可信网络连接全生命周期接入与授权模型设计
|
摘要
随着嵌入式设备、消费电子数码产品以及传感器等设备的大量接入,互联网的规模和应用领域都在不断的拓展,网络在我们生活中的作用也日益增强,但随之而来的网络安全问题也更加突出,垃圾邮件、计算机病毒及木马程序等严重危害着我们的正常生活。现有的网络安全措施大多是从网络边界来防范的,对于网络边界内的终端却缺乏安全管理,这使得终端安全问题成了网络安全解决方案中的一个漏洞,严重影响了其实施效果。目前,从终端开始来解决网络安全问题已经得到了共识,相继出现了Cisco的NAC、Microsoft的NAP、TCG的TNC、天融信的TNA、华为的EAD等许多终端安全接入方案,意图从终端安全出发来解决信息安全问题。但是现有的方案大都仅仅关注终端接入网络时的完整性,对终端接入网络之后的行为则缺乏实时控制,这种情况是无法满足当前复杂的网络要求的。
论文在深入研究了终端安全接入的各种方案后,针对目前存在的问题,主要在以下几个方面做了研究和改进:
1)针对目前的终端防护机制缺乏接入后的管理,论文在TNC规范的基础上,结合使用控制模型提出了一种可信网络连接全生命周期接入与授权模型。该模型不但可以依据组织的安全策略保证终端接入可信网络时的完整性,而且可以通过属性和可信度等的变化来实时控制终端的行为。
2)针对终端接入可信网络时完整性信息的综合处理较为复杂的现状,将完整性信息通过模糊综合评判的方法抽象成终端的可信度,并把它作为授权决策时的一个重要组成部分,便于实现终端接入可信网络的全生命周期管理。
3)针对实体和组件之间缺乏相应的安全协议,提出终端接入可信网络的认证协议,通过身份认证、平台认证和完整性认证三方面的策略来判断终端的相应权限,并使用目前安全等级较高的通用可组合模型对协议的安全性进行了证明。
4)通过研究和分析Linux操作系统下的开源软件TPM模拟器(TPM-emulator),基于Cent OS系统搭建该软件模拟器,开发了使用TPM模拟器的应用软件,使得用户可以通过图形化的界面使用TPM的功能,并对论文提出的认证协议和度量过程给出了部分原型实现和功能测试。
With the increasing applications of embedded devices, consumer digital products, as well as a large number of sensors and other devices,the scale and applications of the Internet is continuing to expand, the influence and global role of the network in our lives is enhanced. But at the same time, the network also faces great security problems, spam, viruses and Trojan horse programs seriously endanger our lives. However, the existing network security measures are mostly aimed at the network perimeter to guard the terminal, the terminal lacks security management within the boundaries, bringing a serious impact on security solutions. Currently, solving network security issues from the endpoint have become a consensus. It has appeared in Cisco's NAC, Microsoft's NAP, TCG's TNC, TNA of TOPSEC, Huawei's EAD and many other terminal security access architecture, intending to solve the problems from the terminal. However, existing programs mostly focus on the integrity of the terminal when it accesses the network, the act after the terminal accesses network lack real-time control, this is not accordant with the actual situation of complex networks.
The main contributions of this thesis are as follows after the solutions are researched in detail:
1) Aiming at lack of management, an entire life cycle of Trusted Network access and authorization model is proposed, combining usage control model based on TNC specifications. This architecture not only ensure the integrity when the network terminal access the network based on the organization's security policy, but also control the real-time behavior of the terminal through the changes of the properties and reliabilities.
2) The integrity of the information is abstracted to the trusted level by fuzzy decision-making synthetic evaluation, and then the trusted level become a crucial part in the decision-making authority, realizing management of the entire life cycle when the terminal accesses the trusted network.
3) A new authentication of accessing Trusted Network protocol is proposed. The identity authentication, platform authentication and integrity authentication are used to determine the corresponding permissions of the terminal, the security is proofed by Universally Composable Secure model.
4) Application software is developed under the Linux operating system using a TPM simulator based on the model proposed in the thesis. Users can use TPM function through the graphical interfaces. The protocol authentication is proposed and tested in experimental platform.
