中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Subject: Computer Science (provided by Thomson Reuters)
Title:
基于属性证明的可信网络接入方案
Alternative Title: a tnc trusted network connection schema based on property attestation
Author: 赵世军 ; 冯登国
Keyword: 可信计算 ; 基于属性的远程证明 ; 可信网络接入 ; 802.1X框架
Source: 武汉大学学报(理学版)
Issued Date: 2012
Volume: 58, Issue:6, Pages:519-525
Indexed Type: CNKI ; CSCD ; WANFANG
Department: 中国科学院软件研究所;
Sponsorship: 国家自然科学基金(91118006)资助项目
Abstract: 为保证终端接入网络时的可信计算平台配置满足特定的安全要求,可信计算组织提出了可信网络接入框架,在该框架中终端向网络决策判定方请求接入网络时采用二进制证明方案进行平台证明,存在完整性管理复杂、暴露用户平台配置隐私等问题.针对上述问题,本文提出了一种基于属性的可信网络接入方案,采用基于属性的远程证明方法,将可信网络接入中的平台证明交给一个可信的安全属性证书颁发方,此属性证书颁发方根据终端平台的完整性颁发安全属性证书,负责网络接入判定的网络接入决策者根据属性证书进行网络接入判定,有效地解决了传统可信网络接入中网络接入决策者完整性管理复杂以及终端平台配置暴露等问题,并能够根据安全属性将平台接入到不同的隔离域,实现了网络中平台多域的隔离.本文在802.1X框架下实现了上述方案,实验结果显示该方案能够根据平台的安全属性实现终端平台VLAN的隔离.
English Abstract: Trusted Computing Organization(TCG) proposes the Trusted Network Connection(TNC) to ensure that a computing platform connecting to the internet satisfies the security requirements defined by the network administrator.However,TNC uses the traditional TCG-based binary attestation,which has the deficiencies of integrity management and exposing the configuration of a computing platform,to verify the integrity of the connecting platform.We propose a TNC schema based on property-based attestation,transferring the attestation to a trusted third party which issues security property certificates to remote platforms.That the network access server uses the property certificates issued by the TTP to enforce the connection decision in our schema resolves the problems of integrity managements and configuration exposure.Besides these benefits,our schema allows the network administrator segment the network into more than two separation VLAN domains,which is now used in TNC now.We implement the schema on the 802.1X framework,and the result shows that our schema can separate the platforms into different VLAN domains by their security property certificates.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/15271
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
赵世军,冯登国. 基于属性证明的可信网络接入方案[J]. 武汉大学学报(理学版),2012-01-01,58(6):519-525.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[赵世军]'s Articles
[冯登国]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[赵世军]‘s Articles
[冯登国]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace