Hardware腾讯rom

腾讯rom  时间:2021-01-29  阅读:()
IntegrityMeasurementbasedonTrustedComputingYimingLi1,a,HaiheBa2,bandJiangchunRen3,c1CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China2CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China3CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,Chinaaemail:jason.
24@qq.
com,bemail:bahaihe@hotmail.
com,cemail:wwwrjc@163.
comKeywords:TrustedComputing;IntegrityMeasurement;RemoteAttestationAbstract.
Withtherapiddevelopmentofmoderninformationtechnology,moreandmorepeoplebelievethattheprotectionofhardwareequipmentmustbeenhancedinordertoimprovethesecuritycapabilitiesofcomputerinformationsystemsbetter.
Trustedcomputingimprovethetrustworthinessofsystemthroughthesecurechipfromhardwarelevel,usingthetrustedroot,chainoftrust,trustedmodeltoensuretheintegrityofthesystem,andexpandsthetrustedchaintoapplicationlayer,ensuresthecredibilityofsoftwarethroughmeasurementandverificationtechnology.
Inthispaper,wewillintroducerelatedhotresearchaboutintegritymeasurement.
IntroductionTheideaoftrustedcomputingderivedfromsuccessfulmanagementexperienceinhumansociety,thatis,eachcountryhasastablerootoftrust,andbuildtrustchainsecuritymechanismbasedonit,whichisresponsibleforthemanagementandimplementationofthenationallevelsofassessment.
However,atpresent,hasnotyetformedaunifieddefinitionontrust.
TrustedComputingGroup(TCG)definedatrustedentity'sbehaviorisalwaysintheexpectedway,toachievethedesiredgoal,thencallthisentityistrusted[1,2].
Asystemistrustediftheoperationorprocedureofcomponentsinvolvedinthecomputingispredicableinanyconditions,andcanprotectagainstvirusesandphysicaldisturbance,definedbyInternationalOrganizationforStandardization/InternationalElectroTechnicalCommission(ISO/IEC).
Measurethetrustworthinessofcomputingsystems,andstoremeasurementsecurely;provideattestationreportwhenremoteobjectaskedforsystem'strustworthiness,thismechanismreferredto"Measure-Storage-Report"mechanism.
Thismechanismdoesnotonlyensurethetrustworthinessofthetrustedcomputingsystem,butalsohavetheabilitytoprovidetrustedproofoutward.
Rootoftrustisthebasispointoftrustedcomputersystem,thereare3trustedrootsoftrustedcomputingplatform,whichisRootofTrustforMeasurement(RTM),RootofTrustforStorage(RTS)andRootofTrustforReport(RTR).
Theyarethetrustedbasepointsofcomputersystem,measurementofplatformandstorageofplatformseparately.
AsshowninFig1,chainoftrustreflects"Measure-Storage-Report"mechanismwell,thatis,measurethetrustworthinessofcomputingplatform,storemeasurementvalueandprovideattestationreport.
Chainoftrustisthetechnicalimplementationoftrustmeasurementmodel,toextendtrustrelationshipfromrootoftrusttoentirecomputingplatform.
Usinganiterativecalculationofhashvalue,whichisconnectingpresentvaluewithnewvalue,andthencalculatehashvalueasanewmeasurement.
Aftermeasurementandstorage,providingattestationreportwhentheremoteentityasked.
ThismechanismiscalledRemoteAttestation.
BIOSBootSectorOSBIOSBootBlockApplicationNetworkHardwareROMMainMemoryTrustModelMeasureStoreReportLogRootofTrustRTSRTRFig.
1.
ChainoftrustmodelIntegrityMeasurementbasedonStaticRootofTrustMeasurementApplicationintegritymeasurementandverificationneedtoprovewhetherthetrustworthinessoflocalcomputingsystemisinlinewiththepredictionofbothlocalandremoteauthenticator.
a.
Binary-basedEarlyintegritymeasurementandverificationismainlyaboutintegritymeasurementofbinarycodeimage,softwareconfiguration.
ThatusingTPMsignatureandlogofintegritymeasurementtoprovetheintegritystatusofsoftware.
Thismethodrequiresplatformmorestringent,isnotflexibleenough,therearetwodisadvantages:(1)Privacy.
IntegritymeasurementbasedonbinaryneedsTPMsignature,andcontainschainoftrust,exposingtheconfigurationinformationofplatform,provideabreakthroughtohostiletosomeextent,sothatlocalcomputingsystemismorevulnerabletovariousattacks.
(2)Difficulttoupdate.
Chainoftrustinvolvingmultiplesystemcomponents,theinformationandversiondifferentfromeachother.
Systemupdatelikelytocausetheintegrityinformationisdifficulttoverify.
IBMhasdesignedandimplementedIMA(IntegrityMeasureArchitecture)3basedonTCGspecifications,measureanintegrityintheorderfromrootoftrust,BIOS,bootsector,OStoapplications,progressivemeasureandtrustlevelbylevel.
Thismethodisabletodetectcurrentoperatingstatusofsystem,whichcouldfindpossibletampering.
IMAmeasurementmodulehasbeenusedasapartofLinuxsecuritymechanisms,andarewidelyusedinavarietyofpracticalapplications.
b.
Property-basedToovercometheshortcomingsofbinaryauthentication,Haldarproposedsemanticremoteauthenticationscheme[4],usingatrustedvirtualmachinetoverifycertainsemanticpropertiesofprogram,achievingacomplexanddynamicintegritymeasurementofadvancedapplicationprograminaplatform-independentway;ChenfromHPLabsproposedtheproperty-basedremoteattestation,convertedbinaryattestationtoproperty-basedattestationbyusingthemainfunctionsofTCG,solvedissueslikesensitiveinformationleakageandupdatedifficultycausedbybinarymeasurement,andselectedatrustedthirdpartyastheissuerofproperty-configurationcertificate.
TheauthenticationmethodbasedonpropertyproposedbySadeghietal.
[5]isabletoestablishmappingbetweenpropertiesandplatformconfigurationsbyreportingplatform'sproperties,andestablishingpropertiesbytrustedcertificateauthority.
Binary-basedmeasurementmechanismprovidesbasicprotectionfortheintegrityofsystemsandapplications,butthereisahugeapplicationlimitations,especiallyinthesystemwithmultipleversionsofmodules;property-basedintegritymeasurementcanovercomethelimitationofbinary-basedintegritymeasurement,playaneffectiveroleinthebinaryimagewithsamepropertybutdifferenthashes,thespecificdifferencesisshowninTable1.
Table1.
ComparisonbetweendifferenttypesofintegritymeasurementBinary-basedProperty-basedObjectsExecutablebinarycodePropertyofplatformTypicalSystemsIMA[3],PRIMA[6]PBA[7],CPBA[8]PrivacyMayleakprivacyProtectprivacyEffectsLowefficiencyPracticalandscalableIntegrityMeasurementbasedonDynamicRootofTrustMeasurementThemeasurementaboveisIMAintegritymeasurementarchitecturebasedonStaticRootofTrustMeasurement,measureintegrityonlywhensystemstartup,cannotguaranteetheintegrityoftheprocess.
Tomakeupfortheseshortcomings,TCG1.
2specification[9]definesanewmechanism:verifythestartupprocessbyDynamicRootofTrustMeasurement(DRTM).
Intel'sTXT(TrustExecutionTechnology)[10]andAMD'sSVM(SecureVirtualMachineExtension)[11]arebothusingDRTMasunderlyingtrustmechanism.
ThedynamicestablishingprocessoftrustedenvironmentbasedonDRTMisknownasLateLaunchinTCG1.
2specification,toguaranteeatrustedstartupofavirtualmachinemanager.
BIND[12]proposedbyCarnegieMellonUniversityisfine-grainedsecuritycertificationservicefordistributedsystems,byusingTPM-basedmeasurementandsignaturemechanism,insertameasurepointineachprocessandprotectrunningprocessbyusingsecurekernelbasedonAMDsecurecoprocessor,toachievedynamicmeasurementsoftrustedprocesses.