论文在深入研究了终端安全接入的各种方案后,针对目前存在的问题,主要在以下几个方面做了研究和改进:
1)针对目前的终端防护机制缺乏接入后的管理,论文在TNC规范的基础上,结合使用控制模型提出了一种可信网络连接全生命周期接入与授权模型。该模型不但可以依据组织的安全策略保证终端接入可信网络时的完整性,而且可以通过属性和可信度等的变化来实时控制终端的行为。
2)针对终端接入可信网络时完整性信息的综合处理较为复杂的现状,将完整性信息通过模糊综合评判的方法抽象成终端的可信度,并把它作为授权决策时的一个重要组成部分,便于实现终端接入可信网络的全生命周期管理。
3)针对实体和组件之间缺乏相应的安全协议,提出终端接入可信网络的认证协议,通过身份认证、平台认证和完整性认证三方面的策略来判断终端的相应权限,并使用目前安全等级较高的通用可组合模型对协议的安全性进行了证明。
4)通过研究和分析Linux操作系统下的开源软件TPM模拟器(TPM-emulator),基于Cent OS系统搭建该软件模拟器,开发了使用TPM模拟器的应用软件,使得用户可以通过图形化的界面使用TPM的功能,并对论文提出的认证协议和度量过程给出了部分原型实现和功能测试。
With the increasing applications of embedded devices, consumer digital products, as well as a large number of sensors and other devices,the scale and applications of the Internet is continuing to expand, the influence and global role of the network in our lives is enhanced. But at the same time, the network also faces great security problems, spam, viruses and Trojan horse programs seriously endanger our lives. However, the existing network security measures are mostly aimed at the network perimeter to guard the terminal, the terminal lacks security management within the boundaries, bringing a serious impact on security solutions. Currently, solving network security issues from the endpoint have become a consensus. It has appeared in Cisco's NAC, Microsoft's NAP, TCG's TNC, TNA of TOPSEC, Huawei's EAD and many other terminal security access architecture, intending to solve the problems from the terminal. However, existing programs mostly focus on the integrity of the terminal when it accesses the network, the act after the terminal accesses network lack real-time control, this is not accordant with the actual situation of complex networks.
The main contributions of this thesis are as follows after the solutions are researched in detail:
1) Aiming at lack of management, an entire life cycle of Trusted Network access and authorization model is proposed, combining usage control model based on TNC specifications. This architecture not only ensure the integrity when the network terminal access the network based on the organization's security policy, but also control the real-time behavior of the terminal through the changes of the properties and reliabilities.
2) The integrity of the information is abstracted to the trusted level by fuzzy decision-making synthetic evaluation, and then the trusted level become a crucial part in the decision-making authority, realizing management of the entire life cycle when the terminal accesses the trusted network.
3) A new authentication of accessing Trusted Network protocol is proposed. The identity authentication, platform authentication and integrity authentication are used to determine the corresponding permissions of the terminal, the security is proofed by Universally Composable Secure model.
4) Application software is developed under the Linux operating system using a TPM simulator based on the model proposed in the thesis. Users can use TPM function through the graphical interfaces. The protocol authentication is proposed and tested in experimental platform.
引文
[1]周宏仁等.信息化论[M].北京:人民出版社,2008,08.
[2]沈昌祥.基于积极防御的安全保障框架[J].中国信息导报,2003,10:50-51.
[3]蔡谊.支持可信操作平台的安全操作系统研究[D].武汉:海军工程大学,2005.
[4]沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学,2007,37(2):129-155.
[5]张焕国,罗捷,金刚,朱志强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[6]中共中央办公厅、国务院办公厅.2006-2020年国家信息化发展战略[EB/OL]http://www.gov.cn/jrzg/2006-05/08/content_275560.htm,2006,05,08.
[7]郭诚忠.解读《2006-2020年国家信息化发展战略[J].信息系统工程,2006.09.
[8]TCG. TCPA Design Philosophies and Concepts Version 1.0[EB/OL]. https://www.trustedcomputinggroup.org, Jan,2001.
[9]TCG. TCG Specification architecture overview, Version 1.2[EB/OL]. https://www.trustedcomputinggroup.org, Mar,2003.
[10]TCG TCG Specification architecture overview Versionl.4[EB/OL].https://www.trustedeomputinggroup.org, Aug.2007.
[11]TCG. Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.4 [EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_vers ion_14, May,2009.
[12]TCG. TCG Design, Implementation and Usage Principles, Version2.0[EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_design_implementation_an d_usage_principles_best_practices, Dec,2005.
[13]TCG TCG Mobile Reference Architecture v1.0 Revision5:Normative Requirements Check-list[EB/OL]. http://www.trustedcomputinggroup.org/resources/mobile_reference_architecture_v10_revision_5_normative_requirements_checklist, Jun,2009.
