Hardware腾讯rom

腾讯rom  时间:2021-01-29  阅读:()
IntegrityMeasurementbasedonTrustedComputingYimingLi1,a,HaiheBa2,bandJiangchunRen3,c1CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China2CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,China3CollegeofComputer,NationalUniversityofDefenseTechnology,Changsha,Hunan410073,Chinaaemail:jason.
24@qq.
com,bemail:bahaihe@hotmail.
com,cemail:wwwrjc@163.
comKeywords:TrustedComputing;IntegrityMeasurement;RemoteAttestationAbstract.
Withtherapiddevelopmentofmoderninformationtechnology,moreandmorepeoplebelievethattheprotectionofhardwareequipmentmustbeenhancedinordertoimprovethesecuritycapabilitiesofcomputerinformationsystemsbetter.
Trustedcomputingimprovethetrustworthinessofsystemthroughthesecurechipfromhardwarelevel,usingthetrustedroot,chainoftrust,trustedmodeltoensuretheintegrityofthesystem,andexpandsthetrustedchaintoapplicationlayer,ensuresthecredibilityofsoftwarethroughmeasurementandverificationtechnology.
Inthispaper,wewillintroducerelatedhotresearchaboutintegritymeasurement.
IntroductionTheideaoftrustedcomputingderivedfromsuccessfulmanagementexperienceinhumansociety,thatis,eachcountryhasastablerootoftrust,andbuildtrustchainsecuritymechanismbasedonit,whichisresponsibleforthemanagementandimplementationofthenationallevelsofassessment.
However,atpresent,hasnotyetformedaunifieddefinitionontrust.
TrustedComputingGroup(TCG)definedatrustedentity'sbehaviorisalwaysintheexpectedway,toachievethedesiredgoal,thencallthisentityistrusted[1,2].
Asystemistrustediftheoperationorprocedureofcomponentsinvolvedinthecomputingispredicableinanyconditions,andcanprotectagainstvirusesandphysicaldisturbance,definedbyInternationalOrganizationforStandardization/InternationalElectroTechnicalCommission(ISO/IEC).
Measurethetrustworthinessofcomputingsystems,andstoremeasurementsecurely;provideattestationreportwhenremoteobjectaskedforsystem'strustworthiness,thismechanismreferredto"Measure-Storage-Report"mechanism.
Thismechanismdoesnotonlyensurethetrustworthinessofthetrustedcomputingsystem,butalsohavetheabilitytoprovidetrustedproofoutward.
Rootoftrustisthebasispointoftrustedcomputersystem,thereare3trustedrootsoftrustedcomputingplatform,whichisRootofTrustforMeasurement(RTM),RootofTrustforStorage(RTS)andRootofTrustforReport(RTR).
Theyarethetrustedbasepointsofcomputersystem,measurementofplatformandstorageofplatformseparately.
AsshowninFig1,chainoftrustreflects"Measure-Storage-Report"mechanismwell,thatis,measurethetrustworthinessofcomputingplatform,storemeasurementvalueandprovideattestationreport.
Chainoftrustisthetechnicalimplementationoftrustmeasurementmodel,toextendtrustrelationshipfromrootoftrusttoentirecomputingplatform.
Usinganiterativecalculationofhashvalue,whichisconnectingpresentvaluewithnewvalue,andthencalculatehashvalueasanewmeasurement.
Aftermeasurementandstorage,providingattestationreportwhentheremoteentityasked.
ThismechanismiscalledRemoteAttestation.
BIOSBootSectorOSBIOSBootBlockApplicationNetworkHardwareROMMainMemoryTrustModelMeasureStoreReportLogRootofTrustRTSRTRFig.
1.
ChainoftrustmodelIntegrityMeasurementbasedonStaticRootofTrustMeasurementApplicationintegritymeasurementandverificationneedtoprovewhetherthetrustworthinessoflocalcomputingsystemisinlinewiththepredictionofbothlocalandremoteauthenticator.
a.
Binary-basedEarlyintegritymeasurementandverificationismainlyaboutintegritymeasurementofbinarycodeimage,softwareconfiguration.
ThatusingTPMsignatureandlogofintegritymeasurementtoprovetheintegritystatusofsoftware.
Thismethodrequiresplatformmorestringent,isnotflexibleenough,therearetwodisadvantages:(1)Privacy.
IntegritymeasurementbasedonbinaryneedsTPMsignature,andcontainschainoftrust,exposingtheconfigurationinformationofplatform,provideabreakthroughtohostiletosomeextent,sothatlocalcomputingsystemismorevulnerabletovariousattacks.
(2)Difficulttoupdate.
Chainoftrustinvolvingmultiplesystemcomponents,theinformationandversiondifferentfromeachother.
Systemupdatelikelytocausetheintegrityinformationisdifficulttoverify.
IBMhasdesignedandimplementedIMA(IntegrityMeasureArchitecture)3basedonTCGspecifications,measureanintegrityintheorderfromrootoftrust,BIOS,bootsector,OStoapplications,progressivemeasureandtrustlevelbylevel.
Thismethodisabletodetectcurrentoperatingstatusofsystem,whichcouldfindpossibletampering.
IMAmeasurementmodulehasbeenusedasapartofLinuxsecuritymechanisms,andarewidelyusedinavarietyofpracticalapplications.
b.
Property-basedToovercometheshortcomingsofbinaryauthentication,Haldarproposedsemanticremoteauthenticationscheme[4],usingatrustedvirtualmachinetoverifycertainsemanticpropertiesofprogram,achievingacomplexanddynamicintegritymeasurementofadvancedapplicationprograminaplatform-independentway;ChenfromHPLabsproposedtheproperty-basedremoteattestation,convertedbinaryattestationtoproperty-basedattestationbyusingthemainfunctionsofTCG,solvedissueslikesensitiveinformationleakageandupdatedifficultycausedbybinarymeasurement,andselectedatrustedthirdpartyastheissuerofproperty-configurationcertificate.
TheauthenticationmethodbasedonpropertyproposedbySadeghietal.
[5]isabletoestablishmappingbetweenpropertiesandplatformconfigurationsbyreportingplatform'sproperties,andestablishingpropertiesbytrustedcertificateauthority.
Binary-basedmeasurementmechanismprovidesbasicprotectionfortheintegrityofsystemsandapplications,butthereisahugeapplicationlimitations,especiallyinthesystemwithmultipleversionsofmodules;property-basedintegritymeasurementcanovercomethelimitationofbinary-basedintegritymeasurement,playaneffectiveroleinthebinaryimagewithsamepropertybutdifferenthashes,thespecificdifferencesisshowninTable1.
Table1.
ComparisonbetweendifferenttypesofintegritymeasurementBinary-basedProperty-basedObjectsExecutablebinarycodePropertyofplatformTypicalSystemsIMA[3],PRIMA[6]PBA[7],CPBA[8]PrivacyMayleakprivacyProtectprivacyEffectsLowefficiencyPracticalandscalableIntegrityMeasurementbasedonDynamicRootofTrustMeasurementThemeasurementaboveisIMAintegritymeasurementarchitecturebasedonStaticRootofTrustMeasurement,measureintegrityonlywhensystemstartup,cannotguaranteetheintegrityoftheprocess.
Tomakeupfortheseshortcomings,TCG1.
2specification[9]definesanewmechanism:verifythestartupprocessbyDynamicRootofTrustMeasurement(DRTM).
Intel'sTXT(TrustExecutionTechnology)[10]andAMD'sSVM(SecureVirtualMachineExtension)[11]arebothusingDRTMasunderlyingtrustmechanism.
ThedynamicestablishingprocessoftrustedenvironmentbasedonDRTMisknownasLateLaunchinTCG1.
2specification,toguaranteeatrustedstartupofavirtualmachinemanager.
BIND[12]proposedbyCarnegieMellonUniversityisfine-grainedsecuritycertificationservicefordistributedsystems,byusingTPM-basedmeasurementandsignaturemechanism,insertameasurepointineachprocessandprotectrunningprocessbyusingsecurekernelbasedonAMDsecurecoprocessor,toachievedynamicmeasurementsoftrustedprocesses.
BernhardKauer[13]analyzedtrustedcomputingsystembasedonStaticRootofTrustMeasurement(SRTM)indetail,pointedoutthesecurityvulnerabilitiesofthisRTM,andproposedasafeopeningloaderOSLO,transferredrootoftrustfromSRTMtoDRTMbyusingAMD'sskinitinstruction,narrowedthetrustedcomputingbaseofapplicationandweakenedtheattacksagainstTPMandBIOS.
CarnegieMellonUniversityCylablaboratorydesignedTrustVisor[14]basedonvirtualmachinemonitor,whichprovidesmemoryisolation,DMAprotectionandseveralvirtualTPMinterfaces(suchasSeal/UnSeal,Extend,Quote,etc.
),asaresult,notonlyprotectsuser'ssecuresensitivecodebutalsoreducestheimpactofDRTMforrunningefficiency.
UnlikeSRTM,DRTMisabletostartatanytimeandberepeatedanynumberoftimes.
ThereareagreatdifferencebetweenchainoftrustbasedonSRTMandDRTM,thespecificcomparisonasshowninTable2.
Table2.
ComparisonbetweendifferentchainsoftrustDRTM-basedSRTM-basedConfigurationTPM/TCMchipTPM/TCMchip,CPUsupportedspecialinstructionProtectionNospecialhardwareprotectionDisableDMAandinterruptConstructiontimeOnlywhensystempowerupAnytimewhensystemisrunningTrustedcomputingbaseRTM,BIOS,bootsector,OSandupperlayerapplicationSpecialinstructionsinIntelandAMDConclusionSecurityandtrustworthinessofcurrentservicesfocusedonprotectionofmessagelayer,trustedcomputingandsecurityserviceshasnotformedaneffectiveinteraction,italsomakesthecurrentinformationsystemfaceenormouschallenges.
Thispaperdescribestheservicesandsecuritytechnologies,trustedcomputingbase,staticmeasurementtechniquesofprogram,behaviorandsomeprinciplesandtechniquesoftraditionaltrustedcomputing,introducesthelatestdevelopmentoftrustedcomputingtechnology,comparingtheadvantagesanddisadvantagesofvarioustechniques.
References[1]TrustedComputingGroup(TCG).
http://www.
trustedcomput-inggroup.
org.
[2]ModuleTP.
MainSpecification,Level2,Version1.
2,Revision116(2011)[J].
[3]R.
Sailer,X.
Zhang,etal.
DesignandimplementationofaTCG-basedintegritymeasurementarchitecture.
Proceedingsofthe13thUsenixSecuritySymposium,August2004,pp.
223-238.
[4]V.
Haldar,D.
Chandra,etal.
,SemanticRemoteAttestation-VirtualMachineDirectedApproachtoTrustedComputing.
Proc.
ofthe3rdVirtualMachineResearchandTechnologySymposium,2004,pp.
29-41.
[5]R.
Sadeghi,etal.
,Property-basedattestationforcomputingplatforms:caringaboutproperties,notmechanisms.
ProcoftheNewSecurityParadigmsWorkshop,2004,pp.
67-77.
[6]T.
Jaeger,R.
Sailer,etal.
,PRIMA:Policy-ReducedIntegrityMeasurementArchitecture.
Proc.
ofACMSymposiumonAccessControlModelsandTechnologies,2006,pp.
19-28.
[7]ChenL,LandfermannR,LhrH,etal.
Aprotocolforproperty-basedattestation[C]//ProceedingsofthefirstACMworkshoponScalabletrustedcomputing.
ACM,2006:7-16.
[8]YuQin,DengguoFeng.
Remoteattestationbasedoncomponentproperty[J].
JournalofSoftware,2009,20(6):1625-1641.
[9]TCG.
PCclientspecifictpminterfacespecification.
Version1.
2,revision1.
00.
http://www.
trustedcomputinggroup.
org,July2005.
[10]Inteltrustedexecutiontechnologymledevelopersguide.
http://www.
intel.
com/technology.
[11]AMD64virtualization:Securevirtualmachinearchitecturereferencemanual.
AMDPublicationNo.
33047rev.
3.
01,May2005.
[12]ElaineShi,AdrianPerrig,LeendertVanDoorn.
BIND:AFine-grainedAttestationServiceforSecureDistributedSystem.
Proc.
oftheIEEESymposiumonS&P,2005,pp.
154-168.
[13]KauerB.
OSLO:ImprovingthesecurityofTrustedComputing[C]//ProceedingsoftheUSENIXSecuritySymposium.
2007,24(25):173.
[14]McCuneJM,LiY,QuN,etal.
TrustVisor:EfficientTCBreductionandattestation[C]//SecurityandPrivacy(SP),2010IEEESymposiumon.
IEEE,2010:143-158.

