauer B.. Authenticated booting for L4[EB/OL].http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf,2004
    [93]Marchesini J., Smith S., Wild O., et al. Experimenting with TCPA/TCG hardware, or:How I learned to stop worrying and love the bear, Computer Science Technical ReportTR2003-476[R]. Dartmouth College,2003.12
    [94]Microsoft. Secure startup-Full volume encryption: Technical overview[EB/OL].http://www.microsoft.com/whdc/system/platform/pcdesign/secure-start_tech.mspx,2005.4
    [95]Arbaugh, W.A., Farber, D.J., Smith J.M.. A secure and reliable bootstrap architecture[A].Proc. of the1997IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,1997.5:65-71
    [96]Sailer R., Zhang X., Jaeger T., et al. Design and Implementation of a TCG-based IntegrityMeasurement Architecture[A]. Proc. of the13th USENIX Security Symposium[C].Berkeley: USENIX Association,2004:223-238
    [97]England P., Lampson B., Manferdelli J., et al. A trusted open platform[J]. Computer,2003,36(7):55-62
    [98]Chang X., Xing B., Liu J., et al. LWRM: A lightweight response mechanism for TCGTOCTOU attack[A]. Proc. of the28th International Conference on PerformanceComputing and Communications[C]. Piscataway: IEEE Computer Society,2009:200-207
    [99]Shi E., Perrig A., Van Doorn L.. Bind: A fine-grained attestation service for securedistributed systems[A]. Proc. of the2005IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2005:154-168
    [100] Kauer B.. OSLO: Improving the security of trusted computing[A]. Proc. of the16thUSENIX security symposium[C]. Berkeley: USENIX Association,2007:6-10
    [101] Trusted Boot web site[CP/OL]. http://sourceforge.net/projects/tboot/
    [102] McCune J.M., Parno B.J., Perrig A., et al. Flicker: An execution infrastructure forTCB minimization[C].Proc.of the3rd ACM SIGOPS Symposium on Operating SystemsReview. New York: ACM,2008:315-328
    [103] McCune J.M., Li Y., Qu N., et al. TrustVisor: Efficient TCB reduction andattestation[A]. Proc. of the2010IEEE Symposium on Security and Privacy[C]. NewYork: IEEE Inc.,2010:143-158
    [104] Jaeger T., Sailer R., Shankar U.. PRIMA: policy-reduced integrity measurementarchitecture[A]. Proc. of the11th ACM symposium on Access control models andtechnologies[C]. New York: ACM,2006:19-28
    [105] Loscocco P.A., Wilson P.W., Pendergrass J.A., et al. Linux kernel integritymeasurement using contextual inspection[A]. Proc. of the2007ACM workshop onScalable trusted computing[C]. New York:ACM,2007:21-29
    [106] Thober M., Pendergrass J.A., McDonell C.D.. Improving coherency of runtimeintegrity measurement[A]. Proc. of the3rd ACM workshop on Scalable trustedcomputing[C]. New York:ACM,2008:51-60
    [107] Davi L., Sadeghi A.R., Winandy M.. Dynamic integrity measurement and attestation:towards defense against return-oriented programming attacks[A]. Proc. of the2009ACMworkshop on Scalable trusted computing[C]. New York:ACM,2009:49-54
    [108] Kil C., Sezer E.C., Azab A.M., et al. Remote attestation to dynamic system properties:Towards providing complete system integrity evidence[A]. Proc. of the2009IEEE/IFIPInternational Conference on Dependable Systems&Networks[C]. Piscataway: IEEEComputer Society,2009:115-124
    [109] Datta A., Franklin J., Garg D., et al. A logic of secure systems and its application totrusted computing[A]. Proc. of the2009IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2009:221-236
    [114]李晓勇,韩臻,沈昌祥. Windows环境下信任链传递及其性能分析[J].计算机研究与发展,2007,44(11):1889-1895
    [115] Peng Guo-Jun, Pan Xuan-Chen, Fu Jian-Ming, et al. Static extracting method ofsoftware intended behavior based on API functions invoking[J]. Wuhan UniversityJournal of Natural Sciences,2008,13(5):615-620
    [116] Peng Guo-Jun, Pan Xuan-Chen, Zhang Huan-Guo, et al. Dynamic trustinessauthentication framework based on software’s behavior integrity[A]. Proc. of the9thInternational Conference for Young Computer Scientists[C]. Piscataway: IEEE ComputerSociety,2008:2283-2288
    [120] Ryan P.Y.A., Schneider S.A.. Process algebra and non-interference[J]. Journal ofComputer Security,2001,9(1):75-103
    [121]张相锋,孙玉芳. Biba模型中严格完整性政策的动态实施.计算机研究与发展.2005,42(5):746-754
    [126] Zhang Xing,Zhang Xiao-Fei,Shen Chang-Xiang. A new authorization protocol fortrusted computing[A]. Proc. of1st International Symposium on Data,Privacy andE-Commerce[C]. Piscataway: IEEE Computer Society,2007:185-190
    [129] Sadeghi A.R., Stuble C.. Property-based attestation for computing platforms: Caringabout properties, not mechanisms[A]. Proc. of the2004Workshop on New SecurityParadigms[C]. New York: ACM,2004:67-77
    [130] Rivest R.L., Shamir A., Tauman Y.. How to leak a secret[A]. LNCS2248: AsiaCrypt2001[G]. Heidelberg: Springer-Verlag,2001:552-565
    [131] Feng Deng-Guo, Qin Yu. A property-based attestation protocol for TCM[J]. Sciencein China: Series F Information Sciences,2010,53(3):454-464
    [132] Brickell E., Camenisch J., Chen Li-Qun. Direct anonymous attestation[EB/OL].http://eprini.iacr.org/2004/205,2004.10