[14]TCG. TCG Design, Implementation, and Usage Principles,Version2.0[EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_design_implementation_an d_usage_principles_best_practices,Apr,2009.
[15]Intel. Intel Otellini Cites Silicon As The Engine of Convergence[EB/OL]. http://www.intel.com/pressroom/archive/releases/20020909corp.htm, May,2003.
[16]T.Garfinkel, M.Rosenblum, D.Boneh.Flexible OS support and applications for trusted computing. HotOS[EB/OL]. http://suif.stanford.edu/papers/trusted-hotos03.pdf,2003.
[17]T.Garfinkel, B.Pfaff, J.Chow, M.Rosenblum, D.Boneh. Terra:a virtual machine-based platform for trusted computing. New York:Proceedings of the nineteenth ACM symposium on Operating systems principles[C].2003,193-206.
[18]Enforcer Project Homepage[EB/OL]. http://enforcer.sourceforge.net, Mar,2005.
[19]R.MacDonald, S.Smith, J.Marc hesini, O.Wild. Bear: An open- source virtual secure Coprocessor based on TCPA[R]. Technical Report,2003-471, Department of Computer Science, Dartmouth College,2003.
[20]Microsoft. Microsoft Palladium: A Business Overview[EB/OL].http://www.microsoft.com/presspass/features/2002/ju102/0724 Palladiumwp.asp,Aug,2002
[21]Microsoft. Microsoft Next Generation Secure Computing Base-Technical FAQ[EB/OL]. http://www.microsoft.com/technet/treeview/default.asp?url =/technet/security/news/NGSCB.asp, May,2003.
[22]Zhang,X.,M.J.Covingtom,S.chen and R.Sandhu. SecureBus:Towards application-transparent trusted computing with mandatory access control.Proceeding of the 2nd ACM Symposium on Information, Computer and Communication Security[C]. Mar,2007:117-126.
[23]A.R.Sadeghi, C.Stuble, N.Pohlmann. European multilateral secure computing base[EB/OL].http://www.internet-sicherheit.de/fileadmin/npo/artikel_berichte/E MSCB.pdf,2004.
[24]IBM. Integrity measurement architecture [EB/OL]. http://domino.research.ibm.com/comm/research_projects.nsf/pages/ssd_ima.inde x.html, Jun,2008.
[25]J.Trent, S.Reiner, S.Umesh.PRIMA:Policy-Reduced Integrity Measure Architecture [EB/OL].http://www.umeshshankar.com/research/prima/prima.pdf, Jun,2006.
[26]D.Safford, M.Zohar. A trusted Linux Client. Watson Research Center [EB/OL].http://www.research.ibm.com/gsal/tcpa/tlc.pdf,2004.
[27]刘威鹏,胡俊,方艳湘,沈昌祥.基于可信计算的终端安全体系结构研究与进展 [J].计算机科学,2007,34(10):257-263.
[28]林闯,彭雪海.可信网络研究[J].计算机学报,2005.28(5):751-758.
[29]林闯,任丰原.可控可信可扩展的新一代互联[J].软件学报,2004.15(12):1815-1821.
[30]闵应骅.可信系统与网络[J].计算机工程与科学,2001,23(5):21-23.
[31]田立勤,林闯.可信网络中一种基于行为信任预测的博弈控制机制[J].计算机学报,2007,30(11):1930-1938
[32]周明天,谭良.可信计算及其进展[J].电子科技大学学报,2006.35(4):686-69726
[33]熊光泽,常政威,桑楠.可信计算发展综述[J].计算机应用,2009,29(04):915-919.
[34]沈昌祥.加强信息安全保障体系的思考[J].信息网络安全,2002,11:12-14.
[35]李春艳.可信赖计算平台关键技术分析及应用[J].计算机工程,2006,32(24):124-125.
[36]Open Source Project for TNC[EB/OL]. http://sourceforge.net/projects/libtnc, May, 2010.
[37]Trust@FHH 0.7.0 released [EB/OL]. http://tnc.inform.fh-hannover.de, May,2010.
[38]Open Source Project for 802.1X[EB/OL]. http://openlx.sourceforge.net/, Jan, 2010.
[39]Microsoft, Introduction to Network Access Protection[EB/OL]. http://www.microsoft. com/technet/tsolutions/network/nap/naparch.mspx, May, 2006.
[40]Microsoft Network Access Protection Platform Architecture [EB/OL].http://www.microsoft.com/technet/itsolutions/network/naparch.mspx, May,2006.
