可信计算技术研究  被引量：119

作　　者：冯登国[1] 秦宇[1] 汪丹[1] 初晓博[1] 

机构地区：[1]信息安全国家重点实验室(中国科学院软件研究所),北京100190

出　　处：《计算机研究与发展》2011年第8期1332-1349,共18页Journal of Computer Research and Development

基　　金：国家"九七三"重点基础研究发展计划基金项目(2007CB311202)

摘　　要：可信计算技术作为一种新型信息安全技术,已经成为信息安全领域的研究热点.在可信计算领域取得长足发展的同时,其关键技术仍存在许多问题亟待解决,近年来这方面的相关研究已经陆续展开.综述了在可信计算关键技术方面的研究成果,从构建可信终端的信任入手,建立了基于信任度的信任模型,给出了基于信息流的动态信任链构建方法,一定程度上解决了终端信任构建的实时性、安全性等问题.针对远程证明协议的安全性和效率问题,构造了首个双线性对属性远程证明方案和首个基于q-SDH假设的双线性对直接匿名证明方案.在可信计算测评方面,提出了一种基于扩展有限状态机的测试用例自动生成方法,并基于该方法研制了国内首个实际应用的可信计算平台测评系统.Trusted computing, as a novel technology of information security, has become an important research area of information security. TCG comprised of the international IT giants has published a series of trusted computing specifications to promote the comprehensive development of the trusted computing technology and industry, and the core specifications have been accepted as international standardization by ISO/IEC. In academia, the research institutions at home and abroad study the trusted computing technology in depth and have gained rich achievements. In China, the independent trusted computing standard infrastructure is founded with the core of TCM on the basis of the independent cryptography algorithms, forming the whole trusted computing industry chains, which breaks the monopolization of the trusted computing technology and industry by the international IT giants. With the rapid development of trusted computing field, there are still lots of problems on the key technologies to be solved, and the related research has been done in succession recently. This paper comprehensively illustrates our research results on trusted computing technology. Beginning with establishing the trust of the terminal platforms, we propose a trustworthiness-based trust model and give a method of building trust chain dynamically with information flow, which ensure the real time and security protection of the trust establishment to some extent. Aiming at the security and efficiency problems of the remote attestation protocols, we propose the first property based attestation scheme on bilinear map and the first direct anonymous attestation scheme based on the q-SDH assumption from the bilinear maps. In trusted computing testing and evaluation, we propose a method of generating test cases automatically with EFSM, and from the method develop a trusted computing platform testing and evaluation system which is the first to be applied in China practically.

关 键 词：可信计算 可信平台模块 可信密码模块 信任链 远程证明 可信计算测评 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]