    [134] Chen Li-Qun, L hr H., Manulis M., et al. Property-based attestation without a trustedthird party[A]. Proc. of the11th International Conference on Information Security[C].Heidelberg: Springer-Verlag,2008:31-46
    [135] Brickell E., Chen Li-Qun, Li Jiang-Tao. A new direct anonymous attestation schemefrom bilinear maps[A]. LNCS4968:Trusted Computing-Challenges and Applications[G].Heidelberg: Springer-Verlag,2008:166-178
    [136] Chen Li-Qun, Page D., Smart N.P. On the design and implementation of an efficientDAA scheme[A]. Proc. of the9th IFIP Conference on Smart Card Research andAdvanced Application[C]. Heidelberg: Springer-Verlag,2010:223-237
    [137] Brickell E., Li Jiang-Tao. A pairing-based DAA scheme further reducing TPMresources[A]. Proc. of the3rd International Conference on Trust and TrustworthyComputing[C]. Heidelberg: Springer-Verlag,2010:181-195
    [138] Chen Li-Qun. A DAA scheme requiring less TPM resources[A]. Proc. of the5thInternational Conference on Information Security and Cryptology[C]. Heidelberg:Springer-Verlag,2011:350-365
    [139] Haldar V., Chandra D., Franz M.. Semantic remote attestation: A virtual machinedirected approach to trusted computing[A]. Proc. of the3rd virtual machine research andtechnology symposium[C]. Berkeley: USENIX Association,2004:29-41
    [141] Kühn U., Selhorst M., Stüble C.. Realizing property-based attestation and sealingwith commonly available hard-and software[A]. Proc. of the2007ACM workshop onScalable Trusted Computing[C]. New York: ACM,2007:50-57
    [143] Wang Wen-Qiang, Chen Shao-Zhen. An Efficient Attribute-Based Ring SignatureScheme[A]. Proc of the2009International Forum on Computer Science-Technology andApplications[C]. Piscataway: IEEE Computer Society,2009:147-150
    [145] Hu Lei. Compression of Tate pairings on elliptic curves[J]. Journal ofSoftware,2007,18(7):17991805
    [146] Lynn B.. On the implementation of pairing-based cryptosystems[D]. Stanford:Stanford University,2007
    [147] Lynn B.. The pairing-based cryptography library [EB/OL].http://crypto.stanford.edu/pbc/times.html,2006
    [148] Berger S., Kenneth, Sailer R.. vTPM: virtualizing the trusted platformmodule[EB/OL]. http://www.citeseer.ist.psu.edu,2007
    [149] Sampath R., Goel D.. RATING: Rigorous assessment of trust in identitymanagement[A]. Proc. of the1st International Conference on Availability, Reliability andSecurity[C]. Piscataway: IEEE Computer Society,2006:10-19
    [150] Choi D., Jin S.H., Yoon H.. Trust management for user-centric identity managementon the internet[A]. Proc. of the2007IEEE International Symposium on ConsumerElectronics[C]. Piscataway: IEEE Computer Society,2007:1-4
    [151] J sang A., Fabre J., Hay B., et al. Trust requirements in identity management[A].Proc. of the2005Australasian Workshop on Grid Computing and E-Research-Volume44[C]. Australian Computer Society, Inc.,2005:99-108
    [152] Mizuno S., Yamada K., Takahashi K.. Authentication using multiple communicationchannels[A]. Proc. of the2005workshop on Digital Identity Management[C]. New York:ACM Press,2005:54-62
    [153] J sang A., Zomai M.A., Suriadi S.. Usability and privacy in identity managementarchitectures[A]. Proc. of the5th Australasian Symposium on ACSW Frontiers-Volume68[C]. Australian Computer Society, Inc.,2007:143-152
    [154] Madsen P., Koga Y., Takahashi K.. Federated identity management for protectingusers from ID theft[A]. Proc. of the2005Workshop on Digital Identity Management[C].New York: ACM,2005:77-83
    [155] Bhargav-Spantzel A., Squicciarini A.C., Bertino E.. Establishing and protectingdigital identity in federation systems[J]. Journal of Computer Security,2006,14(3):269-300
    [156] Goodrich M.T., Tamassia R., Yao D.. Notarized federated ID management andauthentication[J]. Journal of Computer Security,2008,16(4):399-418
    [157] Hughes J., Cantor S., Hodges J., et al. Profiles for the OASIS Security AssertionMarkup Language (SAML) V2.0[R]. OASIS Stantard,2005
    [158] Lockhart H., Andersen S., Bohren J., et al. Web services federation language(WS-Federation) Version1.1[R]. Web Services Security Specification,2006
    [159] Hodges J., Watson T.. Liberty Architecture Overview[R]. Liberty Alliance Project,2003
    [160] Recordon D., Reed D.. OpenID2.0: a platform for user-centric identitymanagement[A]. Proc. of the2nd ACM Workshop on Digital Identity Management[C].New York: ACM,2006:11-16
    [161] van Delft B., Oostdijk M.. A security analysis of OpenID[A].IFIP343: Policies andResearch in Identity Management[G]. Heidelberg: Springer-Verlag,2010:73-84
    [162] William S.. Cryptography and Network Security: Principles and Practices (ThirdEdition)[M].北京:电子工业出版社,2004
    [163]罗东俊.一种面向Web Services的安全中间件[J].哈尔滨工业大学学报,2009,41(9):218-221
    [165] Adams C., Lloyd S.. Understanding PKI: concepts, standards, and deploymentconsiderations[M]. Addison-Wesley Professional,2003

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700