可信计算下的信任链传递模型研究
|
摘要
由于传统计算机在体系结构上设计的不足,使得如今的计算机明显缺乏对病毒、黑客和内部窃密者的抵抗能力,为了从根本上解决计算机系统存在的基础性安全缺陷,可信计算组织TCG推出了通过在底层硬件上加入安全芯片架构来提高系统安全的可信计算平台技术,其基本思想是在终端平台中首先建立一个信任根,再建立一条信任链,通过一级度量认证一级,一级信任一级的方式把信任关系扩大到整个平台,从而保证了终端的安全;因此,信任链是可信计算平台技术中的一项重要技术,它的存在确保了终端从开机到应用程序启动整个过程的安全可信。
终端平台上的信任链传递分为两个阶段:一个是从平台加电到操作系统启动前的过程,即系统引导阶段;另一个是从操作系统到应用程序过程。系统引导阶段,核心可信度量根CRTM和可信平台模块TPM是信任链传递的起点,但是加入TPM芯片的系统有时会因TPM被烧毁等的故障而使用户丢失一些重要的机密数据,违背了易用性的原则;在操作系统启动的第二阶段,经验证的合法内部用户仍然可以通过简单的人机交互泄露内部机密,破坏操作系统的可信性,且当可信传递到应用层时,为了保证应用层的可信,不仅要对所有待运行的应用程序的可执行文件进行度量,还要对应用程序加载的动态共享库、配置文件等所有可能影响应用程序可信性的组件进行度量,由此带来的时间开销降低了系统运行效率,因此设计一种更加合理高效的信任链传递模型具有重要的意义。
论文围绕信任链传递模型展开研究,在分析和总结前人工作的基础上,主要进行了以下几个方面的工作:
1)综述了现有信任链传递技术的研究现状及优缺点;提出了改进的系统引导阶段的信任链传递模型,并对模型进行了形式化验证,主要创新点是提出了基于USB KEY和BIOS的TPM故障解决方案;
2)为了防止已通过身份验证的合法用户破坏操作系统环境的可信性,提出了一种基于用户提交的访问意图和层次分析法的内部用户行为监管方案,并利用Matlab对方案进行了仿真,实验表明方案可以提高识别的准确性,克服难以对内部用户行为进行定量分析的缺点;
3)为了保证操作系统到应用层的安全可信,实现对未授权程序的主动防御,降低系统完整性度量过程中的时间开销,论文利用LSM机制、白名单以及虚拟化技术提出了应用层并行的主动防御信任链传递模型;对模型进行了形式化验证,并利用Cent OS Linux、VMware Workstation、TPM Emulator等软件对模型进行了初步的原型实现。
Because of the design deficiencies in the computers' architecture, the computers can not prevent virus, hackers and insider thieves. In order to solve the insecurity of computers fundamentally, trusted computing group begins to carry out trusted computing platform technology through the way of adding the safe chip. The basic idea of the trusted computing platform is firstly built a root of trust, and then a trusted chain, and in the manner of one level measures another and trusts another to extend the trust relation to the whole computer system which insures the trust of the computer. The chain of trust is an important technology of the trusted computing which ensures the creditability and the safety of the computers.
The chain of trust can be divided into two processes:one is the process that from the boot of the platform to the starting of the operating system, the other is from the operating system to the applications starting. In system boot phase, TPM and CRTM play the key role, but the system added TPM can cause the users lose some important cryptographic information which goes against the principle of easy to use. Meantime, when the operating system is started, the users who have already passed the validation can still break the creditability of the system through the way of human-computer interaction, and the present manner can brings extra overhead time, especially when the trusted chain transfers to the application layer because to ensure the safety of the application layer, not only the application program should be measured, but also the dynamic shared library and configuration file and so on that the program loads which brings extra overhead time and pulls down the runtime efficiency of the system. Thus, it is important to design a more reasonable and efficient model of trust chain.
This thesis carries out a series of researches about the model of trust chain, and the main tasks are summarized as follows:
1) Introducing the current situation of chain of trust, analyzing the advantages and disadvantages of them. Improving the existing solution of the chain of trust form boot-trap to the loading of the operating system and bringing forward the chain of trust model of the system boot phase. Besides, the innovation of the thesis is the proposing of the solution of secure solution based on USB KEY and BIOS under TPM fault.