BernhardKauer[13]analyzedtrustedcomputingsystembasedonStaticRootofTrustMeasurement(SRTM)indetail,pointedoutthesecurityvulnerabilitiesofthisRTM,andproposedasafeopeningloaderOSLO,transferredrootoftrustfromSRTMtoDRTMbyusingAMD'sskinitinstruction,narrowedthetrustedcomputingbaseofapplicationandweakenedtheattacksagainstTPMandBIOS.
CarnegieMellonUniversityCylablaboratorydesignedTrustVisor[14]basedonvirtualmachinemonitor,whichprovidesmemoryisolation,DMAprotectionandseveralvirtualTPMinterfaces(suchasSeal/UnSeal,Extend,Quote,etc.
),asaresult,notonlyprotectsuser'ssecuresensitivecodebutalsoreducestheimpactofDRTMforrunningefficiency.
UnlikeSRTM,DRTMisabletostartatanytimeandberepeatedanynumberoftimes.
ThereareagreatdifferencebetweenchainoftrustbasedonSRTMandDRTM,thespecificcomparisonasshowninTable2.
Table2.
ComparisonbetweendifferentchainsoftrustDRTM-basedSRTM-basedConfigurationTPM/TCMchipTPM/TCMchip,CPUsupportedspecialinstructionProtectionNospecialhardwareprotectionDisableDMAandinterruptConstructiontimeOnlywhensystempowerupAnytimewhensystemisrunningTrustedcomputingbaseRTM,BIOS,bootsector,OSandupperlayerapplicationSpecialinstructionsinIntelandAMDConclusionSecurityandtrustworthinessofcurrentservicesfocusedonprotectionofmessagelayer,trustedcomputingandsecurityserviceshasnotformedaneffectiveinteraction,italsomakesthecurrentinformationsystemfaceenormouschallenges.
Thispaperdescribestheservicesandsecuritytechnologies,trustedcomputingbase,staticmeasurementtechniquesofprogram,behaviorandsomeprinciplesandtechniquesoftraditionaltrustedcomputing,introducesthelatestdevelopmentoftrustedcomputingtechnology,comparingtheadvantagesanddisadvantagesofvarioustechniques.
References[1]TrustedComputingGroup(TCG).
http://www.
trustedcomput-inggroup.
org.
[2]ModuleTP.
MainSpecification,Level2,Version1.
2,Revision116(2011)[J].
[3]R.
Sailer,X.
Zhang,etal.
DesignandimplementationofaTCG-basedintegritymeasurementarchitecture.
Proceedingsofthe13thUsenixSecuritySymposium,August2004,pp.
223-238.
[4]V.
Haldar,D.
Chandra,etal.
,SemanticRemoteAttestation-VirtualMachineDirectedApproachtoTrustedComputing.
Proc.
ofthe3rdVirtualMachineResearchandTechnologySymposium,2004,pp.
29-41.
[5]R.
Sadeghi,etal.
,Property-basedattestationforcomputingplatforms:caringaboutproperties,notmechanisms.
ProcoftheNewSecurityParadigmsWorkshop,2004,pp.
67-77.
[6]T.
Jaeger,R.
Sailer,etal.
,PRIMA:Policy-ReducedIntegrityMeasurementArchitecture.
Proc.
ofACMSymposiumonAccessControlModelsandTechnologies,2006,pp.
19-28.
[7]ChenL,LandfermannR,LhrH,etal.
Aprotocolforproperty-basedattestation[C]//ProceedingsofthefirstACMworkshoponScalabletrustedcomputing.
ACM,2006:7-16.
[8]YuQin,DengguoFeng.
Remoteattestationbasedoncomponentproperty[J].
JournalofSoftware,2009,20(6):1625-1641.
[9]TCG.
PCclientspecifictpminterfacespecification.
Version1.
2,revision1.
00.
http://www.
trustedcomputinggroup.
org,July2005.
[10]Inteltrustedexecutiontechnologymledevelopersguide.
http://www.
intel.
com/technology.
[11]AMD64virtualization:Securevirtualmachinearchitecturereferencemanual.
AMDPublicationNo.
33047rev.
3.
01,May2005.
[12]ElaineShi,AdrianPerrig,LeendertVanDoorn.
BIND:AFine-grainedAttestationServiceforSecureDistributedSystem.
Proc.
oftheIEEESymposiumonS&P,2005,pp.
154-168.
[13]KauerB.
OSLO:ImprovingthesecurityofTrustedComputing[C]//ProceedingsoftheUSENIXSecuritySymposium.
2007,24(25):173.
[14]McCuneJM,LiY,QuN,etal.
TrustVisor:EfficientTCBreductionandattestation[C]//SecurityandPrivacy(SP),2010IEEESymposiumon.
IEEE,2010:143-158.

