期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

操作系统内核的动态可信度量模型 被引量:1

Dynamic trusted measurement model of operating system kernel
在线阅读 下载PDF
导出
摘要 动态可信度量是可信计算的研究热点和难点,针对由操作系统内核动态性所引起的可信度量困难问题,提出一种操作系统内核的动态可信度量模型,使用动态度量变量描述和构建系统动态数据对象及其关系,对内核内存进行实时数据采集,采用语义约束描述内核动态数据的动态完整性,通过语义约束检查验证内核动态数据是否维持其动态完整性。给出了模型的动态度量性质分析与证明,模型能够有效地对操作系统内核的动态数据进行可信度量,识别对内核动态数据的非法篡改。 Dynamic trusted measurement is a hot and difficult research topic in trusted computing.Concerning the measurement difficulty invoked by the dynamic nature of operating system kernel,a Dynamic Trusted Kernel Measurement(DTKM) model was proposed.Dynamic Measurement Variable(DMV) was presented to describe and construct dynamic data objects and their relations,and the method of semantic constraint was proposed to measure the dynamic integrity of kernel components.In DTKM,the collection of memory data was implemented in real-time,and the dynamic integrity was verified by checking whether the constructed DMV was consistent with semantic constraints which were defined based on the security semantics.The nature analysis and application examples show that DTKM can effectively implement dynamic measurement of the kernel and detect the illegal modification of the kernel dynamic data.
作者 辛思远 赵勇 廖建华 王婷
机构地区 信息工程大学电子技术学院 北京工业大学计算机学院 北京大学信息科学技术学院 [
出处 《计算机应用》 CSCD 北大核心 2012年第4期953-956,967,共5页 journal of Computer Applications
基金 国家863计划项目(2009AA01Z437) 国家973计划项目(2007CB311100) 国家"核高基"科技重大专项(2010ZX01037-001-001)
关键词 可信计算 可信度量 动态度量 操作系统内核 远程证明 trusted computing trusted measurement dynamic measurement operating system kernel remote attestation
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献15

  • 1刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879. 被引量:49
  • 2沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J].中国科学(E辑),2007,37(2):129-150. 被引量:365
  • 3SAILER R,ZHANG X L,JAEGER T,et al.Design and implemen-tation of a TCG-based integrity measurement architecture[C]//Pro-ceedings of the l3th Usenix Security Symposium.Berkeley:USE-NIX,2004:223-238.
  • 4PORITZ J,SCHUNTER M,HERREWEGHEN E V,et al.Propertyattestation-scalable and privacy friendly security assessment of peercomputers,RZ-3548[R],New York:IBM,2004.
  • 5SADEGHI A,STLIBLE C.Property-based attestation for computingplatforms:Caring about properties,not mechanisms[C]//Proceed-ings of the New Security Paradigms Workshop.New York:ACM,2004:67-77.
  • 6MICHAEL B,DORNSEIF M,KLEIN C N.FireWire:All yourmemory are belong to us[EB/OL].[2011-08-10].http://md.hudora.de/presentations/#firewire-cansecwest.
  • 7SERGEY B,NIHAL D C,EVAN S,et al.TOCTOU,traps,andtrusted computing[C]//Proceedings of Trust 2008,LNCS 4968.Berlin:Springer,2008:14-32.
  • 8NUCK L P,TIMOTHY F,JESUS M,et al.Copilot—a coprocessor-based kernel runtime integrity monitor[C]//Proceedings of the 13thUsenix Security Symposium,Berkeley:USENIX,2004:179-194.
  • 9MARTIN A,MIHAI B,ULFAR E,et al.Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer andCommunications Security.New York:ACM,2005:340-353.
  • 10NICK L P,MICHAEL H.Automated detection of persistent kernelcontrol-flow attacks[C]//Proceedings of the 14th ACM Conferenceon Computer and Communications Security.New York:ACM,2007:103-115.

二级参考文献23

共引文献404

同被引文献10

引证文献1

二级引证文献2

计算机应用
2012年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部