基于TCM的安全Windows平台设计与实现  被引量:3

Design and implementation of secure Windows platform based on TCM

在线阅读下载全文

作  者:冯伟[1] 秦宇[1] 冯登国[1] 杨波[1] 张英骏[1] 

机构地区:[1]中国科学院软件研究所可信计算与信息保障实验室,北京100190

出  处:《通信学报》2015年第8期91-103,共13页Journal on Communications

基  金:国家自然科学基金资助项目(61202414;91118006);国家重点基础研究发展计划("973"计划)基金资助项目(2013CB338003)~~

摘  要:为了解决Windows系统的完整性度量与证明问题,提出了一种基于可信密码模块TCM(trusted cryptography module)的安全Windows平台方案。通过扩展Windows内核实现了2种安全模式:在度量模式下,所有加载的可执行程序都会被度量,度量值由TCM提供保护和对外认证;在管控模式下,度量值会进一步与管理员定制的白名单进行匹配,禁止所有不在白名单中的程序执行。实验分析表明,该方案可以增强Windows系统的安全性,抵抗一些软件攻击行为;同时,系统平均性能消耗在20~30 ms之间,不会影响Windows的正常运行。A secure Windows platform solution based on TCM was proposed to solve the integrity measurement and at- testation problem of the Windows system. Two security modes were realized by extending the Windows kernel: in the measurement mode, all executable contents that were loaded onto the Windows system were measured, and the TCM provided the protection and outward attestation for these measurements; and in the control mode, the measurements were further compared with a whitelist customized by an administrator, and all the programs that were not included in the whitelist would be prohibited from running. Experiment analysis shows that proposed solution can enhance the security of Windows platform and resist some software attacks; and at the same time, the average performance overhead is about 20-30 ms, which will not influence the normal running of Windows.

关 键 词:可信计算 完整性度量 可信密码模块 WINDOWS安全 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象