基于可信计算基的主机可信安全体系结构研究  被引量:7

Research on Trusted Security Host Architecture Based on Trusted Computing Base

在线阅读下载全文

作  者:黄强 常乐 张德华 汪伦伟 

机构地区:[1]信息保障技术重点实验室,北京100072

出  处:《信息网络安全》2016年第7期78-84,共7页Netinfo Security

基  金:信息保障技术重点实验室开放基金[KJ-14-101]

摘  要:可信计算技术的深入应用,必须要解决与传统认证、加密、访问控制等安全机制的融合问题。文章通过研究构建主机可信/安全统一的安全体系结构,从主机安全体系结构研究背景以及为安全增强主机的设计出发,通过研究传统安全体系结构与可信计算体系结构的关系,并对国内外具有代表性的可信计算体系结构进行比较,分析了保护数据完整性和系统完整性上的主要区别。最后文章指出可信计算机制可以提升可信计算基的安全结构和保障。文章阐述了构建可信计算增强的主机安全体系结构的几个重要机制:结合可信认证机制的认证体系;结合可信计算机制的数据安全机制;结合可信运行控制与强制访问控制的可执行程序安全控制流程。Starting from the host computer security architecture studying background and the requirement of designing actual high-security computer, we discuss trusted & security union architecture here to fuse trusted computing mechanism with legacy security mechanism like access control or authentication. First, the relationship between trusted computing and legacy security architecture is discussed. The TCG architecture and China trusted computing architecture is also compared with their differences in data integrity and system integrity. At last, we make the conclusion that trusted computing mechanism can enhance the security architecture and assurance the TCB’s characters. Several critical mechanisms are discussed to help for realizing and supporting this architecture: authentication with trusted computing devices and other legacy methods, data protecting mechanism supported by trusted computing and ifle execution control mechanism combining trusted validation control and mandatory access control.

关 键 词:安全体系结构 可信计算 可信计算基 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象