可信系统信任链研究综述

doi:10.3969/j.issn.0372-2112.2014.10.024

电子学报 ›› 2014, Vol. 42 ›› Issue (10): 2024-2031.DOI: 10.3969/j.issn.0372-2112.2014.10.024

可信系统信任链研究综述

徐明迪¹, 张焕国², 张帆³, 杨连嘉¹

1. 武汉数字工程研究所, 湖北武汉 430205;
2. 空天信息安全与可信计算教育部重点实验室, 湖北武汉 430072;
3. 杭州电子科技大学通信工程学院, 浙江杭州 310018

收稿日期:2013-07-25 修回日期:2014-03-21 出版日期:2014-10-25
- 通讯作者:
- 张帆男,1977年10月生,湖北当阳人.2009年毕业于武汉大学计算机学院,获工学博士学位.现为杭州电子科技大学讲师.主要研究方向为信息系统安全、软件安全等.E-mail:hdzf@hdu.edu.cn
- 作者简介:
- 徐明迪 男,1980年11月生,湖北武汉人.2009年毕业于武汉大学计算机学院,获得工学博士学位.现为武汉数字工程研究所副研究员,硕士生导师,学术带头人,主要研究方向为信息系统安全、可信计算、可信软件等. E-mail:siemendy@whu.edu.cn;张焕国 男,1945年6月生,河北蓟县人.武汉大学计算机学院教授、博士生导师,空天信息安全与可信计算教育部重点实验室名誉主任、首席科学家,主要研究方向为容错计算、可信计算、抗量子密码安全等. E-mail:liss@whu.edu.cn
- 基金资助:
- 国防预研基金 (No.9140A15040211CB3901); 国家自然科学基金 (No.61003268); 浙江省教育厅基金 (No.Y201224055)

Survey on Chain of Trust of Trusted System

XU Ming-di¹, ZHANG Huan-guo², ZHANG Fan³, YANG Lian-jia¹

1. Wuhan Digital and Engineering Institute, Wuhan, Hubei 430205, China;
2. The Key Laboratory of Aerospace Information Security and Trust Computing, Ministry of Education, Wuhan, Hubei 430072, China;
3. Communication Engineering School, Hanzhou Dianzi University, Hangzhou, Zhejiang 310018, China

Received:2013-07-25 Revised:2014-03-21 Online:2014-10-25 Published:2014-10-25
- Supported by:
- National Defense Pre-research Foundation of China (No.9140A15040211CB3901); National Natural Science Foundation of China (No.61003268); Fund of Zhejiang Provincial Education Department (No.Y201224055)

摘要/Abstract

摘要：

信任链是实施可信系统的关键技术之一,本文从信任链理论和应用系统出发,介绍了研究信任链理论的典型模型及近年来的研究进展,包括基于无干扰理论的信任链传递模型和基于组合安全理论的信任链模型,详细阐述了这两种信任链理论模型的优势和不足.介绍了基于静态信任根和动态信任根的信任链应用系统的研究状况,介绍了信任链远程证明技术,介绍了云计算环境下的信任链应用系统,对信任链应用系统存在的安全缺陷以及一致性和安全性测评方法进行了分析论述,并展望了该领域未来的发展趋势.

关键词: 可信计算, 信任链理论, 无干扰理论, 组合安全理论, 静态信任链, 动态信任链, 信任链应用系统安全

Abstract:

Chain of trust (CoT) is one of the key technologies for constructing trusted system.As viewed from theories and application systems of CoT, this paper introduced several representative models and the latest investigations including noninterference-based CoT theory and composition security-based CoT theory firstly.Afterward, this paper expatiated advantage and shortage of two CoT theories in detail.Secondly, this paper introduced the development of application systems comprising static CoT and dynamic CoT, and analyzed the remote attestation technology of chain of trust, and presented the CoT systems in cloud computing environment, and analyzed the security deficiency of those systems, and then discussed the conformance testing and security evaluation for CoT application system.Finally, this paper put forward the research and development trend for CoT.

Key words: trusted computing, theory of CoT (chain of trust), noninterference theory, composition security theory, static CoT, dynamic CoT, security of CoT application systems

中图分类号:

TP309.1

徐明迪, 张焕国, 张帆, 等. 可信系统信任链研究综述[J]. 电子学报, 2014, 42(10): 2024-2031.

XU Ming-di, ZHANG Huan-guo, ZHANG Fan, et al. Survey on Chain of Trust of Trusted System[J]. Acta Electronica Sinica, 2014, 42(10): 2024-2031.

参考文献

[1] 张焕国,赵波.可信计算[M].武汉:武汉大学出版社,2011.184-193. Zhang Huan-guo,Zhao Bo.Trusted Computing [M].Wuhan:Wuhan University Press,2011.184-193.(in Chinese)
[2] 冯登国,张敏,张妍.云计算安全研究[J].软件学报,2011,22(1):71-83. Feng Deng-guo,Zhang Min,Zhang Yan.Study on cloud computing security [J].Journal of Software,2011,22(1):71-83.(in Chinese)
[3] 谭良,徐志伟.基于可信计算平台的信任链传递研究进展[J].计算机科学,2008,35(10):15-18. Tan Liang,Xu Zhi-wei.Development of the transitive trusted chain based on TPM [J].Computer Science,2008,35(10):15-18.(in Chinese)
[4] Anupam D,Jason F,Deepak G,et al.A logic of secure systems and its application to trusted computing [A].Proceedings of the 30th IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,2009.221-236.
[5] Shuanghe P,Zhen H.Enhancing PCsecurity with a U-key [A].Proceedings of the IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,2006.34-39.
[6] Wang Z,Jiang X.HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow integrity [A].Proceedings of the 31th IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,2010.380-395.
[7] Weiqi D,Hai J,Deqing Z,et al.TEE:A virtual DRTM based execution environment for secure cloud-end computing [A].Proceedings of the 17th ACM Conference on Computer and Communications Security [C].New York:ACM Press,2010.663-665.
[8] Juan D,Wei W,Xiaohui G,et al.RunTest:assuring integrity of dataflow processing in cloud computing infrastructures [A].Proceedings of the ACM Symposium on Information,Computer and Communications Security [C].Washington,DC:IEEE Press,2010.293-304.
[9] Sailer R,Zhang X L,Jaeger T,et al.Design and implementation of an tcg-based integrity measurement architecture [A].Proceedings of the 13th USENIX Security Symposium [C].Oakland:USENIX Press,2004.223-238.
[10] Kauer B.OSLO:Improving thesecurity of trusted computing [A].Proceedings of the 16th USENIX Security Symposium [C].Oakland:USENIX Press,2007.229-237.
[11] Haldar V,Chandra D,Franz M.Semantic remote attestation:A virtual machine directed approach to trusted computing [A].Proceedings of USENIX Virtual Machine Research and Technology Symposium [C].Oakland:USENIX Press,2004.3-20.
[12] Delaune S,Kremer S,Ryan M,et al.Formal analysis of protocols based on TPM state register [A].Proceedings of the 24th IEEE Computer Security Foundations Symposium [C].Washington,DC:IEEE Press,2011.66-82.
[13] Jun H H,Hyoungshick K,John L,et al.Achieving attestation with less effort:An indirect and configurable approach to integrity reporting [A].Proceedings of the Sixth ACM Workshop on Scalable Trusted Computing [C].New York:ACM Press,2011.31-36.
[14] Sadeghi A R,Selhorst M,Stüble C,et al.TCG inside? A note on TPM specification compliance [A].Proceedings of the First ACM Workshop on Scalable Trusted Computing [C].New York:ACM Press,2006.47-56.
[15] Shen Chang-xiang,Zhang Huan-guo,Wang Huai-min,et al.Research on trusted computing and its development [J].Science China:Information Sciences,2010,53(3):405-433.
[16] Zhang Huan-guo,Yan Fei,Fu Jian-min,et al.Research on theory and key technology of trusted computing platform security testing and evaluation [J].Science China:Information Sciences,2010,53(3):434-453.
[17] 冯登国.可信计算─理论与实践[M].北京:清华大学出版社,2013.135-138. Feng Deng-guo.Trusted Computing:Theory and Practice [M].Beijing:Tsinghua University Press,2013.135-138.(in Chinese)
[18] 邹德清,羌卫中,金海.可信计算技术原理与应用[M].北京:科学出版社,2011.61-72. Zou De-qing,Qiang Wei-zhong,Jing Hai.Trusted Computing:Technology,Principle and Application [M].Beijing:Science Press,2011.61-72.(in Chinese)
[19] 谭良,刘震,周明天.TCG架构下的证明问题研究及进展[J].电子学报,2010,38(5):1105-1112. Tan Liang,Liu Zhen,Zhou Ming-tian.Development of attestation in TCG [J].Acta Electronica Sinica,2010,38(5):1105-1112.(in Chinese)
[20] 张帆,徐明迪,杨飏.可信链度量与测评[M].西安:西安电子科技大学出版社,2011.69-104. Zhang Fan,Xu Ming-di,Yang Yan.Trusted Chain:Measurement and Evaluation [M].Xi'an:Xidian University Press,2011.69-104.(in Chinese)
[21] 张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型[J].通信学报,2009,30(3):6-11. Zhang Xing,Chen You-lei,Shen Chang-xiang.Non-interference trusted model based on processes [J].Journal on Communications,2009,30(3):6-11.(in Chinese)
[22] 张兴,黄强,沈昌祥.一种基于无干扰模型的信任链传递分析方法[J].计算机学报,2010,33(1):74-81. Zhang Xing,Huang Qiang,Shen Chang-xiang.A formal method based on noninterference for analyzing trust chain of trusted computing platform [J].Chinese Journal of Computers,2010,33(1):74-81.(in Chinese)
[23] 徐明迪,张焕国,赵恒.可信计算平台信任链安全性分析[J].计算机学报,2010,33(7):1165-1176. Xu Ming-di,Zhang Huan-guo,Zhao Heng,et al.Security analysis on trust chain of trusted computing platform [J].Chinese Journal of Computers,2010,33(7):1165-1176.(in Chinese)
[24] Zhou Cong-hua,Liu Zhi-feng,Wu Hai-ling,et al.Symbolic algorithm verification of intransitive generalized noninterference [J].Science China:Information Sciences,2011,41(11):1310-1327.
[25] McCune J M,Bryan P,Adrian P,et al.Flicker:an execution infrastructure for TCB minimization [A].Proceedings of the 3rd ACM European Conference on Computer Systems [C].New York:ACM Press,2008.315-328.
[26] Azab A M,Ning P,Wang Z,et al.HyperSentry:enabling stealthy in-context measurement of hypervisor integrity [A].Proceedings of the 17th ACM Conference on Computer and Communication Security [C].New York:ACM Press,2010.38-49.
[27] Santos N,Gummadi K P,Rodrigues R.Towards trusted cloud computing [A].Proceedings of the Workshop on Hot Topics in Cloud Computing [C].San Diego:ACM Press,2009.
[28] 秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1640. Qin Yu,Feng Deng-guo.Component property based remote attestation [J].Journal of Software,2009,20(6):1625-1640.(in Chinese)
[29] 徐明迪,张焕国,严飞.基于标记变迁系统的可信计算平台信任链测试[J].计算机学报,2009,32(4):635-645. Xu Ming-di,Zhang Huan-guo,Yan Fei.Testing on trust chain of trusted computing platform based on labeled transition system [J].Chinese Journal of Computers,2009,32(4):635-645.(in Chinese)
[30] Deepak G,Jason F,Dilsun K,et al.Towards a Theory of Secure Systems [R].Pittsburgh:Carnegie Mellon University,2008.1-17.
[31] Deepak G,Jason F,Dilsun K,et al.Compositional system security in the presence of interface-confined adversaries [A].Proceedings of the 26th Conference on the Mathematical Foundations of Programming Semantics [C].Amsterdam:Elsevier press,2010.49-71.
[32] Rushby J.Noninterference,Transitivity,and Channel-Control Security Policies [R].Menlo Park:SRI International,2005.1-50.
[33] 赵佳,沈昌祥,刘吉强.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980. Zhao Jia,Shen Chang-xiang,Liu Ji-qiang,et al.A noninterference-based trusted chain model [J].Journal of Computer Research and Development,2008,45(6):974-980.(in Chinese)
[34] 秦晰,常朝稳,沈昌祥.容忍非信任组件的可信终端模型研究[J].电子学报,2011,39(4):934-939. Qin Xi,Chang Chao-wen,Shen Chang-xiang,et al.Research on trusted terminal computer model tolerating untrusted components [J].Acta Electronica Sinica,2011,39(4):934-939.(in Chinese)
[35] 邱罡,王玉磊,周利华.基于无干扰理论的完整性度量模型[J].四川大学学报(工程科学版),2010,38(4):117-120. Qiu Gang,Wang Yu-lei,Zhou Li-hua.Noninterference-based integrity measurement model [J].Journal of Sichuan University (Engineering Science Edition),2010,38(4):117-120.(in Chinese)
