An image trust root is a special type of soft trust root for trusted computing. However,image trust root generation is difficult,as it needs a corresponding stable logic feature generation model and algorithm for dyna...An image trust root is a special type of soft trust root for trusted computing. However,image trust root generation is difficult,as it needs a corresponding stable logic feature generation model and algorithm for dynamical and sustained authentication. This paper proposes a basic function of constructing new scale-spaces with deep detecting ability and high stability for image features aimed at image root generation. According to the heat distribution and spreading principle of various kinds of infinitesimal heat sources in the space medium,a multi-embed nonlinear diffusion equation that corresponds to the multi-embed nonlinear scale-space is proposed,a HARRIS-HESSIAN scale-space evaluation operator that aims at the structure acceleration characteristics of a local region and can make use of image pixels' relative spreading movement principle was constructed,then a single-parameter global symmetric proportion(SPGSP) operator was also constructed. An authentication test with 3000 to 5000 cloud entities shows the new scale-space can work well and is stable,when the whole cloud has 5%-50% behavior with un-trusted entities. Consequently,it can be used as the corresponding stable logic feature generation model and algorithm for all kinds of images,and logic relationships among image features for trust roots.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and avail...Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and availability of on-demand cloud services.However,in addition to usual threats in almost every computing environment,cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm.Furthermore,since there are a growing number of attacks directed at cloud environments(including dictionary attacks,replay code attacks,denial of service attacks,rootkit attacks,code injection attacks,etc.),customers require additional assurances before adopting cloud services.Moreover,the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches.In this study,the model based on the root of trust for continuous integration and continuous deployment is proposed,instead of only relying on a single signon authentication method that typically uses only id and password.The underlying study opted hardware security module by utilizing the Trusted Platform Module(TPM),which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers.The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.展开更多
This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolat...This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the vip operating system is malicious. This protects the secure sensitive codes against the malicious codes in the vip OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the vip OS running on mainstream hypervisors.展开更多
基金The national natural science foundation (61672442,61503316,61273290,61373147)Xiamen Scientific Plan Project (2014S0048,3502Z20123037)+1 种基金Fujian Scientific Plan Project (2013HZ00041)Fujian provincial education office A-class project(JA13238)
文摘An image trust root is a special type of soft trust root for trusted computing. However,image trust root generation is difficult,as it needs a corresponding stable logic feature generation model and algorithm for dynamical and sustained authentication. This paper proposes a basic function of constructing new scale-spaces with deep detecting ability and high stability for image features aimed at image root generation. According to the heat distribution and spreading principle of various kinds of infinitesimal heat sources in the space medium,a multi-embed nonlinear diffusion equation that corresponds to the multi-embed nonlinear scale-space is proposed,a HARRIS-HESSIAN scale-space evaluation operator that aims at the structure acceleration characteristics of a local region and can make use of image pixels' relative spreading movement principle was constructed,then a single-parameter global symmetric proportion(SPGSP) operator was also constructed. An authentication test with 3000 to 5000 cloud entities shows the new scale-space can work well and is stable,when the whole cloud has 5%-50% behavior with un-trusted entities. Consequently,it can be used as the corresponding stable logic feature generation model and algorithm for all kinds of images,and logic relationships among image features for trust roots.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金The research work was supported by UTP-Universitas Telkom,Indonesia International Collaborative Research Funding(ICRF)015ME0-153 and Center for Graduate Studies(CGS),Universiti Teknologi PETRONAS(UTP),Perak,Malaysia.
文摘Cloud computing has gained significant use over the last decade due to its several benefits,including cost savings associated with setup,deployments,delivery,physical resource sharing across virtual machines,and availability of on-demand cloud services.However,in addition to usual threats in almost every computing environment,cloud computing has also introduced a set of new threats as consumers share physical resources due to the physical co-location paradigm.Furthermore,since there are a growing number of attacks directed at cloud environments(including dictionary attacks,replay code attacks,denial of service attacks,rootkit attacks,code injection attacks,etc.),customers require additional assurances before adopting cloud services.Moreover,the continuous integration and continuous deployment of the code fragments have made cloud services more prone to security breaches.In this study,the model based on the root of trust for continuous integration and continuous deployment is proposed,instead of only relying on a single signon authentication method that typically uses only id and password.The underlying study opted hardware security module by utilizing the Trusted Platform Module(TPM),which is commonly available as a cryptoprocessor on the motherboards of the personal computers and data center servers.The preliminary proof of concept demonstrated that the TPM features can be utilized through RESTful services to establish the root of trust for continuous integration and continuous deployment pipeline and can additionally be integrated as a secure microservice feature in the cloud computing environment.
基金Supported by the National Natural Science Foundation of China (60970125)the Major State Basic Research Development Program of China (2007CB310900)
文摘This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the vip operating system is malicious. This protects the secure sensitive codes against the malicious codes in the vip OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the vip OS running on mainstream hypervisors.
