首页 | 本学科首页   官方微博 | 高级检索  
     

基于TPM的运行时软件可信证据收集机制
引用本文:古亮,郭耀,王华,邹艳珍,谢冰,邵维忠. 基于TPM的运行时软件可信证据收集机制[J]. 软件学报, 2010, 21(2): 373-387
作者姓名:古亮  郭耀  王华  邹艳珍  谢冰  邵维忠
作者单位:高可信软件技术教育部重点实验室(北京大学),北京,100871;北京大学,信息科学与技术学院,软件研究所,北京,100871
基金项目:Supported by the National Basic Research Program of China under Grant No.2009CB320703 (国家重点基础研究发展计划(973)); the National High-Tech Research and Development Plan of China under Grant Nos.2007AA01Z462, 2007AA010304, 2008AA01Z133 (国家高技术研究发展计划(863)); the Fund for Creative Research Groups of China under Grant No.60821003 (国家创新研究群体科学 基金)
摘    要:扩展了已有的软件可信性证据模型,引入了运行时软件可信证据,从而提供了更为全面的软件可信证据模型.为了提供客观、真实、全面的可信证据,提出了一种基于可信计算技术的软件运行时可信证据收集机制.利用可信平台模块(trusted platform module,简称TPM)提供的安全功能,结合“最新加载技术(late launch)”,在操作系统层引入了一个可信证据收集代理.此代理利用TPM,可以客观地收集目标应用程序的运行时可作为软件可信证据的信息,并保障可信证据本身的可信性.该可信证据收集机制具有良好的可扩展性,能够支持面向不同应用的信任评估模型.基于Linux Security Module,在Linux中实现了一个可信证据收集代理的原型.基于该原型,分析了一个分布式计算客户端实例的相关可信属性,并且分析了可信证据收集代理在该应用实例中的性能开销.该应用实例验证了该方案的可行性.

关 键 词:高可信软件  软件可信性评估  软件可信证据  软件可信证据收集  可信计算  TPM(trusted platform module)
收稿时间:2009-06-15
修稿时间:2009-12-07

Runtime Software Trustworthiness Evidence Collection Mechanism Based on TPM
GU Liang,GUO Yao,WANG Hu,ZOU Yan-Zhen,XIE Bing and SHAO Wei-Zhong. Runtime Software Trustworthiness Evidence Collection Mechanism Based on TPM[J]. Journal of Software, 2010, 21(2): 373-387
Authors:GU Liang  GUO Yao  WANG Hu  ZOU Yan-Zhen  XIE Bing  SHAO Wei-Zhong
Affiliation:GU Liang1,2,GUO Yao1,2+,WANG Hua1,ZOU Yan-Zhen1,XIE Bing1,SHAO Wei-Zhong1,2 1(Key Laboratory of High Confidence Software Technologies(Peking University),Ministry of Education,Beijing 100871,China) 2(Institute of Software,School of Electronics Engineering , Computer Science,Peking University,China)
Abstract:This paper extends the software trustworthiness evidence framework to include the runtime software trustworthiness evidence. To collect software trustworthiness evidence in an objective, genuine and comprehensive way, it proposes a runtime software trustworthiness evidence collection mechanism based on trusted computing technology. Based on the features provided by TPM (trusted platform module), as well as the late launch technology, a trusted evidence collection agent is introduced in an operating system kernel. The agent can securely monitor executing programs and collect their trustworthiness evidence accordingly. The agent also provides some trusted services for programs to collect application specific evidences and guarantees the trustworthiness of these evidences. This mechanism has good scalability to support various applications and software trustworthiness evaluation models. This paper also implements a prototype for the agent based on Linux security model in Linux. Based on the prototype, it studies the trustworthiness evaluation for executing a client program in a distributed computing environment. In this application, the performance of prototype is studied, and the feasibility of this approach is demonstrated.
Keywords:high confidence software   software trustworthiness evaluation   software trustworthiness evidence   evidence collection   trusted computing   TPM (trusted platform module)
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号