无忧云:服务器100G高防云服务器,bgpBGP云,洛阳BGP云服务器2核2G仅38.4元/月起

无忧云怎么样?无忧云值不值得购买?无忧云,无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,主要销售国内、中国香港、国外服务器产品,线路有腾讯云国外线路、自营香港CN2线路等,都是中国大陆直连线路,非常适合免备案建站业务需求和各种负载较高的项目,同时国内服务器也有多个BGP以及高防节点。目前,四川雅安机房,4...

NameCheap域名转入优惠再次来袭 搜罗今年到期域名续费

在上个月的时候也有记录到 NameCheap 域名注册商有发布域名转入促销活动的,那时候我也有帮助自己和公司的客户通过域名转入到NC服务商这样可以实现省钱续费的目的。上个月续费转入的时候是选择9月和10月份到期的域名,这不还有几个域名年底到期的,正好看到NameCheap商家再次发布转入优惠,所以打算把剩下的还有几个看看一并转入进来。活动截止到9月20日,如果我们需要转入域名的话可以准备起来。 N...

金山云:618年中促销,企业云服务器2核4G仅401.28元/年,827.64元/3年

金山云618年中促销活动正在进行中!金山云针对企业级新用户优惠力度比普通个人用户优惠力度要大,所以我们也是推荐企业新用户身份购买金山云企业级云服务器,尽量购买3年配置的,而不是限时秒杀活动中1年的机型。企业级用户购买金山云服务器推荐企业专区:云服务器N3 2核4G云服务器,1-5M带宽,827.64元/3年,性价比高,性能稳定!点击进入:金山云618年中促销活动目前,金山云基础型E1云服务器2核4...

腾讯rom为你推荐
火影忍者644集火影忍者547集548集549集550集551集剧情是什么?非主流桌面背景图片大家都哪里找的那么个性的电脑壁纸,租车平台哪个好租车哪个平台好点,都要什么费用?p图软件哪个好用什么P图软件好用?小说软件哪个好用免费什么软件看小说全免费压缩软件哪个好压缩软件那个最好,360压缩软件好?还是快压、好压软件好呢?手动挡和自动挡哪个好手动档与自动档哪个好?手机杀毒哪个好手机杀毒软件哪个最好用清理手机垃圾软件哪个好什么手机清理软件最好?qq空间登录qq空间如何登陆
中国十大域名注册商 域名备案号查询 火山主机 187邮箱 132邮箱 百度云100as 256m内存 vmsnap3 天猫双十一抢红包 中国特价网 阿里校园 shopex主机 最漂亮的qq空间 ebay注册 谷歌台湾 申请免费空间 免费主页空间 香港ip .htaccess 免费的加速器 更多