中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
题名:
可信虚拟平台安全机制研究
作者: 秦宇
答辩日期: 2009-01-14
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 可信计算 ; 可信平台模块 ; 可信虚拟 ; 可信虚拟平台 ; 远程证明 ; 更新证明 ; 并发证明
其他题名: Research on security mechanisms of trust virtualization platform
摘要: 本文主要研究可信虚拟平台上远程证明安全机制的模型和特殊问题,为此我们首先从普通可信计算平台远程证明出发,从证明粒度上扩展和改进了属性远程证明方法,确立了远程证明设计和实现的基本安全要求;然后根据可信虚拟平台上TPM的应用体系结构,提出兼顾动态信任根DRTM和虚拟机并发使用的TPM实用模型,为可信虚拟平台远程证明建立基础;紧接着讨论了虚拟机配置改变导致原有远程证明失效的问题,给出了可信虚拟平台更新证明方法;最后从远程证明实际应用需求出发,考虑可信虚拟平台复杂的动态性和并发性,给出了完整的可信虚拟平台并发远程证明模型和设计原则,提出了多虚拟机、多应用程序并发远程证明方法。 本文丰富了可信计算特色功能远程证明安全机制的研究内容,一方面完善了基于属性的远程证明方法,另一方面扩大远程证明的平台类型,拓展了远程证明的研究内容。分析了现有远程证明问题,结合可信虚拟平台自身特色,解决可信虚拟平台上远程证明动态性、并发性等特殊问题。在远程证明动态性方面采用配置杂凑树的方法表示出配置更新增量,提高了更新证明的效率;在远程证明并发性方面采用证明凭证链的方法实现多实例并发证明,据我们所知,对远程证明的并发性方面的讨论和研究尚属首次。本文提出了可信虚拟平台动态并发远程证明安全模型,并总结远程证明八项设计原则:真实性、动态性、一致性、并发性、隐私性、属性可撤销、抗伪装和重放攻击,对于设计实用的远程证明应用具有一定的指导价值。 本文侧重于可信虚拟平台远程证明的实用性研究,没有过多的关注于具体的证明类型和证明协议,从全新的角度来研究远程证明的动态性和并发性问题,扩大了远程证明研究的外延,对于后续相关研究具有一定的启发意义。
英文摘要: This thesis focuses on studying the models and special problems of remote at-testation security mechanism for trust virtualization platform. For this we firstly ex-pand and improve the property-based attestation method on attestation granularity from common remote attestation for trusted computing platform, and establish the ba-sic security requirement of the remote attestation design and application. Then it is proposed that TPM practical model covering the dynamic trust root DRTM and virtual machine concurrent usage according to TPM application architecture on trust virtual-ization platform. Next the problem of remote attestation invalidation caused by virtual machine configuration change is discussed, and the update attestation method on trust virtualization platform is given out. From the practical application demand of remote attestation, in view of complicated dynamic characteristic and concurrency on trust virtualization platform, the complete remote attestation model and design principles are given out, and the attestation method on multiple virtual machines and multiple applications is presented at last. This thesis enriches the research contents on remote attestation security mecha-nism which is trusted computing feature function. It perfects property-based attesta-tion method on one hand, and it enlarges platform types, expands the contents for re-mote attestation on the other. The special problems about remote attestation dynamic characteristic, concurrency and so on for trust virtualization platform are attempted to solve by analyzing current attestation problems, combining the trust virtualization feature. In the aspect of dynamic characteristic the Merkle hash tree is used to repre-sent the increment of configuration update for improving update attestation efficiency. In the aspect of concurrency the attestation credential chains are used to implement multiple instances attestation. As far as I know, remote attestation concurrency study is the first tentative research. The security model of dynamic concurrent remote at-testation is proposed, it is also summarized that eight design principles of remote at-testation including authentic, dynamic characteristic, insistency, concurrency, privacy, property revocability, impersonation attack and replay attack resistance. These works have certain guidance value on remote attestation design. This thesis concerns on practicability of remote attestation on trust virtualization platform, and it does not focus on concrete attestation type and protocol. The dynamic characteristic and concurrent problems are studies from a new perspective, enlarging the research extension of remote attestation, so that it has certain inspirational value to relative subsequent research.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7476
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200518015029049秦宇_paper.pdf(1467KB)----限制开放-- 联系获取全文

Recommended Citation:
秦宇. 可信虚拟平台安全机制研究[D]. 软件研究所. 中国科学院软件研究所. 2009-01-14.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[秦宇]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[秦宇]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace