Hardware腾讯rom

腾讯rom  时间:2021-01-29  阅读:()
IntegrityMeasurementbasedonTrustedComputingYimingLi1,a,HaiheBa2,bandJiangchunRen3,c1CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China2CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China3CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,Chinaaemail:jason.
24@qq.
com,bemail:bahaihe@hotmail.
com,cemail:wwwrjc@163.
comKeywords:TrustedComputing;IntegrityMeasurement;RemoteAttestationAbstract.
Withtherapiddevelopmentofmoderninformationtechnology,moreandmorepeoplebelievethattheprotectionofhardwareequipmentmustbeenhancedinordertoimprovethesecuritycapabilitiesofcomputerinformationsystemsbetter.
Trustedcomputingimprovethetrustworthinessofsystemthroughthesecurechipfromhardwarelevel,usingthetrustedroot,chainoftrust,trustedmodeltoensuretheintegrityofthesystem,andexpandsthetrustedchaintoapplicationlayer,ensuresthecredibilityofsoftwarethroughmeasurementandverificationtechnology.
Inthispaper,wewillintroducerelatedhotresearchaboutintegritymeasurement.
IntroductionTheideaoftrustedcomputingderivedfromsuccessfulmanagementexperienceinhumansociety,thatis,eachcountryhasastablerootoftrust,andbuildtrustchainsecuritymechanismbasedonit,whichisresponsibleforthemanagementandimplementationofthenationallevelsofassessment.
However,atpresent,hasnotyetformedaunifieddefinitionontrust.
TrustedComputingGroup(TCG)definedatrustedentity'sbehaviorisalwaysintheexpectedway,toachievethedesiredgoal,thencallthisentityistrusted[1,2].
Asystemistrustediftheoperationorprocedureofcomponentsinvolvedinthecomputingispredicableinanyconditions,andcanprotectagainstvirusesandphysicaldisturbance,definedbyInternationalOrganizationforStandardization/InternationalElectroTechnicalCommission(ISO/IEC).
Measurethetrustworthinessofcomputingsystems,andstoremeasurementsecurely;provideattestationreportwhenremoteobjectaskedforsystem'strustworthiness,thismechanismreferredto"Measure-Storage-Report"mechanism.
Thismechanismdoesnotonlyensurethetrustworthinessofthetrustedcomputingsystem,butalsohavetheabilitytoprovidetrustedproofoutward.
Rootoftrustisthebasispointoftrustedcomputersystem,thereare3trustedrootsoftrustedcomputingplatform,whichisRootofTrustforMeasurement(RTM),RootofTrustforStorage(RTS)andRootofTrustforReport(RTR).
Theyarethetrustedbasepointsofcomputersystem,measurementofplatformandstorageofplatformseparately.
AsshowninFig1,chainoftrustreflects"Measure-Storage-Report"mechanismwell,thatis,measurethetrustworthinessofcomputingplatform,storemeasurementvalueandprovideattestationreport.
Chainoftrustisthetechnicalimplementationoftrustmeasurementmodel,toextendtrustrelationshipfromrootoftrusttoentirecomputingplatform.
Usinganiterativecalculationofhashvalue,whichisconnectingpresentvaluewithnewvalue,andthencalculatehashvalueasanewmeasurement.
Aftermeasurementandstorage,providingattestationreportwhentheremoteentityasked.
ThismechanismiscalledRemoteAttestation.
BIOSBootSectorOSBIOSBootBlockApplicationNetworkHardwareROMMainMemoryTrustModelMeasureStoreReportLogRootofTrustRTSRTRFig.
1.
ChainoftrustmodelIntegrityMeasurementbasedonStaticRootofTrustMeasurementApplicationintegritymeasurementandverificationneedtoprovewhetherthetrustworthinessoflocalcomputingsystemisinlinewiththepredictionofbothlocalandremoteauthenticator.
a.
Binary-basedEarlyintegritymeasurementandverificationismainlyaboutintegritymeasurementofbinarycodeimage,softwareconfiguration.
