一种基于中间件的可信软件保护模型

软件的可信性是可信计算的研究热点之一。首先描述了可信计算平台和可信平台模块的基本概念,接着结合安全中间件和可信计算模型,在现有的PC体系结构下,提出了一种具体的基于中间件的可信软件保护模型,着重介绍了新模型的体系结构和系统组成,最后通过实例对软件保护机制进行了详细的说明。新模型具有通用性强和易于实现的特点,对于软件可信性保证的研究以及软件可信保护系统的建立具有一定的意义。     

基于可信网络连接的安全RFID中间件分析与设计

针对RFID系统中面临的诸多安全隐患问题,认为利用RFID中间件所处的特殊位置,在其上部署安全机制,是一种行之有效的解决方案。提出在RFID中间件系统中借鉴可信网络连接的概念,结合对终端可信度的度量,基于WebService设计了一种实现方案,达到对RFID读写器接入系统的动态管理控制。测试验证结果表明,该方案可以有效地对终端行为进行监控并实时修正对应访问策略,达到了安全接入控制的目的。     

一种基于端对端平台可信性互认证的可信迁移框架及协议

针对计算平台间的对象(如进行/线程、服务和移动代理)迁移的安全问题,提出了一种基于端对端平台可信性相互认证的迁移框架.从受保护的底层硬件开始,使用可信平台模块TPM的完整性度量机制来实现计算平台间、平台与服务以及封存状态数据的可信认证.通过提出的认证协议可保证迁移对象在可信的计算环境中转移.该迁移框架及认证协议为网格计算、集群和分布式计算取得高可用性、高安全性提供了一种可行性现实方案.     

基于ARM TrustZone技术的移动可信平台

随着第3代移动通信网络的开通,手机的安全问题日益成为人们关注的焦点,传统的纯软件安全方案无法彻底解决纷繁复杂的安全隐患.TCG(可信计算组织)发布了MTM(mobile trusted modules)规范[1],为移动计算平台提供了一种可信的解决方案.同时,ARM开发的TrustZone技术[2]为实现MTM提供了一种可行的技术方案.     

一种可信软件设计方法及可信性评价

针对可信计算组织TCG(Trusted Computing Group)的信任链无法保障软件运行时动态可信的问题,对该信任链进行扩充,引入对软件运行时动态可信性的检测,提出了可信引擎驱动的可信软件信任链模型,并在此基础上提出了一种可信软件设计方法及可信性评价策略.通过引入描述软件可信行为轨迹的可信视图,在可信软件检查点处植入检查点传感器,将软件可信性融入软件设计中.通过对软件的完整性度量以及运行过程中软件行为轨迹的监测,实现软件的可信性保障.实验分析表明:采用该方法设计的软件能够有效地检测软件异常,并且成功检测软件异常的能力明显优于基于TCG信任链的软件.     

Linux可信引导技术研究

可信计算对于信息系统的安全需求,提出了新的计算机系统安全解决方案,成为目前安全领域的研究热点.提出基于可信平台模块TPM(Trusted Platform Module)的Linux引导技术,阐述Linux引导模块之间信任链的建立及完整性度量的方法.任何模块加载执行之前必须通过完整性度量才能获得控制权,远程系统通过完整性度量值验证引导过程是否真实可信.     

可信网络连接完整性度量模型分析

本文分析了当前网络安全面临的主要问题,介绍了TCG组织提出的可信网络连接体系结构,深入阐释了可信网络连接的完整性度量模型.并对可信网络连接体系结构中可信链的传递过程进行归纳.最后对可信网络连接发展中可能遇到的问题作出探讨.     