[36] 张帆,陈曙,桑永宣.完整性条件下无干扰模型[J].通信学报,2011,32(10):78-85. Zhang Fan,Chen Shu,Sang Yong-xuan,et al.Noninterference model for integrity [J].Journal on Communications,2011,32(10):78-85.(in Chinese)
[37] 石文昌,单智勇,梁彬.细粒度信任链研究方法[J].计算机科学,2008,35(9):1-4. Shi Wen-chang,Shan Zhi-yong,Liang Bin,et al.Approach for research on fine-grained chain of trust [J].Computer Science,2008,35(9):1-4.(in Chinese)
[38] Eggert S,Meyden R,Schnoor H,et al.The complexity of intransitive noninterference [A].Proceedings of the 32th IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,2011.196-211.
[39] 周从华,鞠时光.一种基于Petri网的隐蔽信息流分析方法[J].计算机学报,2012,35(8):1688-1699. Zhou Cong-hua,Ju Shi-guang.A petri net based approach to covert information flow analysis [J].Chinese Journal of Computers,2012,35(8):1688-1699.(in Chinese)
[40] McCullough D.Noninterference and the composibility of security properties [A].Proceedings of the IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,1998.177-186.
[41] Focardi R,Gorrieri R.Classification of security properties [A].Proceedings of Foundations of Security Analysis and Design [C].Berlin:Springer-Verlag Press,2001.331-396.
[42] 常德显,冯登国,秦宇.基于扩展LS²的可信虚拟平台信任链分析[J].通信学报,2013,34(5):31-41. Chang De-xian,Feng Deng-guo,Qin Yu,et al.Analyzing the trust chain of trusted virtualization platform based on the extended LS² [J].Journal on Communications,2013,34(5):31-41.(in Chinese)
[43] Wittbold J T,Johnson D M.Information flow in nondeterministic systems [A].Proceedings of the IEEE Symposium on Security and Privacy [C].Washington,DC:IEEE Press,1990.144-161.
[44] Ryan P,Schneider S.Process algebra and noninterference [J].Journal of Computer Security,2001,9(1):75-103.
[45] 马卓.无线网络可信接入理论及其应用研究[D].西安:西安电子科技大学,2010. Ma Zhuo.TrustedAccess in Wireless Networks Theory and Applications [D].Xi'an:Xidian University,2010.(in Chinese)
[46] 李晓勇,韩臻,沈昌祥.Windows环境下信任链传递及其性能分析[J].计算机研究与发展,2007,44(11):1889-1895. Li Xiao-yong,Han Zhen,Shen Chang-xiang.Transitive trust and performance analysis in windows environment [J].Journal of Computer Research and Development,2007,44(11):1889-1895.(in Chinese)
[47] Xu Wen-juan.,Zhang xin-wen.,Hu Hong-xin.,et al.Remote attestation with domain-based integrity model and policy analysis [J].IEEE Transactions on Dependable and Secure Computing,2012,9(3):429-442.
[48] Sadeghi A R,Schneider T,Winandy M.Token-Based cloud computing:Secure outsourcing of data and arbitrary computations with lower latency [A].Proceedings of the 3rd International Conference on Trust and Trustworthy Computing [C].Berlin:Springer-Verlag Press,2010.417-429.
[49] 李博,李健欣,胡春明.基于VMM层系统调用分析的软件完整性验证[J].计算机研究与发展,2011,48(8):1438-1446. Li Bo,Li Jian-xin,Hu Chun-ming,et al.Software integrity verification based on VMM-level system call analysis technique [J].Journal of Computer Research and Development,2011,48(8):1438-1446.(in Chinese) [LL]
[50] Schiffman J,Moyer T,Shal C,et al.Justifying integrity using a virtual machine verifier [A].Proceedings of the IEEE Annual Computer Security Applications Conference [C].Washington,DC:IEEE Press,2009.83-92.
[51] 陈海波.云计算平台可信性增强技术的研究[D].上海:复旦大学,2008. Chen Hai-bo.Improving the Dependability of Cloud Computing Systems [D].Shanghai:Fudan University,2008.(in Chinese)
[52] 张逢,陈进,陈海波.云计算中的数据隐私性保护与自我销毁[J].计算机研究与发展,2011,48(7):1155-1167. Zhang Feng-zhe,Chen Jin,Chen Hai-bo,et al.Lifetime privacy and self-destruction of data in the cloud [J].Journal of Computer Research and Development,2011,48(7):1155-1167.(in Chinese)
[53] MacDonald R,Smith S W,Marchesini J,et al.Bear:An Open-Source Virtual Secure Coprocessor Based on TCPA [R].Hanover:Dartmouth College,2003.1-15.
[54] Wojtczuk R,Rutkowska J.Attacking Intel trusted execution technology [A].Proceedings of Black Hat DC [C].Washington,DC:Light Point Security.2009.1-6.

可信系统信任链研究综述

Survey on Chain of Trust of Trusted System

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 12

编辑推荐

Metrics

[1]	秦超霞, 郭兵, 沈艳, 苏红, 张珍, 周驰岷. 区块链的安全风险评估模型[J]. 电子学报, 2021, 49(1): 117-124.
[2]	宋敏, 谭良. 一种TPM2.0密钥迁移协议及安全分析[J]. 电子学报, 2019, 47(7): 1449-1464.
[3]	徐甫. 基于可信根的计算机终端免疫模型[J]. 电子学报, 2016, 44(3): 653-657.
[4]	吴呈邑, 熊焰, 黄文超, 陆琦玮, 龚旭东. 移动自组网中基于动态第三方的可信公平非抵赖协议[J]. 电子学报, 2013, 41(2): 227-232.
[5]	谭良, 陈菊, 周明天. 可信终端动态运行环境的可信证据收集机制[J]. 电子学报, 2013, 41(1): 77-85.
[6]	陈小峰;冯登国. 隐私增强直接匿名证明方案研究[J]. 电子学报, 2011, 39(9): 2166-2172.
[7]	谭良;刘震;周明天. TCG架构下的证明问题研究及进展[J]. 电子学报, 2010, 38(5): 1105-1112.
[8]	王世华;李晓勇. 基于策略的计算平台可信证明[J]. 电子学报, 2009, 37(4): 900-904.
[9]	李兴华;马建峰;马卓. 可信计算环境下的Canetti-Krawczyk模型[J]. 电子学报, 2009, 37(1): 7-12.
[10]	张晓菲, 许访, 沈昌祥. 基于可信状态的多级安全模型及其应用研究[J]. 电子学报, 2007, 35(8): 1511-1515.
[11]	李晓勇, 左晓栋, 沈昌祥. 基于系统行为的计算平台可信证明[J]. 电子学报, 2007, 35(7): 1234-1239.
[12]	周明辉, 梅宏, 焦文品. 基于中间件的可定制信任管理框架[J]. 电子学报, 2005, 33(5): 820-826.