检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:阎林[1,2,3] 张建标[1,2,3] 张艾[4]
机构地区:[1]北京工业大学计算机学院,北京100124 [2]可信计算北京市重点实验室,北京100124 [3]信息安全等级保护关键技术国家工程实验室,北京100124 [4]北京工业大学北京-都柏林国际学院,北京100124
出 处:《北京工业大学学报》2017年第1期100-107,共8页Journal of Beijing University of Technology
基 金:北京市委组织部-优秀人才培养计划(Q0007016201501)
摘 要:为了解决传统的操作系统引导机制存在关键验证信息被绕过的风险和引导数据被篡改的安全隐患,基于可信计算理论,结合带光盘文件系统的智能卡技术,提出了基于通用智能卡的可信引导方案.在不改变智能卡和终端设备的硬件和固件结构的基础上,通过改造智能卡的存储数据和磁盘的引导数据,实现用户身份信息、智能卡和终端设备绑定的安全目标,将可信计算机制从开机加电扩展至应用层,确保操作系统的初始状态可信.通过安全性分析和性能分析,证明终端设备引导的安全性,并且在实际应用中得到了验证.The risk of the key authentication information being bypassed and the potential safety hazard of booting data being tampered with both exist in the booting mechanism of the traditional operating system.Based on the theory of trusted computing,combined with the technology of smart card with CD-ROM file system,a scheme of trusted boot based on general smart card was proposed. Without changing the structure of hardware and firmware of the smart card and terminal device,through the transformation of storage data in the smart card and disk booting data,the security objective of binding the user's identity information,the smart card and the terminal device were achieved. The trusted computing mechanism was extended from power on to the application layer to ensure that the initial state of operating system was trustworthy. Through the analysis of security and performance,the security of terminal device bootstrap was proven,which has been verified in practical applications.
分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