可信系统与网络

容错计算学科领域,以IEEE国际容错计算会议为标志,发展了30年之后,于2000年定名为可信计算与通信。本文提供一些信息,报导一些新情况,供研究人员特别是我国科技管理人员参考。     

基于Unikernel技术的移动通信网络虚拟可信管理技术研究

虚拟化技术提高了物理资源的利用效率,但是虚拟化技术也面临虚拟机逃逸、跳跃攻击、虚拟机蔓延、隐通道、DMA攻击等安全风险,可信芯片技术可以从源头保证平台可信性,保证虚拟域的安全可信。本方案提出一种基于Unikernel技术的虚拟可信管理服务器构建方案,能够实现虚拟化环境下可信安全管理,不再将虚拟可信管理组件和可信平台模块放在特权域Domain0中,而是将虚拟TPM的管理组件与所需操作系统功能库编译并链接为一个密封的、具有单独地址空间的、专门的虚拟机镜像,直接运行在Hypervisor之上,能够为虚拟域提供可信管理服务。     

面向验证的软件可信证据与可信评估

随着软件可信性问题的凸显,近年来人们开始从不同的角度、不同的出发点研究与软件可信有关的问题。从认识和理解软件的角度,基于对软件的思考以及认识越深入软件越可信这样一个观点,在对传统的软件可信证据收集与分类方法进行分析的基础上,提出了基于验证的可信证据模型。该证据模型的提出在一定程度上弥补了传统的可信证据收集与分类方法的不足,便于多维性评估,有利于可信演化,符合人的认识习惯。最后,基于该可信证据模型,为探索解决可信评估问题提出了一种可行的方法。     

可信计算及其关键技术研究

The dependability is the latest and highest techno-target used to evaluate the performance quality of a dis-tributed computing system in open network environment, it includes traditional reliability, availability, robustness,survivability, security, data integrity and software protecting ability, etc. A dependable system should not only be provided with fault tolerance ability, but also withstand from risk and recover from disaster, its realization foun dationis the high availability of the information transmission Jaetwork and survivability, fault tolerance and security safe-guard of the system. This paper presents a survey of the survivability mechanisms such as long-distance backup, clus-ter and system recovery, while discussing the techniques of fault tolerance design and information network system se-curity safeguard, and analyzing the information redundant dispersal strategy and model for survivability and security safeguard.     

Middleware for Wireless Sensor Networks: A Survey

Wireless Sensor Networks(WSNs)have found more and more applications in a variety of pervasive computing environments.However,how to support the development,maintenance,deployment and execution of applications over WSNs remains to be a nontrivial and challenging task,mainly because of the gap between the high level requirements from pervasive computing applications and the underlying operation of WSNs.Middleware for WSN can help bridge the gap and remove impediments.In recent years,research has been carri...     

普适计算中间件技术的研究与进展

当前,普适计算已经成为计算机科学中一个极具活力和影响力的研究领域。普适计算环境规模很大并且具有高度异构性,如网络架构的异构性、硬件平台的异构性、操作系统的异构性、应用服务的异构性等,而普适计算中间件技术可以解决异构性和跨平台特征,提供不同服务的集成应用,因此成为普适计算中的一个研究热点。基于此,本文对于目前国外关于普适计算中间件技术的研究现状做了一个总结;通过分析和比较,给出了普适计算中间件的设计原则;探讨了普适计算中间件技术的未来发展方向。     

面向科学计算的网格环境

为了充分整合分布的高性能计算资源,本文提出一种面向科学计算的网格环境,旨在形成一个可统一管理和运行维护的虚拟的超级计算机资源,面向用户提供统一、易用、可靠的科学计算服务。面向科学计算的网格环境通过轻量级网格中间件SCE汇聚资源,支持作业的全局调度、数据的统一管理视图,面向用户提供命令行和网格门户两种使用方式,并提供编程接口供专业社区和学科平台二次开发使用,满足不同层次的用户需求。目前,面向科学计算的网格环境已经在中国科学院超级计算环境(ScGrid)中得到应用和用户认可。     

基于代理的网格计算中间件

WADE系统是基于代理技术实现的一个可屏蔽异构和分布性的动态自适应的校园计算网格，提出了基于代理技术在校园网络内实现并行计算的方法，详细论述了基于代理的网格计算中间件的体系结构和主要模块功能，阐述了利用代理实现异构编译、协同计算的过程，给出了代理的Java实现方法，利用软件代理实现网格计算中间件，可以解决异构计算平台下多种并行编程环境的协同计算问题，为用户提供统一的服务接口，这将大大增强系统的可用性。     

