一种基于Xen的TPM访问控制改进方法

An Improved Method of TPM Access Control Based on Xen

下载PDF

导出

摘要针对可信平台模块(TPM)访问受重放攻击和替换攻击威胁的问题,提出一种改进的TPM访问控制方法.首先建立TPM长期访问控制功能,通过创建额外授权数据以保证进程结束后继续授权会话,同时将TPM地址与Domain U的身份标识号相关联,以保护其地址免受替换攻击.其次,建立TPM所有权共享功能,允许多个DomainU使用相同的TPM地址并防止死锁,因共享地址不能被重写,可保护敏感数据免受攻击.最后基于Xen实现了该方法并评估了其性能.实验结果证明了该方法的可行性和有效性,TPM访问性能开销在可接受的范围内. Aimed at solving the problem that TPM access was threatened by attacks such as replay attack and substitution attack,an improved method of TPM access control was proposed.First,TPM long term access control function was established.Extra authorization data was created to continue authorization session after finishing the process.Meanwhile,TPM address was related with an ID of Domain U to protect TPM address form substitution attack.Then,TPM shared ownership function was established,allowing plural Domain Us to use the same TPM address and preventing from the deadlock.Sensitive data was protected against attack because shared address was not rewritable.Finally,this method was implemented based on Xen and its performance was evaluated.Experiments results verified the feasibility and the effectiveness of this method and the overhead of TPM access was within the acceptable range.

作者季涛李永忠

机构地区江苏科技大学计算机科学与工程学院

出处《微电子学与计算机》 CSCD 北大核心 2012年第11期152-156,共5页 Microelectronics & Computer

基金江苏省高校自然科学基金项目(05KJD52006) 江苏省研究生培养创新工程(CXZZ12_0722) 江苏科技大学科研项目(2005DX006J)

关键词可信平台模块访问控制授权虚拟机 XEN trusted platform module access control authorization virtual machine Xen

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献10

1SHEN ChangXiang,ZHANG HuanGuo,WANG HuaiMin,WANG Ji,ZHAO Bo,YAN Fei,YU FaJiang,ZHANG LiQiang,XU MingDi.Research on trusted computing and its development[J].Science China(Information Sciences),2010,53(3):405-433. 被引量：39
2Chen Haiho, Chen Jieyun, Mao Wenbo, et al. Daonity-Grid security from two levels of virtualization[J].Information Security Technical Report. 2007,12 (3) : 123-138.
3Carl A W. Memory resource management in VMwareESX server[C] // Proceedings of the 5 th symposium onOperating systems design and implementation. NewYork: ACM Press,2002 : 181-194.
4Zhang Xiaolan,Suzanne M, Pankaj R, et al. Xen-Socket : A high-throughput interdomain transport forVMs[C] // Proceedings of the ACM/IFIP/USENIX2007 International Conference on Middleware. NewYork: Springer-Verlag,2007 : 184-203.
5Todd D,Zachary S, Jeanna N M,et al. Quantitativecomparison of Xen and KVM[C] // In Xen Summit.Boston: USENIX Association, 2008 : 1-2.
6顾韵华,李丹,陈玮.基于认证可信度的角色访问控制模型[J].微电子学与计算机,2009,26(7):5-8. 被引量：3
7秦宇,兰海波.TPM虚拟域安全模型[J].中国科学院研究生院学报,2011,28(5):648-658. 被引量：2
8England P, Loeser J. Para-virtualized TPM sharing[C]// Proceedings of the 1st International Conferenceon Trusted Computing and Trust in Information Tech-nologies; Trusted Computing-Challenges and Applica-tions. Berlin: Springer-Verla, 2009 : 119-132.
9Matthias B,Michael S,Georg B,et al. Non-intrusivevirtualization management using libvirt[C] // Proceed-ings of the Conference on Design,Automation andTest in Europe. Belgium: ACM Press, 2010: 574-579.
10Shane B, Eimear G, Chris J M, et al. Challenges fortrusted computing [J]. IEEE Security and Privacy,2008,6(6):60-66.