[41]Cisco, Network Admission Control-Cisco[EB/OL]. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_nac.html#w p1053023, Jul,2007.
[42]瞻博网络统一接入控制解决方案和EX以太网交换[EB/OL].http://www.juniper.net/cn/zh/local/pdf/whitepapers/2000265-cn.pdf,2009.
[43]李鸿培.何为“可信网络架构”[J].数码世界,2005,05:21-23.
[44]Network Endpoint Assessment (NEA):Overview and Requirements[EB/OL]. http://tools.ietf.org/html/rfc5209, Oct,2009.
[45]PB-TNC:A Posture Broker Protocol (PB) Compatible with TNC[EB/OL]. http://tools.ietf.org/html/draft-ietf-nea-pb-tnc-06, Oct,2009.
[46]PA-TNC:A Posture Attribute Protocol (PA) Compatible with TNC[EB/OL]. http://tools.ietf.org/html/draft-ietf-nea-pa-tnc-06, Oct,2009.
[47]马忠泽.端点准入防御解决方案[J].中国新通信,2005,(10):77-78.
[48]华为 3Com 金融业端点准入防御解决方案[EB/OL]http://hi.baidu.com/happymilk/blog/item/6af5a5ccfacf3e 1301 e92826.html, 2005,4.
[49]The Trusted Network Connect (TNC) Work Group[EB/OL]. http://www.trustedcomputinggroup.org/developers/trusted_network_connect
[50]TCG Specification Trusted Network Connect -TNC Architecture for Interoperability Revision 1.1[EB/OL]. http://www.trustedcomputinggroup.org, May,2006.
[51]TCG Specification Trusted Network Connect -TNC IF-PEP:Protocol Binding for Radius Revision 0.7[EB/OL].https://www.trustedcomputinggroup.org, May,2007.
[52]TCG Specification Trusted Network Connect -TNC IF-T: Protocol Binding for Tunneled EAP Methods. Revision 10[EB/OL]. https://www.trustedcomputinggroup.org,May,2007.
[53]TCG Specification Trusted Network Connect -TNC IF-TNCCS:TLV Binding Revision 10[EB/OL].https://www.trustedcomputinggroup.org, Jan,2008
[54]TCG Specification Trusted Network Connect -TNC IF-IMC Revision 8[EB/OL]. https://www.trustedcomputinggroup.org, Feb,2007.
[55]TCG Specification Trusted Network Connect -TNC IF-IMV Revision 8[EB/OL],.https://www.trustedcomputinggroup.org, Feb,2007.
[56]TCG Specification Trusted Network Connect -TNC IF-M:TLV Binding Revision 30[EB/OL].https://www.trustedcomputinggroup.org, Jan,2008
[57]TCG Specification Trusted Network Connect -TNC IF-PTS Revision 1.0[EB/OL].https://www.trustedcomputinggroup.org, Nov,2006.
[58]TCG Specification Trusted Network Connect IF-MAP Revision 25[EB/OL].https://www.trustedcomputinggroup.org, Apr,2008
[59]TCG Trusted Network Connect TNC IF-T:Binding to TLS [EB/OL]. http://www.trustedcomputinggroup.org/resources/tnc_ift_binding_to_tls_version_10_revision_16, May.2009.
[60]TCG Trusted Network Connect TNC Federated TNC [EB/OL]. http://www.trustedcomputinggroup.org/resources/federated_tnc_version_10_revis ion_26,May,2009.
[61]TCG Trusted Network Connect Clientless Endpoint Support Profile [EB/OL].http://www.trustedcomputinggroup.org/resources/tnc_clientless_endpoi nt_support_profile_version_10_revision_13,May,2009.
[62]Elaine Shi, Adrian Perrig, Leendert van Doom. BIND:A Fined-Grained Attestation Service for Secure Distributed Systems[A]. IEEE Symposium on Security and Privacy 2005:154-168.
[63]Jeff Farris, Remote Attestation[R]. Research. Report, University of Illinois at Urbana-Champaign Contact, Jun,2005.
[64]R.Sailer, X.Zhang, T.Jaeger, and L. van Doom. Design and Implementation of a TCG-based Integrity Measurement Architecture[A]. In Proceedings of the 13th Usenix Security Symposium, California: Usenix August 2004,223-238.
[65]王佳慧,吴振强.通用可组合安全的可信网络连接协议[J].计算机工程,2010,08:126-129.
[66]Bellare M, Canetti R, Krawczyk H. A Modular Approach to the Design and Analysis of Authentication and Key-exchange Protocols[C].Proc of the 30th Annual Symp on the Theory of Computing. New York: ACM Press,1998: 419-428.
[67]Canetti R. Universally Composable Security:a New Paradigm for Cryptographic Protocols[C].Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS). New York:IEEE Press,2001:136-145.
[68]Canetti R, Krawczyk H. Security Analysis of IKE's Signature-based Key-exchange Protocol[C]. LNCS2442. Berlin:Springer-Verlag,2002:143-161.
[69]I.Damgard, J.Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor[M]. Springer Berlin/ Heidelberg:Advances in Cryptology-CRYPTO 2002.
[70]Ran Canetti, Marc Fischlin. Universally Composable Commitments[A].Lecture Notes in Computer Science,volume 2139,2001:19-28.
[71]Ran Canetti, Hugo Krawczyk. Universally Composable Notions of Key Exchange and Secure Channels[J]. Theory and Application of Cryptographic Techniques,pages 337-351,2002.
[72]R.Canetti,S.Halevi, J.Katz, Y.Lindell, P.MacKenzie. Universally Composable Password-Based Key Exchange,Eurocrypt 2005[C]. http://citeseer.ist.psu.edu/canetti05universally.html.
[73]R.Canetti. Universally composable security:a new paradigm for cryptographic protocols[R]. Cryptology ePrint Archive,Report 2000/067, http://eprint.iacr.org,2000.
[74]李向前,宋昆.高可信网络信任度评估模型的研究与发展[J].山东农业大学学报(自然科学版),2006,37(2):243-247.
[75]王菊花,吴晓平.基于模糊综合评判的舰载通信安全设备效能评估[J]船舶科学技术,2009(04):103-106.
[76]赵斐.基于模糊综合评判的入侵检测模型的应用与研究[J].计算机工程与设计,2009(01):29-34.
[77]李晓棠,申荣华,王季春,孙庆山,李丹阳.基于模糊综合评判的压铸模顶出机构设计[J].计算机应用技术,2005,25(4):208-210.
[78]陈晓利,韩直,雷鸣.基于模糊评判的高速公路线形安全性评价[J].中国水运,2007,10:120-123.
[79]熊德国,鲜学福.模糊综合评价方法的改进[J].重庆大学学报(自然科学版),2003,26(6):93-95.
[80]汪培庄.模糊集合论及其应用[M].上海:上海科学技术出版社,1983.
[81]王靖,张金锁.综合评价中确定权重向量的几种方法比较[J].河北大学学报,2001,30(2):52-57.
[82]王佳慧,吴振强.一种基于可信度的可信网络接入体系结构.第一届中国可信计算理论与实践学术会议论文集[C].北京:清华大学出版社,2009:129-135.
[83]李玉琳,高志刚,韩延玲.模糊综合评价中权值确定和合成算子选择[J].计算机工程与应用,2006,42(23):41-42.
[84]林宏刚.可信网络连接若干关键技术的研究[D].四川:四川大学,2006.
[85]RaviSandhu, JaehongPark. Usage Conrtol:A Vision for Next Generation Access control[C]. In Proceedings of The 2nd International work shop on Mathematical Methods,Models and Architectures for Computer Networks Security,2003:17-31.
[86]Jaehong Park, RaviSandhu. Towards Usage Control Models:Beyond Traditional Access Control[C]. ACM, Jun.2002:3-4.
[87]Jaehong park, Ravi sandhu. Originator control in usage control[C].3rd International Workshop on Policies for Distributed Networks(Policy02), Jun. 2002:5-7.
[88]王佳慧,吴振强.可信网络连接的全生命周期授权模型及应用.TCS2009,计算机与数字工程,2009,08:118-123.
[2]沈昌祥.基于积极防御的安全保障框架[J].中国信息导报,2003,10:50-51.
[3]蔡谊.支持可信操作平台的安全操作系统研究[D].武汉:海军工程大学,2005.
[4]沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学,2007,37(2):129-155.
[5]张焕国,罗捷,金刚,朱志强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[6]中共中央办公厅、国务院办公厅.2006-2020年国家信息化发展战略[EB/OL]http://www.gov.cn/jrzg/2006-05/08/content_275560.htm,2006,05,08.
[7]郭诚忠.解读《2006-2020年国家信息化发展战略[J].信息系统工程,2006.09.
[8]TCG. TCPA Design Philosophies and Concepts Version 1.0[EB/OL]. https://www.trustedcomputinggroup.org, Jan,2001.
