èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽç–ç•¥çš„è¯ä¹‰è¿œç¨‹è®¤è¯

Policy Based Semantic Remote Attestation

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ å±ˆå†›ç‘žï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ å¤ªåŽŸç†å·¥å¤§å¦ ï¼Œ è®¡ç®—æœºåº”ç”¨æŠ€æœ¯ï¼Œ 2010ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€äº’è”ç½‘çš„é«˜é€Ÿå‘å±•,ç½‘ç»œå¯¹å®‰å…¨ä¿éšœæå‡ºäº†æ›´é«˜çš„è¦æ±‚ã€‚ä¼ ç»Ÿçš„å®‰å…¨æŠ€æœ¯ä¸»è¦æ˜¯é€šè¿‡ä¿®è¡¥æ¼æ´žã€å®‰è£…é˜²ç«å¢™ã€é˜²å¾¡å¤–éƒ¨æ”»å‡»ç‰é˜²å¾¡æ‰‹æ®µæ¥æŠ—å‡»è®¡ç®—æœºå¤–éƒ¨çš„ç—…æ¯’ã€é»‘å®¢çš„æ”»å‡»å’Œå…¥ä¾µ,ä½†è¿™äº›ä¸èƒ½ä»Žæ ¹æœ¬ä¸Šè§£å†³è®¡ç®—æœºç½‘ç»œçš„å®‰å…¨ã€‚äº‹å®žä¸Š,æ‰€æœ‰è®¡ç®—æœºå…¥ä¾µæ”»å‡»éƒ½æ˜¯ä»Žä¸ªäººè®¡ç®—æœºç»ˆç«¯ä¸Šå‘èµ·çš„ã€‚å› æ¤,ç½‘ç»œå®‰å…¨æŠ€æœ¯å°±è¦ä»Žå¦ä¸€ä¸ªè§’åº¦æ¥è§£å†³å®‰å…¨é—®é¢˜,é‚£å°±æ˜¯ç›´æŽ¥ä¿æŠ¤ç»ˆç«¯è®¡ç®—æœºçš„å®‰å…¨,ä»Žç»ˆç«¯å‡ºå‘ç¡®ä¿ç½‘ç»œèµ„æºçš„å®‰å…¨æ¥å®žçŽ°æ•´ä¸ªç½‘ç»œå®‰å…¨ã€‚å¯ä¿¡è®¡ç®—æŠ€æœ¯å°±æ˜¯ä¸ºäº†è§£å†³è¿™äº›é—®é¢˜è€Œæ—¥ç›Šæˆä¸ºç½‘ç»œå®‰å…¨é¢†åŸŸç ”ç©¶çš„ä¸€ä¸ªæ–°çƒç‚¹ã€‚åŒæ—¶,åœ¨å¯ä¿¡è®¡ç®—æŠ€æœ¯ä¸,ç»ˆç«¯è®¡ç®—æœºæ˜¯é€šè¿‡ç”¨æˆ·èº«ä»½è®¤è¯æ¥å®žçŽ°å®‰å…¨çš„è¿œç¨‹è®¿é—®,ç”¨æˆ·åœ¨å®žçŽ°è¿œç¨‹è®¤è¯çš„åŒæ—¶ä¹Ÿè¦æ±‚ä¿æŠ¤è‡ªå·±çš„éšç§ä¸è¢«æ³„æ¼ã€‚ç›®å‰,åœ¨TCGè§„èŒƒä¸åªé’ˆå¯¹æ“ä½œç³»ç»ŸåŠ è½½å‰ç³»ç»Ÿåˆå§‹å¼•å¯¼é˜¶æ®µçš„ä¿¡ä»»çš„å»ºç«‹ä¸Žä¼ é€’ä½œå‡ºäº†æè¿°,ä¸ºäº†å®žçŽ°åœ¨ç³»ç»Ÿä¸å°†ä¿¡ä»»ä¼ é€’æ‰©å±•åˆ°åº”ç”¨ç¨‹åºã€‚æœ¬æ–‡åœ¨TCGè§„èŒƒçš„åŸºç¡€ä¸Šç»§ç»æž„å»ºä¸€æ¡å®Œæ•´ä¿¡ä»»é“¾,å®ƒæ˜¯åŸºäºŽjavaè™šæ‹Ÿæœºè®¾è®¡çš„ä¸€æ¡ä»Žç¡¬ä»¶åˆ°è½¯ä»¶çš„å®Œæ•´ä¿¡ä»»é“¾,æœ€ç»ˆå®žçŽ°javaç¨‹åºçš„å¯ä¿¡æ‰§è¡ŒçŽ¯å¢ƒã€‚æœ¬æ–‡åˆ†æžäº†ä¿¡æ¯å®‰å…¨æŠ€æœ¯çš„çŽ°çŠ¶å’Œå‘å±•è¦æ±‚,é˜æ˜Žäº†ç»ˆç«¯å®‰å…¨ç ”ç©¶çš„æ€è·¯å’ŒæŠ€æœ¯å‘å±•æ–¹å‘,è¯¦ç»†ä»‹ç»äº†TCGæå‡ºçš„å¯ä¿¡è®¡ç®—çš„æ¦‚å¿µ,æž„æˆå’Œç›®å‰çš„ç ”ç©¶è¿›å±•æƒ…å†µã€‚å¦å¤–,è¿˜ä»‹ç»äº†å¯ä¿¡JVM,å®ƒä¿®æ”¹äº†javaç¨‹åºçš„å¯åŠ¨æ‰§è¡Œæµç¨‹,ç»“åˆäº†å¯ä¿¡PCç¡¬ä»¶å¹³å°ã€Linuxæ“ä½œç³»ç»Ÿä»¥åŠjavaç¨‹åºè¿è¡Œæ—¶çŽ¯å¢ƒJRE6,æž„å»ºæˆçš„ä¸€æ¡å®Œæ•´çš„ä¿¡ä»»é“¾ã€‚è¯¥ä¿¡ä»»é“¾ä¸ä½¿ç”¨å¯ä¿¡å¹³å°æ¨¡å—æä¾›çš„å¯†ç æœåŠ¡å’Œå®‰å…¨å˜å‚¨åŠŸèƒ½,åœ¨åº”ç”¨ç¨‹åºæ¨¡å—åŠ è½½æ‰§è¡Œå‰æ’å…¥æŽ§åˆ¶ç‚¹å®žçŽ°å®Œæ•´æ€§çŠ¶æ€ä¿¡æ¯çš„åº¦é‡éªŒè¯æŠ€æœ¯ã€‚åœ¨è¯¥çŽ¯å¢ƒä¸å¯ä»¥é¿å…éžä¿¡ä»»è½¯ä»¶æˆ–è€…è¢«éžæ³•ç¯¡æ”¹çš„ä¿¡ä»»è½¯ä»¶æ‰§è¡Œ,ä»Žè€Œé˜²æ¢æ¶æ„è½¯ä»¶çš„æ”»å‡»æˆ–è€…ç—…æ¯’ä¼ æ’ã€‚åœ¨åˆ†æžå®Œå¯ä¿¡JVMä¹‹åŽ,æˆ‘ä»¬ç ”ç©¶äº†è¿œç¨‹è®¤è¯,å› ä¸ºè¿œç¨‹è®¤è¯åœ¨å¯ä¿¡è®¡ç®—ä¸èµ·ç€é‡è¦ä½œç”¨,å®ƒèƒ½æä¾›å¯ä¿¡çŽ¯å¢ƒå˜åœ¨çš„å¯é è¯æ®ã€‚ç›®å‰çš„æ–¹æ³•æ˜¯æµ‹é‡ç›®æ ‡å¹³å°çš„äºŒè¿›åˆ¶ç ã€é…ç½®æ–‡ä»¶ã€å±žæ€§æˆ–è€…å®‰å…¨ç–ç•¥ç‰å¯ä¿¡å€¼ã€‚æ‰€æœ‰è¿™äº›è®¤è¯æ–¹æ³•æ˜¯é™æ€çš„,ç¼ºä¹åŠ¨æ€è¡Œä¸ºè®¤è¯å¹¶ä¸”æ²¡æœ‰å¯¹äºŽå®žé™…çš„è¡Œä¸ºè¿›è¡Œè¯´æ˜Žå’Œè§„èŒƒã€‚ä¸ºäº†æ”¹è¿›å’Œå®Œå–„è¿™äº›è®¤è¯æ–¹å¼,æœ¬æ–‡æå‡ºäº†ä¸€ç§è¯ä¹‰è¿œç¨‹è®¤è¯ç–ç•¥,å¹¶å¯¹å…¶è¿›è¡Œäº†å®šä¹‰ã€è§„èŒƒå’Œè¯æ˜Žã€‚è¯¥ç–ç•¥æ˜¯æŠŠä½¿ç”¨æŽ§åˆ¶æ¨¡åž‹å’Œè¡Œä¸ºç»“åˆèµ·è¿›è¡Œè¿œç¨‹è®¤è¯ã€‚è¯¥è®¤è¯æŠ€æœ¯å¹¶ä¸æ˜¯é™æ€çš„,ä¹Ÿä¸æ˜¯ä»…ä»…åœ¨åˆæ¬¡è¿žæŽ¥æ—¶è®¤è¯ä¸€æ¬¡,è€Œæ˜¯è¿›è¡ŒæŒç»çš„ã€åŠ¨æ€çš„è®¤è¯,è€Œä¸”å®ƒè¿˜å¯¹å®¢æˆ·ç«¯çš„å„ä¸ªæ–¹é¢éƒ½è¿›è¡Œå®‰å…¨æ€§çš„è¯„ä¼°,è¿˜æ—¶åˆ»ç›‘è§†ç«¯ç‚¹çš„è¡Œä¸ºã€‚åœ¨æ¤è¿œç¨‹è®¤è¯è®¾è®¡ä¸,ä¸ºäº†ä¿è¯è¿è¡ŒçŽ¯å¢ƒçš„å¯ä¿¡,é‡‡ç”¨äº†å¯ä¿¡JVMä½œä¸ºå®žéªŒå¹³å°,ä»Žè€Œå®žçŽ°äº†ä¸€ç§ä¸Žå¹³å°æ— å…³çš„è¯ä¹‰è¿œç¨‹è®¤è¯ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the fast development of Internet, it is required safer protection. The traditional safety technologies, such as modifying loopholes, installing firewalls, defending outside attacks, are used to stand against the virus and Hacker attacks, however, But these can not fundamentally solve the security of computer networks.The real reason is that all the attacks are stem from the terminal of personal computer. Therefore, we should solve these problems from other perspectives. We should protect the terminal of personal computers directly, it means that, we use new security technology to protect the terminal to make the whole net safe. As mention above, we concern on the new safety technology in the information security field. Remote attestation which the users are used to identify themselves to connect remote communication is required in the trusted computing. As well as the users require to protect their privacy. They donâ€™t want the others know their real identities.Now, In the TCG specification only for the operating system describe the system loads the initial boot phase of confidence-building and transfer. In order to achieve confidence in the system and extend to the application.In this paper, we establish the software part of the chain of trust building process which is basesd on TCG specifications. A whole chain of trust from hardware to software based on java virtual machine is designed, and eventually the trustworthy java application execution environment is realized. In the thesis, current security technology and requirements for its development is analyzed, and the concept, architecture and current research progress of TCG are discussed in details. Another, also introduce the trust JVM, It modified java programâ€™s start-up and running procedure, a complete chain of trust is constructed by trustworthy personal computer platform, Linux operation system, and java runtime environment 6. And eventually an authenticated execution of java application is realized by Trusted JVM. Through the use of cryptography services and storage capabilities provided by trusted platform module, inserting control points before application module loading, the integrity information is measured and verified in the process of building, after the chain of trust system is tested under real environment, the trustworthy of this system if proved. In this environment the untrustworthy software or trustworthy software which is illegal tampered canâ€™t be executed. And thus malicious attacks or spreading of viruses is avoided.After analyzing the trust JVM, we study remote attestation. Because remote attestation plays an important role in trusted computing, which can provide reliable evidence for existence of a trusted environment. Existing approaches for the realization of remote attestation measure the trustworthiness of a target platform from its binaries, configurations, properties or security policies. All these approaches are static, and none of them define what a trusted behavior actually is and how to specify it. In this paper, we propose a novel attestation policy, which is based on the behavior. This policy associate usage control and behavior. The attestation technology is not static and do not verify once only at the beginning of connection, but dynamic and constant. It assesses the security of every aspect of terminal host. In the design of the remote attestation, in order to ensure the executing environment is trusted, we use trust JVM for experimental platform, so achieve a platform-independent semantic remote authentication.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ç½‘ç»œå®‰å…¨ï¼› å¯ä¿¡è®¡ç®—ï¼› è¿œç¨‹è®¤è¯ï¼› è¯ä¹‰è¿œç¨‹è®¤è¯ç–ç•¥ï¼›
ã€Key wordsã€‘ network securityï¼› trusted computing remote attestationï¼› semantic remote attestation policyï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ å¤ªåŽŸç†å·¥å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘1
ã€ä¸‹è½½é¢‘æ¬¡ã€‘48
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽç­–ç•¥çš„è¯­ä¹‰è¿œç¨‹è®¤è¯

Policy Based Semantic Remote Attestation

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åŸºäºŽç–ç•¥çš„è¯ä¹‰è¿œç¨‹è®¤è¯