Middleware for Internet of Things: Survey and Challenges

The Internet of things (IoT) applications span many potential fields. Furthermore, smart homes, smart cities, smart vehicular networks, and healthcare are very attractive and intelligent applications. In most of these applications, the system consists of smart objects that are equipped by sensors and Radio Frequency Identification (RFID) and may rely on other technological computing and paradigm solutions such as M2M (machine to machine) computing, Wifi, Wimax, LTE, cloud computing, etc. Thus, the IoT vision foresees that we can shift from traditional sensor networks to pervasive systems, which deliver intelligent automation by running services on objects. Actually, a significant attention has been given to designing a middleware that supports many features; heterogeneity, mobility, scalability, multiplicity, and security. This papers reviews the-state-of-the-art techniques for IoT middleware systems and reveals an interesting classification for these systems into service and agent-oriented systems. Therefore two visions have emerged to provide the IoT middleware systems: Via designing the middleware for IoT system as an eco-system of services or as an eco-system of agents. The most common feature of the two approaches is the ability to overcome heterogeneity issues. However, the agent approach provides context awareness and intelligent elements. The review presented in this paper includes a detailed comparison between the IoT middleware approaches. The paper also explores challenges that form directions for future research on IoT middleware systems. Some of the challenges arise, because some crucial features are not provided (or at most partially provided) by the existing middleware systems, while others have not been yet tackled by current research in IoT.     

Middleware Support for Internetware: A Service Perspective

The advent of Internet technology introduces a revolution to software application and development paradigms. Traditional software development and application patterns have been shifted to Internet-based service sharing and collaboration among partners across the Internet. This new paradigm imposes new challenges and complexity in the lifecycle of software development, deployment, execution and maintenance. Middleware, an intermediate layer to abstract the homogeneity and hide the di?erence of underlying systems, can be used to reduce the complexity of managing the lifecycle of Internet applications. In this paper, we exploit the needs of middleware support for Internet-based applications from a service perspective. We investigate the potential requirements and features of Internetware, and analyze the state-of-the-art solutions. We also discuss the remaining issues and their challenges, and explore the potential future research directions.     

普适计算中间件技术的研究

普适计算中间件是目前普适计算领域的研究热点之一。普适计算环境的动态性和异构性对中间件技术提出了新的要求,而动态对象模型中间件和自适应中间件能够适应普适计算环境。文章主要分析了这两种中间件的基本原理、关键技术和特点。     

Resource Management Middleware for Dynamic,Dependable Real-Time Systems

Thispaper presents resource management techniques that achieve thequality of service (QoS) requirements of dynamic real-time systemsusing open architectures and commercial off-the-shelf technologies(COTS). Dynamic real-time systems are subject to constant changessuch as a varying external environment, overload of internalsystems, component failure, and evolving operational requirements.Examples of such systems include the emerging generation of computer-based,command and control systems of the U.S. Navy. To enable the engineeringof such systems, we present adaptive resource management middlewaretechniques that achieve the QoS requirements of the system. Themiddleware performs QoS monitoring and failure detection, QoSdiagnosis, and reallocation of resources to adapt the systemto achieve acceptable levels of QoS. Experimental characterizationsof the middleware using a real-time benchmark illustrate itseffectiveness for adapting the system for achieving the desiredreal-time and survivability QoS during overload situations.     

网络计算中间件

网络计算中间件是随着互联网的发展而于20世纪90年代兴起的一类基础软件,网络计算中间件为各种网络应用系统的开发、部署、运行和管理提供了有力支持.随着信息网络技术和软件服务工程的快速发展,网络计算中间件又被赋予了新的内涵,首先从网络计算环境出发,就基础中间件、应用集成中间件和领域应用框架的基本概念和主要技术作较全面的诠释;然后聚焦于云计算和物联网等网络计算的热点研究方向,从中间件的角度指出当前值得关注的某些挑战性研究课题和需要深入探索的若干关键技术.