中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
一种基于完整性度量架构的数据封装方法
Alternative Title: a data sealing approach based on integrity measurement architecture
Author: 沈晴霓 ; 杜虹 ; 文汉 ; 卿斯汉
Keyword: Computer operating systems
Source: 计算机研究与发展
Issued Date: 2012
Volume: 49, Issue:1, Pages:210-216
Indexed Type: cnki,ei,wanfang
Department: 北京大学软件与微电子学院信息安全系;网络与软件安全保障教育部重点实验室(北京大学);国家保密科学技术研究所;中国科学院软件研究所;
Abstract: 封装存储是可信计算平台的一项重要功能,它能将数据的加密存储与平台状态结合起来,提供了更强的安全存储保证.但现代操作系统结构越来越复杂,各种启动项的加载顺序也相对随机;平台配置的频繁改变、软件更新及系统补丁等都限制了封装存储的应用.而操作系统级的完整性度量架构(IMA)能将信任链扩展到整个计算平台,为封装存储提供了支持.为此,基于IMA提出一种新的数据封装方法,采用相对固定的标准状态来封装,结合易变IMA度量列表和结果以及经过签名的名单策略来评估平台状态,解决了操作系统复杂性带来的配置寄存器(PCR)的值不确定性和软件更新及系统补丁带来的频繁封装问题.
English Abstract: As an important capability of trusted computing platform, sealing can provide strong data storage security by combining data's encryption with the platform configuration, by which data can only be unsealed under specific configurations. However, sealing operation is hard to use for the complexity of modern OS, the randomness of the loading order of the booting components, the frequently changing configuration, software update and patches. IMA (integrity measurement architecture) implemented in operating system could measure the dynamic configurations and extend them to the trust chain of the whole trusted platform, and then support the data sealing. Therefore, a new approach to data sealing based on IMA is proposed here, which seals data to a relatively fixed configuration in PCR0-PCR7 (Platform Configuration Register) and then applies a list policy (black list policy or white list policy) to the measurement list (ML) in IMA for the variable configuration in PCR10 to determine whether the unseal operation can be performed. Finally, a prototype system "TPM Master" implemented in Linux is given and its performance and security analysis are both evaluated. The results show that the proposed approach could solve the issue of the PCR value varying with the OS complexity and make updating process much more flexible by the list policy, without re-sealing the original data.
Language: 中文
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/14616
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:
File Name/ File Size Content Type Version Access License
一种基于完整性度量架构的数据封装方法.pdf(1113KB)----限制开放 联系获取全文

Recommended Citation:
沈晴霓,杜虹,文汉,等. 一种基于完整性度量架构的数据封装方法[J]. 计算机研究与发展,2012-01-01,49(1):210-216.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[沈晴霓]'s Articles
[杜虹]'s Articles
[文汉]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[沈晴霓]‘s Articles
[杜虹]‘s Articles
[文汉]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2021  中国科学院软件研究所 - Feedback
Powered by CSpace