Research on theory and key technology of trusted computing platform security testing and evaluation  被引量：11

作　　者：ZHANG HuanGuo1,2, YAN Fei1,2, FU JianMing1,2, XU MingDi1,2, YANG Yang1,2, HE Fan1,2 & ZHAN Jing1,2 1School of Computer, Wuhan University, Wuhan 430072, China 2Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China 

出　　处：《Science China(Information Sciences)》2010年第3期434-453,共20页中国科学（信息科学）（英文版）

基　　金：supported by the National Natural Science Foundation of China (Grant Nos. 60673071, 60970115 and 90718005);the National High-Tech Research & Development Program of China (Grant Nos. 2007AA01Z411,2006AA01Z442);the Open Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Grant Nos. AISTC2008 01, AISTC2008Q02).

摘　　要：Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.

关 键 词：information security trusted computing trusted computing platform testing and evaluation 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]