可信终端动态运行环境的可信证据收集代理
作者:
作者单位:

作者简介:

通讯作者:

基金项目:

国家自然科学基金(60970113); 四川省青年基金(60903073)


Trusted Agent for Collecting Trustworthiness Evidence in Terminal Dynamical Running Environment
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
    摘要:

    可信计算的链式度量机制不容易扩展到终端所有应用程序,因而可信终端要始终保证其动态运行环境的可信仍然较为困难.为了提供可信终端动态运行环境客观、真实、全面的可信证据,设计并实现了一个基于可信平台模块(trusted platform model,简称TPM)的终端动态运行环境可信证据收集代理.该代理的主要功能是收集可信终端内存、进程、磁盘文件、网络端口、策略数据等关键对象的状态信息和操作信息.首先,通过扩展TPM 信任传递过程及其度量功能保证该代理的静态可信,利用可信虚拟机监视器(trusted virtual machine monitor,简称TVMM)提供的隔离技术保证该代理动态可信;然后,利用TPM 的加密和签名功能保证收集的证据的来源和传输可信;最后,在Windows 平台中实现了一个可信证据收集代理原型,并以一个开放的局域网为实验环境来分析可信证据收集代理所获取的终端动态运行环境可信证据以及可信证据收集代理在该应用实例中的性能开销.该应用实例验证了该方案的可行性.

    Abstract:

    The chain measurement mechanism of trusted computing doesn’t easily extend to all applications in the terminal, so it is difficult for the terminal to always maintain the trust of the dynamic running environment of the terminal. To collect trustworthiness evidence in an objective, genuine, and comprehensive way, a trusted evidence collection agent based on TPM is designed and developed. Its main function is collecting the critical objects in the dynamic environment of the terminal, such as memory, process, disk files, network ports, policy data, and so on. First, the static and dynamic creditability of the agent is assured by the measurement function of trusted platform module (TPM) and isolation mechanism of trusted virtual machine monitor (TVMM), and then the creditability of original and transmit of the collecting evidences is assured by the encryption and signature function. This paper also implements a prototype of the agent in Windows platform. Based on the prototype, the paper examines the trustworthiness evaluation for executing the agent program in a local area network distributed computing environment. In this application, the performance of prototype is studied, and the feasibility of this approach is demonstrated.

    参考文献
    相似文献
    引证文献
引用本文

谭良,陈菊.可信终端动态运行环境的可信证据收集代理.软件学报,2012,23(8):2084-2103

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
历史
  • 收稿日期:2011-01-24
  • 最后修改日期:2011-08-24
  • 录用日期:
  • 在线发布日期: 2012-08-07
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号