2) In order to prevent the users to break the trustiness of the operating system who have already passed the verified, a solution of monitoring the users' behavior has been brought forward, at the same time, simulation has been taken to prove that the solution can improve the accuracy and overcome the disadvantage that analysis can't be done to the insider users.
3) Combining the virtualization technology, white lists and LSM technology to bring forward parallel and active defense model of the chain of trust in order to prevent the programs that are not in the list which realizes the active defense, reduce the time spending in the process of measurement. Formal verification is given to the model and basic prototype implementation is carried out with software such as Cent OS Linux, VMware Workstation, and TPM Emulator.
终端平台上的信任链传递分为两个阶段:一个是从平台加电到操作系统启动前的过程,即系统引导阶段;另一个是从操作系统到应用程序过程。系统引导阶段,核心可信度量根CRTM和可信平台模块TPM是信任链传递的起点,但是加入TPM芯片的系统有时会因TPM被烧毁等的故障而使用户丢失一些重要的机密数据,违背了易用性的原则;在操作系统启动的第二阶段,经验证的合法内部用户仍然可以通过简单的人机交互泄露内部机密,破坏操作系统的可信性,且当可信传递到应用层时,为了保证应用层的可信,不仅要对所有待运行的应用程序的可执行文件进行度量,还要对应用程序加载的动态共享库、配置文件等所有可能影响应用程序可信性的组件进行度量,由此带来的时间开销降低了系统运行效率,因此设计一种更加合理高效的信任链传递模型具有重要的意义。
论文围绕信任链传递模型展开研究,在分析和总结前人工作的基础上,主要进行了以下几个方面的工作:
1)综述了现有信任链传递技术的研究现状及优缺点;提出了改进的系统引导阶段的信任链传递模型,并对模型进行了形式化验证,主要创新点是提出了基于USB KEY和BIOS的TPM故障解决方案;
2)为了防止已通过身份验证的合法用户破坏操作系统环境的可信性,提出了一种基于用户提交的访问意图和层次分析法的内部用户行为监管方案,并利用Matlab对方案进行了仿真,实验表明方案可以提高识别的准确性,克服难以对内部用户行为进行定量分析的缺点;
3)为了保证操作系统到应用层的安全可信,实现对未授权程序的主动防御,降低系统完整性度量过程中的时间开销,论文利用LSM机制、白名单以及虚拟化技术提出了应用层并行的主动防御信任链传递模型;对模型进行了形式化验证,并利用Cent OS Linux、VMware Workstation、TPM Emulator等软件对模型进行了初步的原型实现。
Because of the design deficiencies in the computers' architecture, the computers can not prevent virus, hackers and insider thieves. In order to solve the insecurity of computers fundamentally, trusted computing group begins to carry out trusted computing platform technology through the way of adding the safe chip. The basic idea of the trusted computing platform is firstly built a root of trust, and then a trusted chain, and in the manner of one level measures another and trusts another to extend the trust relation to the whole computer system which insures the trust of the computer. The chain of trust is an important technology of the trusted computing which ensures the creditability and the safety of the computers.
The chain of trust can be divided into two processes:one is the process that from the boot of the platform to the starting of the operating system, the other is from the operating system to the applications starting. In system boot phase, TPM and CRTM play the key role, but the system added TPM can cause the users lose some important cryptographic information which goes against the principle of easy to use. Meantime, when the operating system is started, the users who have already passed the validation can still break the creditability of the system through the way of human-computer interaction, and the present manner can brings extra overhead time, especially when the trusted chain transfers to the application layer because to ensure the safety of the application layer, not only the application program should be measured, but also the dynamic shared library and configuration file and so on that the program loads which brings extra overhead time and pulls down the runtime efficiency of the system. Thus, it is important to design a more reasonable and efficient model of trust chain.
This thesis carries out a series of researches about the model of trust chain, and the main tasks are summarized as follows:
1) Introducing the current situation of chain of trust, analyzing the advantages and disadvantages of them. Improving the existing solution of the chain of trust form boot-trap to the loading of the operating system and bringing forward the chain of trust model of the system boot phase. Besides, the innovation of the thesis is the proposing of the solution of secure solution based on USB KEY and BIOS under TPM fault.
2) In order to prevent the users to break the trustiness of the operating system who have already passed the verified, a solution of monitoring the users' behavior has been brought forward, at the same time, simulation has been taken to prove that the solution can improve the accuracy and overcome the disadvantage that analysis can't be done to the insider users.
3) Combining the virtualization technology, white lists and LSM technology to bring forward parallel and active defense model of the chain of trust in order to prevent the programs that are not in the list which realizes the active defense, reduce the time spending in the process of measurement. Formal verification is given to the model and basic prototype implementation is carried out with software such as Cent OS Linux, VMware Workstation, and TPM Emulator.
引文
[1]TCG. TCG Specification Architecture Overview [EB/OL].2005.http://www.trus ted computinggroup.org.
[2]张焕国,罗捷,金刚.可信计算研究进展[J].武汉大学学报理学版.2006,52(5):513-518.
[3]沈昌祥,张焕国,冯登国.信息安全综述[J].中国科学.2006,37(2):129-132.
[4]TCG. TPM Main Part1 Design Principles Specification Versionl.2 [EB/OL].2006. https://www.Trustedcomputinggroup.org.
[5]TCG. TPM Main Part 2 TPM Structures Specification Version1.2[EB/OL].2006. https://www.Trustedcomputinggroup.org.
[6]TCG.TPM Main Part 3 Commands Specification Version1.2[EB/OL].2006. https://www.Trustedcomputing group.org.
[7]谭良,徐志伟.基于可信计算平台的信任链传递研究进展[J].计算机科学.2008,35(10):267-269.
[8]叶波,陈克非.可信Linux关键组件验证方案的研究[J].计算机工程.2006,32(22):478-482.
[9]谭良,周明天.基于行为树的内部用户行为监管[J].计算机科学.2007,34(9):277-281.
[10]Arbaugh WA. Farbert DJ. Smith JM. A Secure and Reliable Bootstrap Architecture[C]. In:Proceedings of the IEEE Symposium on Security and Privacy. 1997,34(6):189-192.
[11]Applied Data Security Group. Trusted Grub, http://www.prosec.rub.de/trusted_grub.html.
[12]Demetrios Lambrou. TCPA enabled Open Source platforms. Reiner Sailer, Xiaolan hang, Trent Jaeger etc.
[13]Reiner Sailer, Xiaolan Zhang, Trent Jaeger. IBM Research Report, Design and Implementation of a TCG-based Integrity Measurement Architecture.13th Usenix Security Symposium, San Diego, California, August 2004.
[14]Microsoft. Trusted Platform Module Services in Windows Lon2ghorn [EB/OL]. http://www. microsoft.com/resources/ngscb/.
[15]谭良,周明天.一种并行可复原可信启动过程的设计与实现[J].计算机科学.2007,34(10):56-58.
[16]赵佳,沈昌祥,刘吉强,韩臻.基于无干扰理论的可信链模型[J].计算机研究与发展.2008,45(6):76-79.
[17]石文昌,单智勇,梁彬,梁朝晖,董铭.细粒度信任链研究方法[J].计算科学.2008,35(9):34-37.
[18]The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation [S]. ISO.IEC 15408:1999(E),1999.
[19]Trusted Computing Group. TCG Specification Architecture Overview [EB/OL]. http://www. trustedcomputinggroup.org.
[20]Algridas A., Laprie J.C., Brian R., Carl L. Basic concepts and taxonomy of dependable and secure computing [J].IEEE Transactions on Dependable and Secure Computing.2004,1(1):98-101.
[21]Microsoft. Trusted Platform Module Services in Windows Longhorn [EB/OL]. 2005. http://www.microsoft.com/resources/ngscb.
[22]Intel Corporation. LaGrande Technology Architectural Overview [EB/OL].2004. http://www.intel.com/technology/security.
[23]徐拾义.可信计算系统设计和分析[M].北京:清华大学出版社,2006.
[24]Microsoft. Hardware Platform for the Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/documents/NGSCBhardware.doc
[25]Microsoft. Security Model for the Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.d oc.
[26]Trusted Computing Group. TPM Main Part 1 Design Principles version 1.2 [EB/ OL],2007. https://www. Trustedcomputinggroup.org.
[27]William Arbaugh, David J Farber, Jonathan M Smith1 A secure and reliable bootstrap architecture [C]. IEEE Computer Society Conf on Security and Privacy, Oakland,1997.
[28]Trusted Computing Group. TCG PC Specification Implementation Specification [EB/OL]. http//www.trustedcomputinggroup.org.
[29]黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版).2006,56(45):876-879.
[30]Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG2based integrity measurement architecture[C]. Proceedings of the 13th Usenix Security Symposium. California:Usenix,2004,47(7):223-238.
[31]Trusted Computing Group. TCG Infrastructure Working Group Architecture Part II-Integrity Management [EB/OL]. http://www. Trusted computing group.org.2006.
[32]Phoenix T L. System BIOS for IBM PCs, Compatibles, and EISA Computers,2nd [M].Addison Wesley,1991.
[33]谭良,徐志伟.基于可信计算平台的信任链传递模型研究[J].计算机科学.2008,35(10):89-93.
[34]Grimes R. At386 protected mode bootstrap loader./sys/i386/boot/biosboot /README. MACH[S]. October 1993.
[35]陈文钦.BIOS研发技术剖析[M].北京:清华大学出版社.2001,5(7):678-680.
[36]谭良,周明天.基于可信计算平台的可信引导过程研究[J].计算机应用研究.2008,25(1):234-236.
[37]周振柳,李铭,许榕生,宋东生.太行安全BIOS可信体系结构与实现研究[J].计算机工程与应用.2008,66(18):76-79.
[38]李凤华,马建峰.可信平台模块的体系结构及其提供服务的方法,200710199230.5[P].2007.
[39]谭良,周明天.一种新的用户登录可信认证方案的设计与实现[J].计算机应用.2007,6(56):1070-1072.
[40]孙勇,杨义先.基于BIOS和USB盘实现对PC机的安全访问[J].计算机应用.2006,15(6):113-136.
[41]吴永英,邓路,肖道举,陈晓苏.一种基于USB Key的双因子身份认证与密钥交换协议[J].计算机工程与科学.2007,29(5):56-59.
[42]张从力,张岳.基于对称密钥互认机制的USB Key设计[J].自动化技术与应用.2008,27(3):345-348.
[43]Arm storage:Seagate-Cheetah family of disk drives.http://www.arm.com/market s/annpp/462.html.
[44]黄涛,方艳湘,彭双和一种安全引导的设计与实现[J].计算机工程与设计.2007,56(7):412-421.
[45]李莉,曾国荪,陈波.基于时态逻辑的可信平台信任链建模[J].计算机学报.2008,35(4):56-59.
[46]Mariant hi T. et al. The insider threat to information systems and the effectiveness of ISO17799. Computers & Security[J].2005,24(6):472-484.
[47]Magklaras G.B, Furnell S. M.. A preliminary model of end user sophistication for insider threat prediction in IT systems[J]. Computers & Security.2005,24(5): 371-380.
[48]Mike K... Barbarians inside t he gates:Addressing internal security threats[J]. Network Security.2005,24(6):11-13.
[49]Yu Y., Chiueh T. C... Display-only file server:A solution against information theft due to insider attack[J]. In Proceedings of the 4th ACM Workshop on Digital Rights Management.2004,17(7):412-421.
[50]屈延文.软件行为学[M].北京:北京电子工业出版社.2008.
[51]Donn, B.P. Fighting computer crime:a new framework for protecting information. 1998.
[52]Wood B. An insider threat model for adversary simulation. In:Proceedings of the Workshop with Title Research on Mitigating the Insider Threat to Information Systems, Arlington VA.2000.
[53]Schultz E. E. A framework for understanding and predicting insider attacks. Computers and Security[J].2002,21(6):526-531.
[54]谭良,周明天.基于行为树的内部用户行为监管[J].计算机科学.2007,34(9):277-281.
[55]张红斌,裴庆祺,马建峰.内部威胁云模型感知算法[J].计算机学报.2009,32(4):784-792.
[56]田立勤,冀铁果.一种基于用户行为信任的动态角色访问控制[J].计算机工程与应用.2008,44(19):12-15.
[57]田立勤,林闯.可信网络中一种基于行为信任预测的博弈控制机制[J].计算机学报.2007,30(11):1930-1938.
[58]江伟,陈龙,王国胤.用户行为异常检测在安全审计系统中的应用[J].计算机应用.2006,26(7):1637-1642.
[59]熊伟,新藤久和,渡边喜道.软件需求定量分析及其映射的模糊层次分析法[J].软件学报.2005,16(3):427-433.
[60]陆瀛海,杨宗源.基于模糊层次分析法的测试效果量化预测评估方法[J].计算机科学.2008,35(1):285-287.
[61]秦戈,韩文报.关于可信计算平台模块的研究[J].信息工程大学学报.2006,7(4):96-100.
[62]鲁剑,杨树堂,倪佑生.基于白名单的深度包检测防火墙的改进方法[J].信息 安全与保密.2005,36(12):63-69.
[63]Phlashback,“汇编ring3下实现HOOK API", http://phlashback.blog.hexun.com/ 12573252-d.html.
[64]朱先忠.“利用钩子技术控制进程创建”.http://www.builder.com.cn/2007/1017/ 560293.shtml.
[65]温燕,王怀民.基于本地虚拟化技术的隔离执行模型研究[J].计算机学报.2008,85(6):25-28.
[66]Gerald J. Popek, Robert P. Goldberg. Formal Requirements for Virtualization Third Generation Architectures. Communications of the ACM,1974,17(7): 412-421.
[67]郑扣根.操作系统概念(第六版)[M].北京:高等教育出版社,2004.
[68]RobertP. Goldberg. Architecture of Virtual Machines. Proceedings of AFTPS Nation Computer Conference, ACM,1973,34(29):74-112.
[69]Gerald Bellaire, Nai-Ting Hsu. Hardware Architecture for Recursive Virtual Machines. Proceedings of the ACM/CSC-ER 1975 annual conference, ACM,1975, 14-18.
[70]Eric Kohlbrenner, Dana Morris, Brett Morris. Introduction to Virtual Machines. http://www.cs.gmu.edu/cne/itcore/virtualmachine.
[71]Feng-Chao Yu. Parallel Virtual Machine (PVM) Nov.23,1999. http://carbon.cude veredu/csproj iects.
[72]毛速.虚拟机的应用[J].宁夏工程技术.2003,2(2):154-156.
[73]张巍,卢凯.基于资源容器技术的虚拟机技术研究与实现[J].计算机应用.2006,34(29):456-458.
[74]杨少春.采用VMware构建虚拟并行计算网[J].计算机工程与设计.2006.
[75]陈泽茂,沈昌祥.解释型病毒及其防御策略研究[J].计算机工程与应用.2004.
[76]Microsoft Corporation. Windows脚本技术[M].Microsoft Corporation.2001.
[77]王飞,刘威鹏,沈昌祥.应用可信传递模型研究[J].计算机工程与应用.2007,43(29):178-180.
[2]张焕国,罗捷,金刚.可信计算研究进展[J].武汉大学学报理学版.2006,52(5):513-518.
[3]沈昌祥,张焕国,冯登国.信息安全综述[J].中国科学.2006,37(2):129-132.
[4]TCG. TPM Main Part1 Design Principles Specification Versionl.2 [EB/OL].2006. https://www.Trustedcomputinggroup.org.
[5]TCG. TPM Main Part 2 TPM Structures Specification Version1.2[EB/OL].2006. https://www.Trustedcomputinggroup.org.
[6]TCG.TPM Main Part 3 Commands Specification Version1.2[EB/OL].2006. https://www.Trustedcomputing group.org.
[7]谭良,徐志伟.基于可信计算平台的信任链传递研究进展[J].计算机科学.2008,35(10):267-269.
[8]叶波,陈克非.可信Linux关键组件验证方案的研究[J].计算机工程.2006,32(22):478-482.
[9]谭良,周明天.基于行为树的内部用户行为监管[J].计算机科学.2007,34(9):277-281.
[10]Arbaugh WA. Farbert DJ. Smith JM. A Secure and Reliable Bootstrap Architecture[C]. In:Proceedings of the IEEE Symposium on Security and Privacy. 1997,34(6):189-192.
[11]Applied Data Security Group. Trusted Grub, http://www.prosec.rub.de/trusted_grub.html.
[12]Demetrios Lambrou. TCPA enabled Open Source platforms. Reiner Sailer, Xiaolan hang, Trent Jaeger etc.
[13]Reiner Sailer, Xiaolan Zhang, Trent Jaeger. IBM Research Report, Design and Implementation of a TCG-based Integrity Measurement Architecture.13th Usenix Security Symposium, San Diego, California, August 2004.
[14]Microsoft. Trusted Platform Module Services in Windows Lon2ghorn [EB/OL]. http://www. microsoft.com/resources/ngscb/.
[15]谭良,周明天.一种并行可复原可信启动过程的设计与实现[J].计算机科学.2007,34(10):56-58.
[16]赵佳,沈昌祥,刘吉强,韩臻.基于无干扰理论的可信链模型[J].计算机研究与发展.2008,45(6):76-79.
[17]石文昌,单智勇,梁彬,梁朝晖,董铭.细粒度信任链研究方法[J].计算科学.2008,35(9):34-37.
[18]The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation [S]. ISO.IEC 15408:1999(E),1999.
[19]Trusted Computing Group. TCG Specification Architecture Overview [EB/OL]. http://www. trustedcomputinggroup.org.
[20]Algridas A., Laprie J.C., Brian R., Carl L. Basic concepts and taxonomy of dependable and secure computing [J].IEEE Transactions on Dependable and Secure Computing.2004,1(1):98-101.
[21]Microsoft. Trusted Platform Module Services in Windows Longhorn [EB/OL]. 2005. http://www.microsoft.com/resources/ngscb.
[22]Intel Corporation. LaGrande Technology Architectural Overview [EB/OL].2004. http://www.intel.com/technology/security.
[23]徐拾义.可信计算系统设计和分析[M].北京:清华大学出版社,2006.
[24]Microsoft. Hardware Platform for the Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/documents/NGSCBhardware.doc
[25]Microsoft. Security Model for the Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.d oc.
[26]Trusted Computing Group. TPM Main Part 1 Design Principles version 1.2 [EB/ OL],2007. https://www. Trustedcomputinggroup.org.
[27]William Arbaugh, David J Farber, Jonathan M Smith1 A secure and reliable bootstrap architecture [C]. IEEE Computer Society Conf on Security and Privacy, Oakland,1997.
[28]Trusted Computing Group. TCG PC Specification Implementation Specification [EB/OL]. http//www.trustedcomputinggroup.org.
[29]黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版).2006,56(45):876-879.
[30]Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG2based integrity measurement architecture[C]. Proceedings of the 13th Usenix Security Symposium. California:Usenix,2004,47(7):223-238.
[31]Trusted Computing Group. TCG Infrastructure Working Group Architecture Part II-Integrity Management [EB/OL]. http://www. Trusted computing group.org.2006.
[32]Phoenix T L. System BIOS for IBM PCs, Compatibles, and EISA Computers,2nd [M].Addison Wesley,1991.
[33]谭良,徐志伟.基于可信计算平台的信任链传递模型研究[J].计算机科学.2008,35(10):89-93.
[34]Grimes R. At386 protected mode bootstrap loader./sys/i386/boot/biosboot /README. MACH[S]. October 1993.
[35]陈文钦.BIOS研发技术剖析[M].北京:清华大学出版社.2001,5(7):678-680.
[36]谭良,周明天.基于可信计算平台的可信引导过程研究[J].计算机应用研究.2008,25(1):234-236.
[37]周振柳,李铭,许榕生,宋东生.太行安全BIOS可信体系结构与实现研究[J].计算机工程与应用.2008,66(18):76-79.
[38]李凤华,马建峰.可信平台模块的体系结构及其提供服务的方法,200710199230.5[P].2007.
[39]谭良,周明天.一种新的用户登录可信认证方案的设计与实现[J].计算机应用.2007,6(56):1070-1072.
[40]孙勇,杨义先.基于BIOS和USB盘实现对PC机的安全访问[J].计算机应用.2006,15(6):113-136.
[41]吴永英,邓路,肖道举,陈晓苏.一种基于USB Key的双因子身份认证与密钥交换协议[J].计算机工程与科学.2007,29(5):56-59.
[42]张从力,张岳.基于对称密钥互认机制的USB Key设计[J].自动化技术与应用.2008,27(3):345-348.
[43]Arm storage:Seagate-Cheetah family of disk drives.http://www.arm.com/market s/annpp/462.html.
[44]黄涛,方艳湘,彭双和一种安全引导的设计与实现[J].计算机工程与设计.2007,56(7):412-421.
[45]李莉,曾国荪,陈波.基于时态逻辑的可信平台信任链建模[J].计算机学报.2008,35(4):56-59.
[46]Mariant hi T. et al. The insider threat to information systems and the effectiveness of ISO17799. Computers & Security[J].2005,24(6):472-484.