打开海外主机域名商出现"Attention Required"原因和解决

最近发现一个比较怪异的事情,在访问和登录大部分国外主机商和域名商的时候都需要二次验证。常见的就是需要我们勾选判断是不是真人。以及比如在刚才要访问Namecheap检查前几天送给网友域名的账户域名是否转出的,再次登录网站的时候又需要人机验证。这里有看到"Attention Required"的提示。我们只能手工选择按钮,然后根据验证码进行选择合适的标记。这次我要选择的是船的标识,每次需要选择三个,一...

Vultr VPS新增第18个数据中心 瑞典斯德哥尔摩欧洲VPS主机机房

前几天还在和做外贸业务的网友聊着有哪些欧洲机房的云服务器、VPS商家值得选择的。其中介绍他选择的还是我们熟悉的Vultr VPS服务商,拥有比较多达到17个数据中心,这不今天在登录VULTR商家的时候看到消息又新增一个新的机房。这算是第18个数据中心,也是欧洲VPS主机,地区是瑞典斯德哥尔摩。如果我们有需要欧洲机房的朋友现在就可以看到开通的机房中有可以选择瑞典机房。目前欧洲已经有五个机房可以选择,...

韩国服务器租用优惠点评大全

韩国服务器怎么样?韩国云服务器租用推荐?韩国服务器距离中国近,有天然的地域优势,韩国服务器速度快而且非常稳定!有不少有亚洲市场的外贸公司选择韩国服务器开拓业务,韩国服务器因自身的优势也受到不少用户的青睐。目前的IDC市场上,韩国、香港、美国三个地方的服务器几乎占据了海外服务器的百分之九十以上。韩国服务器相比美国服务器来说速度更快,而相比香港机房来说则带宽更充足,占用市场份额非常大。那么,韩国服务器...

腾讯rom为你推荐
电脑管家和360哪个好电脑管家和360安全卫士哪个好电脑管家和360哪个好360和电脑管家哪个好迈腾和帕萨特哪个好新帕萨特怎么样 迈腾和帕萨特哪个好手机浏览器哪个好目前手机浏览器哪个最好朱祁钰和朱祁镇哪个好朱高炽是不是被朱瞻基谋杀的?朱祁镇和朱祁钰谁更好机械表和石英表哪个好自动石英表与全自动机械表哪个好朗逸和速腾哪个好大众速腾和朗逸哪个好啊?核芯显卡与独立显卡哪个好核芯显卡和独立显卡哪个好?请直接点谢谢啦!oppo和vivo哪个好vivo和oppo建议买哪个美国国际东西方大学现在去哪国留学最有前途?
域名抢注工具 asp.net主机 全球付 外国服务器 163网 ixwebhosting xen 网页背景图片 大容量存储 php免费空间 帽子云 新世界服务器 web服务器搭建 西安服务器托管 路由跟踪 lamp的音标 免费php空间 移动王卡 塔式服务器 什么是dns 更多