二级参考文献36

1黄强,沈昌祥,陈幼雷,方艳湘.基于可信计算的保密和完整性统一安全策略[J].计算机工程与应用,2006,42(10):15-18. 被引量：27
2陈平,孙宏伟,顾明.基于指纹识别和智能卡的安全电子报税系统[J].计算机应用研究,2007,24(2):134-137. 被引量：2
3陆汝钤.人工智能[M].北京：科学出版社,2002.823-843.
4Loscocoo P A,Smalley S D. The inevitability of failure: the flawed assumption of security in modern computing environments[C]//Proc of the 21st National Information Systems Security Conefrence. Chicago, 1998:303- 314.
5Sandhu R S, Coyne E J, Feinstein H L, et al. Role - based access control models[ J ]. IEEE Computer, 1996,29 (2) : 38 - 47.
6Mui L, Mohtashemi M, Halberstadt A. A computational model of trust and reputation[C/OL]//Proc of the 36th Hawaii International Conference on System Sciences, Hawaii, 2002. [ 2008 - 06 - 06 ]. http://csdl.computer. org/comp/proceedings/hicss/2002/1435/07/14350188.pdf.
7冀汶莉.基于RBAC模型的权限管理系统的研究与应用[J].微电子学与计算机,2007,24(8):86-88. 被引量：20
8Trusted Computing Group. TPM main part 1, design principles specification, version 1.2 revision 62 [ EB/OL] (2003-10)[ 2010-08-15 ] https ://www. trustedcomputinggroup, org/home.
9Trusted Computing Group. TCG software stack (TSS) specification, version 1. 10 [ EB/OL 1- ( 2003 ) [ 2010-08-20 ] https: //www. trustedcomputinggroup, org.
10Trusted Computing Group. TCG trusted network connect, TNC architecture for interoperability specification version 1.0 revision 4,3 [ EB/ OL ]. ( 2005-05 ) [ 2010-08-20 ] https ://www. trustedcomputinggroup, org/home.

共引文献41

1田俊峰,朱叶.Trust Shell Based Constitution Model of Trusted Software[J].China Communications,2011,8(4):11-22. 被引量：2
2刘帮涛,罗敏,陈爱国,尹德辉.一种基于可信计算的动态口令机制[J].华中科技大学学报（自然科学版）,2013,41(S1):383-387.
3邓永晖,卿昱,左朝树,庞飞.基于可信度的网络接入补救机制[J].信息安全与通信保密,2010,7(4):71-73.
4张焕国,王丽娜,杜瑞颖,傅建明,赵波.信息安全学科体系结构研究[J].武汉大学学报（理学版）,2010,56(5):614-620. 被引量：36
5于江,苏锦海,戴紫彬.一种动态分级密钥管理方案的设计与分析[J].微电子学与计算机,2011,28(5):71-74.
6邓寒冰,赵立军,张霞,刘积仁.大型应用系统软件生产线实践[J].计算机科学与探索,2011,5(7):633-641. 被引量：2
7徐士伟,张焕国.基于应用π演算的可信平台模块的安全性形式化分析[J].计算机研究与发展,2011,48(8):1421-1429. 被引量：5
8LI Jing,ZHANG Huanguo,ZHAO Bo,FANG Lingling.A Trusted Environment Construction Method for Security-Sensitive Software[J].Wuhan University Journal of Natural Sciences,2011,16(5):383-390.
9刘澜,袁道华,童星,王钟磊.一种针对可信计算平台的分布式可信验证机制[J].计算机工程与应用,2012,48(2):99-102. 被引量：1
10田俊峰,韩金娥,杜瑞忠,王勇.基于软件行为轨迹的可信性评价模型[J].计算机研究与发展,2012,49(7):1514-1524. 被引量：7

1哇哈哈.屏蔽指定进程[J].电脑迷,2015,0(4):76-76.
2陈旭日,杜敏.基于Kerberos委派的多应用系统单点登录机制的研究[J].山东交通学院学报,2005,13(3):64-66. 被引量：2
3Windows 95稳固性进一步增强[J].软件世界,1995(11):19-22. 被引量：1
4许洪军,张志立.基于VISUAL C++的进程间通信技术探讨[J].中文信息（程序春秋）,2003(7):90-94.
5Windows7备份时出错[J].电脑爱好者（普及版）,2011(A02):142-142.
6刁振军.基于三层特权级的系统安全体系研究[J].电子技术与软件工程,2014(18):247-247. 被引量：2
7李贤强.Delphi编程实现U盘锁[J].电脑编程技巧与维护,2009(21):80-82.
8赵娜,贾宗璞,彭维平,宋成.基于双线性映射的TPM密钥授权数据派生方案[J].计算机应用研究,2016,33(8):2425-2428.
9李贤强.Windows 2000/XP系统下防止进程被强制结束[J].电脑编程技巧与维护,2009(23):75-77.
10张兴,张晓菲,刘毅,沈昌祥.一种新的授权数据管理方案[J].武汉大学学报（理学版）,2007,53(5):518-522. 被引量：3

微电子学与计算机

2012年第11期

浏览历史

内容加载中请稍等...

一种基于Xen的TPM访问控制改进方法

参考文献10

二级参考文献36

共引文献41

相关作者

相关机构

相关主题

浏览历史