ThatusingTPMsignatureandlogofintegritymeasurementtoprovetheintegritystatusofsoftware.
Thismethodrequiresplatformmorestringent,isnotflexibleenough,therearetwodisadvantages:(1)Privacy.
IntegritymeasurementbasedonbinaryneedsTPMsignature,andcontainschainoftrust,exposingtheconfigurationinformationofplatform,provideabreakthroughtohostiletosomeextent,sothatlocalcomputingsystemismorevulnerabletovariousattacks.
(2)Difficulttoupdate.
Chainoftrustinvolvingmultiplesystemcomponents,theinformationandversiondifferentfromeachother.
Systemupdatelikelytocausetheintegrityinformationisdifficulttoverify.
IBMhasdesignedandimplementedIMA(IntegrityMeasureArchitecture)3basedonTCGspecifications,measureanintegrityintheorderfromrootoftrust,BIOS,bootsector,OStoapplications,progressivemeasureandtrustlevelbylevel.
Thismethodisabletodetectcurrentoperatingstatusofsystem,whichcouldfindpossibletampering.
IMAmeasurementmodulehasbeenusedasapartofLinuxsecuritymechanisms,andarewidelyusedinavarietyofpracticalapplications.
b.
Property-basedToovercometheshortcomingsofbinaryauthentication,Haldarproposedsemanticremoteauthenticationscheme[4],usingatrustedvirtualmachinetoverifycertainsemanticpropertiesofprogram,achievingacomplexanddynamicintegritymeasurementofadvancedapplicationprograminaplatform-independentway;ChenfromHPLabsproposedtheproperty-basedremoteattestation,convertedbinaryattestationtoproperty-basedattestationbyusingthemainfunctionsofTCG,solvedissueslikesensitiveinformationleakageandupdatedifficultycausedbybinarymeasurement,andselectedatrustedthirdpartyastheissuerofproperty-configurationcertificate.
TheauthenticationmethodbasedonpropertyproposedbySadeghietal.
[5]isabletoestablishmappingbetweenpropertiesandplatformconfigurationsbyreportingplatform'sproperties,andestablishingpropertiesbytrustedcertificateauthority.
Binary-basedmeasurementmechanismprovidesbasicprotectionfortheintegrityofsystemsandapplications,butthereisahugeapplicationlimitations,especiallyinthesystemwithmultipleversionsofmodules;property-basedintegritymeasurementcanovercomethelimitationofbinary-basedintegritymeasurement,playaneffectiveroleinthebinaryimagewithsamepropertybutdifferenthashes,thespecificdifferencesisshowninTable1.
Table1.
ComparisonbetweendifferenttypesofintegritymeasurementBinary-basedProperty-basedObjectsExecutablebinarycodePropertyofplatformTypicalSystemsIMA[3],PRIMA[6]PBA[7],CPBA[8]PrivacyMayleakprivacyProtectprivacyEffectsLowefficiencyPracticalandscalableIntegrityMeasurementbasedonDynamicRootofTrustMeasurementThemeasurementaboveisIMAintegritymeasurementarchitecturebasedonStaticRootofTrustMeasurement,measureintegrityonlywhensystemstartup,cannotguaranteetheintegrityoftheprocess.
Tomakeupfortheseshortcomings,TCG1.
2specification[9]definesanewmechanism:verifythestartupprocessbyDynamicRootofTrustMeasurement(DRTM).
Intel'sTXT(TrustExecutionTechnology)[10]andAMD'sSVM(SecureVirtualMachineExtension)[11]arebothusingDRTMasunderlyingtrustmechanism.
ThedynamicestablishingprocessoftrustedenvironmentbasedonDRTMisknownasLateLaunchinTCG1.
2specification,toguaranteeatrustedstartupofavirtualmachinemanager.
BIND[12]proposedbyCarnegieMellonUniversityisfine-grainedsecuritycertificationservicefordistributedsystems,byusingTPM-basedmeasurementandsignaturemechanism,insertameasurepointineachprocessandprotectrunningprocessbyusingsecurekernelbasedonAMDsecurecoprocessor,toachievedynamicmeasurementsoftrustedprocesses.