[9]TCG. TCG Specification architecture overview, Version 1.2[EB/OL]. https://www.trustedcomputinggroup.org, Mar,2003.
[10]TCG TCG Specification architecture overview Versionl.4[EB/OL].https://www.trustedeomputinggroup.org, Aug.2007.
[11]TCG. Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.4 [EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_vers ion_14, May,2009.
[12]TCG. TCG Design, Implementation and Usage Principles, Version2.0[EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_design_implementation_an d_usage_principles_best_practices, Dec,2005.
[13]TCG TCG Mobile Reference Architecture v1.0 Revision5:Normative Requirements Check-list[EB/OL]. http://www.trustedcomputinggroup.org/resources/mobile_reference_architecture_v10_revision_5_normative_requirements_checklist, Jun,2009.
[14]TCG. TCG Design, Implementation, and Usage Principles,Version2.0[EB/OL]. http://www.trustedcomputinggroup.org/resources/tcg_design_implementation_an d_usage_principles_best_practices,Apr,2009.
[15]Intel. Intel Otellini Cites Silicon As The Engine of Convergence[EB/OL]. http://www.intel.com/pressroom/archive/releases/20020909corp.htm, May,2003.
[16]T.Garfinkel, M.Rosenblum, D.Boneh.Flexible OS support and applications for trusted computing. HotOS[EB/OL]. http://suif.stanford.edu/papers/trusted-hotos03.pdf,2003.
[17]T.Garfinkel, B.Pfaff, J.Chow, M.Rosenblum, D.Boneh. Terra:a virtual machine-based platform for trusted computing. New York:Proceedings of the nineteenth ACM symposium on Operating systems principles[C].2003,193-206.
[18]Enforcer Project Homepage[EB/OL]. http://enforcer.sourceforge.net, Mar,2005.
[19]R.MacDonald, S.Smith, J.Marc hesini, O.Wild. Bear: An open- source virtual secure Coprocessor based on TCPA[R]. Technical Report,2003-471, Department of Computer Science, Dartmouth College,2003.
[20]Microsoft. Microsoft Palladium: A Business Overview[EB/OL].http://www.microsoft.com/presspass/features/2002/ju102/0724 Palladiumwp.asp,Aug,2002
[21]Microsoft. Microsoft Next Generation Secure Computing Base-Technical FAQ[EB/OL]. http://www.microsoft.com/technet/treeview/default.asp?url =/technet/security/news/NGSCB.asp, May,2003.
[22]Zhang,X.,M.J.Covingtom,S.chen and R.Sandhu. SecureBus:Towards application-transparent trusted computing with mandatory access control.Proceeding of the 2nd ACM Symposium on Information, Computer and Communication Security[C]. Mar,2007:117-126.
[23]A.R.Sadeghi, C.Stuble, N.Pohlmann. European multilateral secure computing base[EB/OL].http://www.internet-sicherheit.de/fileadmin/npo/artikel_berichte/E MSCB.pdf,2004.
[24]IBM. Integrity measurement architecture [EB/OL]. http://domino.research.ibm.com/comm/research_projects.nsf/pages/ssd_ima.inde x.html, Jun,2008.
[25]J.Trent, S.Reiner, S.Umesh.PRIMA:Policy-Reduced Integrity Measure Architecture [EB/OL].http://www.umeshshankar.com/research/prima/prima.pdf, Jun,2006.
[26]D.Safford, M.Zohar. A trusted Linux Client. Watson Research Center [EB/OL].http://www.research.ibm.com/gsal/tcpa/tlc.pdf,2004.
[27]刘威鹏,胡俊,方艳湘,沈昌祥.基于可信计算的终端安全体系结构研究与进展 [J].计算机科学,2007,34(10):257-263.
[28]林闯,彭雪海.可信网络研究[J].计算机学报,2005.28(5):751-758.
[29]林闯,任丰原.可控可信可扩展的新一代互联[J].软件学报,2004.15(12):1815-1821.
[30]闵应骅.可信系统与网络[J].计算机工程与科学,2001,23(5):21-23.
[31]田立勤,林闯.可信网络中一种基于行为信任预测的博弈控制机制[J].计算机学报,2007,30(11):1930-1938
[32]周明天,谭良.可信计算及其进展[J].电子科技大学学报,2006.35(4):686-69726
[33]熊光泽,常政威,桑楠.可信计算发展综述[J].计算机应用,2009,29(04):915-919.
[34]沈昌祥.加强信息安全保障体系的思考[J].信息网络安全,2002,11:12-14.
