可信计算中完整性度量模型研究

Research on the Model of Integrity Measurement to Trusted Computing

作者：李焕洲(四川师范大学网络与通信技术研究所，四川成都 610068)；林宏刚(成都信息工程学院网络工程系，四川成都 610225)；张健(四川大学电子信息学院，四川成都 610064)

Author：(Insti. of Computer Network and Communication Technol., Sichuan Normal Univ., Chengdu 610068,China)；(Dept. of Network Eng., Chengdu Univ. of Info. Technol.,Chengdu 610225,China)；(School of Electronics and Info. Eng., Sichuan Univ., Chengdu 610064,China)

收稿日期：2007-09-07 年卷（期）页码：2008,40(6):150-153

期刊名称：工程科学与技术

Journal Name：Advanced Engineering Sciences

关键字：可信计算；可信传递；完整性度量

Key words：trusted computing; transitive trust; integrity measurement

基金项目：四川省软科学研究资助项目（2006R16-021）；四川省应用基础研究资助项目（07JY029-011）

中文摘要

为了进一步丰富可信计算完整性验证机制，根据TCG规范中可信传递的思想，提出一种系统完整性度量模型，在执行前度量客体的完整性，防止恶意代码破坏系统完整性，实现信任从前一个实体传递到下一个实体，从而把信任链从运行环境延伸到应用空间。完整性度量模型扩展了现有安全模型的安全属性，它与其它安全模型的结合将能给系统提供更加细致和完善的安全策略。

英文摘要

In order to enrich further the integrity verification mechanism in trusted computing,a model of integrity measurement was presented based on the idea of transitive trust in the TCG’s criterion.In the model, the execute right of an object was defined and specified strictly, and the integrity of the object was measured before execution.The model can prohibit malicious code from compromising the integrity of system and transit trust form one entity to next one, so that the chain of trust can be extended form the BIOS all the way to application layer .The model extended the security attribute of the present security model.

【关闭】

论文摘要

可信计算中完整性度量模型研究

Research on the Model of Integrity Measurement to Trusted Computing