BernhardKauer[13]analyzedtrustedcomputingsystembasedonStaticRootofTrustMeasurement(SRTM)indetail,pointedoutthesecurityvulnerabilitiesofthisRTM,andproposedasafeopeningloaderOSLO,transferredrootoftrustfromSRTMtoDRTMbyusingAMD'sskinitinstruction,narrowedthetrustedcomputingbaseofapplicationandweakenedtheattacksagainstTPMandBIOS.
CarnegieMellonUniversityCylablaboratorydesignedTrustVisor[14]basedonvirtualmachinemonitor,whichprovidesmemoryisolation,DMAprotectionandseveralvirtualTPMinterfaces(suchasSeal/UnSeal,Extend,Quote,etc.
),asaresult,notonlyprotectsuser'ssecuresensitivecodebutalsoreducestheimpactofDRTMforrunningefficiency.
UnlikeSRTM,DRTMisabletostartatanytimeandberepeatedanynumberoftimes.
ThereareagreatdifferencebetweenchainoftrustbasedonSRTMandDRTM,thespecificcomparisonasshowninTable2.
Table2.
ComparisonbetweendifferentchainsoftrustDRTM-basedSRTM-basedConfigurationTPM/TCMchipTPM/TCMchip,CPUsupportedspecialinstructionProtectionNospecialhardwareprotectionDisableDMAandinterruptConstructiontimeOnlywhensystempowerupAnytimewhensystemisrunningTrustedcomputingbaseRTM,BIOS,bootsector,OSandupperlayerapplicationSpecialinstructionsinIntelandAMDConclusionSecurityandtrustworthinessofcurrentservicesfocusedonprotectionofmessagelayer,trustedcomputingandsecurityserviceshasnotformedaneffectiveinteraction,italsomakesthecurrentinformationsystemfaceenormouschallenges.
Thispaperdescribestheservicesandsecuritytechnologies,trustedcomputingbase,staticmeasurementtechniquesofprogram,behaviorandsomeprinciplesandtechniquesoftraditionaltrustedcomputing,introducesthelatestdevelopmentoftrustedcomputingtechnology,comparingtheadvantagesanddisadvantagesofvarioustechniques.
References[1]TrustedComputingGroup(TCG).
http://www.
trustedcomput-inggroup.
org.
[2]ModuleTP.
MainSpecification,Level2,Version1.
2,Revision116(2011)[J].
[3]R.
Sailer,X.
Zhang,etal.
DesignandimplementationofaTCG-basedintegritymeasurementarchitecture.
Proceedingsofthe13thUsenixSecuritySymposium,August2004,pp.
223-238.
[4]V.
Haldar,D.
Chandra,etal.
,SemanticRemoteAttestation-VirtualMachineDirectedApproachtoTrustedComputing.
Proc.
ofthe3rdVirtualMachineResearchandTechnologySymposium,2004,pp.
29-41.
[5]R.
Sadeghi,etal.
,Property-basedattestationforcomputingplatforms:caringaboutproperties,notmechanisms.
ProcoftheNewSecurityParadigmsWorkshop,2004,pp.
67-77.
[6]T.
Jaeger,R.
Sailer,etal.
,PRIMA:Policy-ReducedIntegrityMeasurementArchitecture.
Proc.
ofACMSymposiumonAccessControlModelsandTechnologies,2006,pp.
19-28.
[7]ChenL,LandfermannR,LhrH,etal.
Aprotocolforproperty-basedattestation[C]//ProceedingsofthefirstACMworkshoponScalabletrustedcomputing.
ACM,2006:7-16.
[8]YuQin,DengguoFeng.
Remoteattestationbasedoncomponentproperty[J].
JournalofSoftware,2009,20(6):1625-1641.
[9]TCG.
PCclientspecifictpminterfacespecification.
Version1.
2,revision1.
00.
http://www.
trustedcomputinggroup.
org,July2005.
[10]Inteltrustedexecutiontechnologymledevelopersguide.
http://www.
intel.
com/technology.
[11]AMD64virtualization:Securevirtualmachinearchitecturereferencemanual.
AMDPublicationNo.
33047rev.
3.
01,May2005.
[12]ElaineShi,AdrianPerrig,LeendertVanDoorn.
BIND:AFine-grainedAttestationServiceforSecureDistributedSystem.
Proc.
oftheIEEESymposiumonS&P,2005,pp.
154-168.
[13]KauerB.
OSLO:ImprovingthesecurityofTrustedComputing[C]//ProceedingsoftheUSENIXSecuritySymposium.
2007,24(25):173.
[14]McCuneJM,LiY,QuN,etal.
TrustVisor:EfficientTCBreductionandattestation[C]//SecurityandPrivacy(SP),2010IEEESymposiumon.
IEEE,2010:143-158.