[35]李春艳.可信赖计算平台关键技术分析及应用[J].计算机工程,2006,32(24):124-125.
[36]Open Source Project for TNC[EB/OL]. http://sourceforge.net/projects/libtnc, May, 2010.
[37]Trust@FHH 0.7.0 released [EB/OL]. http://tnc.inform.fh-hannover.de, May,2010.
[38]Open Source Project for 802.1X[EB/OL]. http://openlx.sourceforge.net/, Jan, 2010.
[39]Microsoft, Introduction to Network Access Protection[EB/OL]. http://www.microsoft. com/technet/tsolutions/network/nap/naparch.mspx, May, 2006.
[40]Microsoft Network Access Protection Platform Architecture [EB/OL].http://www.microsoft.com/technet/itsolutions/network/naparch.mspx, May,2006.
[41]Cisco, Network Admission Control-Cisco[EB/OL]. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_nac.html#w p1053023, Jul,2007.
[42]瞻博网络统一接入控制解决方案和EX以太网交换[EB/OL].http://www.juniper.net/cn/zh/local/pdf/whitepapers/2000265-cn.pdf,2009.
[43]李鸿培.何为“可信网络架构”[J].数码世界,2005,05:21-23.
[44]Network Endpoint Assessment (NEA):Overview and Requirements[EB/OL]. http://tools.ietf.org/html/rfc5209, Oct,2009.
[45]PB-TNC:A Posture Broker Protocol (PB) Compatible with TNC[EB/OL]. http://tools.ietf.org/html/draft-ietf-nea-pb-tnc-06, Oct,2009.
[46]PA-TNC:A Posture Attribute Protocol (PA) Compatible with TNC[EB/OL]. http://tools.ietf.org/html/draft-ietf-nea-pa-tnc-06, Oct,2009.
[47]马忠泽.端点准入防御解决方案[J].中国新通信,2005,(10):77-78.
[48]华为 3Com 金融业端点准入防御解决方案[EB/OL]http://hi.baidu.com/happymilk/blog/item/6af5a5ccfacf3e 1301 e92826.html, 2005,4.
[49]The Trusted Network Connect (TNC) Work Group[EB/OL]. http://www.trustedcomputinggroup.org/developers/trusted_network_connect
[50]TCG Specification Trusted Network Connect -TNC Architecture for Interoperability Revision 1.1[EB/OL]. http://www.trustedcomputinggroup.org, May,2006.
[51]TCG Specification Trusted Network Connect -TNC IF-PEP:Protocol Binding for Radius Revision 0.7[EB/OL].https://www.trustedcomputinggroup.org, May,2007.
[52]TCG Specification Trusted Network Connect -TNC IF-T: Protocol Binding for Tunneled EAP Methods. Revision 10[EB/OL]. https://www.trustedcomputinggroup.org,May,2007.
[53]TCG Specification Trusted Network Connect -TNC IF-TNCCS:TLV Binding Revision 10[EB/OL].https://www.trustedcomputinggroup.org, Jan,2008
[54]TCG Specification Trusted Network Connect -TNC IF-IMC Revision 8[EB/OL]. https://www.trustedcomputinggroup.org, Feb,2007.
[55]TCG Specification Trusted Network Connect -TNC IF-IMV Revision 8[EB/OL],.https://www.trustedcomputinggroup.org, Feb,2007.
[56]TCG Specification Trusted Network Connect -TNC IF-M:TLV Binding Revision 30[EB/OL].https://www.trustedcomputinggroup.org, Jan,2008
[57]TCG Specification Trusted Network Connect -TNC IF-PTS Revision 1.0[EB/OL].https://www.trustedcomputinggroup.org, Nov,2006.
[58]TCG Specification Trusted Network Connect IF-MAP Revision 25[EB/OL].https://www.trustedcomputinggroup.org, Apr,2008
[59]TCG Trusted Network Connect TNC IF-T:Binding to TLS [EB/OL]. http://www.trustedcomputinggroup.org/resources/tnc_ift_binding_to_tls_version_10_revision_16, May.2009.
[60]TCG Trusted Network Connect TNC Federated TNC [EB/OL]. http://www.trustedcomputinggroup.org/resources/federated_tnc_version_10_revis ion_26,May,2009.
[61]TCG Trusted Network Connect Clientless Endpoint Support Profile [EB/OL].http://www.trustedcomputinggroup.org/resources/tnc_clientless_endpoi nt_support_profile_version_10_revision_13,May,2009.
[62]Elaine Shi, Adrian Perrig, Leendert van Doom. BIND:A Fined-Grained Attestation Service for Secure Distributed Systems[A]. IEEE Symposium on Security and Privacy 2005:154-168.
[63]Jeff Farris, Remote Attestation[R]. Research. Report, University of Illinois at Urbana-Champaign Contact, Jun,2005.
[64]R.Sailer, X.Zhang, T.Jaeger, and L. van Doom. Design and Implementation of a TCG-based Integrity Measurement Architecture[A]. In Proceedings of the 13th Usenix Security Symposium, California: Usenix August 2004,223-238.
[65]王佳慧,吴振强.通用可组合安全的可信网络连接协议[J].计算机工程,2010,08:126-129.
[66]Bellare M, Canetti R, Krawczyk H. A Modular Approach to the Design and Analysis of Authentication and Key-exchange Protocols[C].Proc of the 30th Annual Symp on the Theory of Computing. New York: ACM Press,1998: 419-428.
[67]Canetti R. Universally Composable Security:a New Paradigm for Cryptographic Protocols[C].Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS). New York:IEEE Press,2001:136-145.
[68]Canetti R, Krawczyk H. Security Analysis of IKE's Signature-based Key-exchange Protocol[C]. LNCS2442. Berlin:Springer-Verlag,2002:143-161.
[69]I.Damgard, J.Nielsen. Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor[M]. Springer Berlin/ Heidelberg:Advances in Cryptology-CRYPTO 2002.
[70]Ran Canetti, Marc Fischlin. Universally Composable Commitments[A].Lecture Notes in Computer Science,volume 2139,2001:19-28.
[71]Ran Canetti, Hugo Krawczyk. Universally Composable Notions of Key Exchange and Secure Channels[J]. Theory and Application of Cryptographic Techniques,pages 337-351,2002.
[72]R.Canetti,S.Halevi, J.Katz, Y.Lindell, P.MacKenzie. Universally Composable Password-Based Key Exchange,Eurocrypt 2005[C]. http://citeseer.ist.psu.edu/canetti05universally.html.
[73]R.Canetti. Universally composable security:a new paradigm for cryptographic protocols[R]. Cryptology ePrint Archive,Report 2000/067, http://eprint.iacr.org,2000.
[74]李向前,宋昆.高可信网络信任度评估模型的研究与发展[J].山东农业大学学报(自然科学版),2006,37(2):243-247.
[75]王菊花,吴晓平.基于模糊综合评判的舰载通信安全设备效能评估[J]船舶科学技术,2009(04):103-106.
[76]赵斐.基于模糊综合评判的入侵检测模型的应用与研究[J].计算机工程与设计,2009(01):29-34.
[77]李晓棠,申荣华,王季春,孙庆山,李丹阳.基于模糊综合评判的压铸模顶出机构设计[J].计算机应用技术,2005,25(4):208-210.
[78]陈晓利,韩直,雷鸣.基于模糊评判的高速公路线形安全性评价[J].中国水运,2007,10:120-123.
[79]熊德国,鲜学福.模糊综合评价方法的改进[J].重庆大学学报(自然科学版),2003,26(6):93-95.
[80]汪培庄.模糊集合论及其应用[M].上海:上海科学技术出版社,1983.
[81]王靖,张金锁.综合评价中确定权重向量的几种方法比较[J].河北大学学报,2001,30(2):52-57.
[82]王佳慧,吴振强.一种基于可信度的可信网络接入体系结构.第一届中国可信计算理论与实践学术会议论文集[C].北京:清华大学出版社,2009:129-135.
[83]李玉琳,高志刚,韩延玲.模糊综合评价中权值确定和合成算子选择[J].计算机工程与应用,2006,42(23):41-42.
[84]林宏刚.可信网络连接若干关键技术的研究[D].四川:四川大学,2006.
[85]RaviSandhu, JaehongPark. Usage Conrtol:A Vision for Next Generation Access control[C]. In Proceedings of The 2nd International work shop on Mathematical Methods,Models and Architectures for Computer Networks Security,2003:17-31.
[86]Jaehong Park, RaviSandhu. Towards Usage Control Models:Beyond Traditional Access Control[C]. ACM, Jun.2002:3-4.
[87]Jaehong park, Ravi sandhu. Originator control in usage control[C].3rd International Workshop on Policies for Distributed Networks(Policy02), Jun. 2002:5-7.
[88]王佳慧,吴振强.可信网络连接的全生命周期授权模型及应用.TCS2009,计算机与数字工程,2009,08:118-123.