[47]Magklaras G.B, Furnell S. M.. A preliminary model of end user sophistication for insider threat prediction in IT systems[J]. Computers & Security.2005,24(5): 371-380.
[48]Mike K... Barbarians inside t he gates:Addressing internal security threats[J]. Network Security.2005,24(6):11-13.
[49]Yu Y., Chiueh T. C... Display-only file server:A solution against information theft due to insider attack[J]. In Proceedings of the 4th ACM Workshop on Digital Rights Management.2004,17(7):412-421.
[50]屈延文.软件行为学[M].北京:北京电子工业出版社.2008.
[51]Donn, B.P. Fighting computer crime:a new framework for protecting information. 1998.
[52]Wood B. An insider threat model for adversary simulation. In:Proceedings of the Workshop with Title Research on Mitigating the Insider Threat to Information Systems, Arlington VA.2000.
[53]Schultz E. E. A framework for understanding and predicting insider attacks. Computers and Security[J].2002,21(6):526-531.
[54]谭良,周明天.基于行为树的内部用户行为监管[J].计算机科学.2007,34(9):277-281.
[55]张红斌,裴庆祺,马建峰.内部威胁云模型感知算法[J].计算机学报.2009,32(4):784-792.
[56]田立勤,冀铁果.一种基于用户行为信任的动态角色访问控制[J].计算机工程与应用.2008,44(19):12-15.
[57]田立勤,林闯.可信网络中一种基于行为信任预测的博弈控制机制[J].计算机学报.2007,30(11):1930-1938.
[58]江伟,陈龙,王国胤.用户行为异常检测在安全审计系统中的应用[J].计算机应用.2006,26(7):1637-1642.
[59]熊伟,新藤久和,渡边喜道.软件需求定量分析及其映射的模糊层次分析法[J].软件学报.2005,16(3):427-433.
[60]陆瀛海,杨宗源.基于模糊层次分析法的测试效果量化预测评估方法[J].计算机科学.2008,35(1):285-287.
[61]秦戈,韩文报.关于可信计算平台模块的研究[J].信息工程大学学报.2006,7(4):96-100.
[62]鲁剑,杨树堂,倪佑生.基于白名单的深度包检测防火墙的改进方法[J].信息 安全与保密.2005,36(12):63-69.
[63]Phlashback,“汇编ring3下实现HOOK API", http://phlashback.blog.hexun.com/ 12573252-d.html.
[64]朱先忠.“利用钩子技术控制进程创建”.http://www.builder.com.cn/2007/1017/ 560293.shtml.
[65]温燕,王怀民.基于本地虚拟化技术的隔离执行模型研究[J].计算机学报.2008,85(6):25-28.
[66]Gerald J. Popek, Robert P. Goldberg. Formal Requirements for Virtualization Third Generation Architectures. Communications of the ACM,1974,17(7): 412-421.
[67]郑扣根.操作系统概念(第六版)[M].北京:高等教育出版社,2004.
[68]RobertP. Goldberg. Architecture of Virtual Machines. Proceedings of AFTPS Nation Computer Conference, ACM,1973,34(29):74-112.
[69]Gerald Bellaire, Nai-Ting Hsu. Hardware Architecture for Recursive Virtual Machines. Proceedings of the ACM/CSC-ER 1975 annual conference, ACM,1975, 14-18.
[70]Eric Kohlbrenner, Dana Morris, Brett Morris. Introduction to Virtual Machines. http://www.cs.gmu.edu/cne/itcore/virtualmachine.
[71]Feng-Chao Yu. Parallel Virtual Machine (PVM) Nov.23,1999. http://carbon.cude veredu/csproj iects.
[72]毛速.虚拟机的应用[J].宁夏工程技术.2003,2(2):154-156.
[73]张巍,卢凯.基于资源容器技术的虚拟机技术研究与实现[J].计算机应用.2006,34(29):456-458.
[74]杨少春.采用VMware构建虚拟并行计算网[J].计算机工程与设计.2006.
[75]陈泽茂,沈昌祥.解释型病毒及其防御策略研究[J].计算机工程与应用.2004.
[76]Microsoft Corporation. Windows脚本技术[M].Microsoft Corporation.2001.
[77]王飞,刘威鹏,沈昌祥.应用可信传递模型研究[J].计算机工程与应用.2007,43(29):178-180.