云步云72.5元/月起云服务器,香港安畅/葵湾/将军澳/沙田/大浦CN2机房,2核2G5M

云步云怎么样?云步云是创建于2021年的品牌,主要从事出售香港vps、美国VPS、日本VPS、香港独立服务器、香港站群服务器等,机房有香港、美国、日本东京等机房,目前在售VPS线路有CN2+BGP、CN2 GIA,香港的线路也是CN2直连大陆,该公司旗下产品均采用KVM虚拟化架构。目前,云步云提供香港安畅、沙田、大浦、葵湾、将军澳、新世界等CN2机房云服务器,2核2G5M仅72.5元/月起。点击进...

香港2GB内存DIYVM2核(¥50月)香港沙田CN2云服务器

DiyVM 香港沙田机房,也是采用的CN2优化线路,目前也有入手且在使用中,我个人感觉如果中文业务需要用到的话虽然日本机房也是CN2,但是线路的稳定性不如香港机房,所以我们在这篇文章中亲测看看香港机房,然后对比之前看到的日本机房。香港机房的配置信息。CPU内存 硬盘带宽IP价格购买地址2核2G50G2M1¥50/月选择方案4核4G60G3M1¥100/月选择方案4核8G70G3M4¥200/月选择...

随风云25元/月 ,德阳高防云服务器 2核2G 10M 75元/月 内蒙古三线BGP服务器 2核2G 5M

公司介绍成都随风云科技有限公司成立于2021年,是国内领先的互联网业务平台服务提供商。公司专注为用户提供低价高性能云计算产品,致力于云计算应用的易用性开发,并引导云计算在国内普及。目前公司研发以及运营云服务基础设施服务平台(IaaS),面向全球客户提供基于云计算的IT解决方案与客户服务,拥有丰富的国内BGP、双线高防、香港等优质的IDC资源。公司一直秉承”以人为本、客户为尊、永续创新&...

腾讯rom为你推荐
金士顿内存卡怎么样威刚内存怎么样日本软银集团请介绍一下日本软银。向那些中国企业投资过?百度空间首页登录百度空间租车平台哪个好手机租赁平台哪个好?绝地求生加速器哪个好绝地求生用什么加速器比较好?手机杀毒软件哪个好手机用杀毒软件,用哪样的好英语词典哪个好什么英语词典好?红茶和绿茶哪个好红茶和绿茶哪个更好?红茶和绿茶哪个好红茶和绿茶 那个更好p图软件哪个好有什么P图工具比较好用
域名停靠 美国主机排名 cybermonday linode日本 安云加速器 pw域名 服务器怎么绑定域名 2017年万圣节 typecho 轻量 网通ip 个人域名 新天域互联 谁的qq空间最好看 ntfs格式分区 新家坡 国外视频网站有哪些 杭州电信宽带 酷锐 湖南铁通 更多