信息安全与通信保密
信息安全與通信保密
신식안전여통신보밀
CHINA INFORMATION SECURITY
2012年
2期
45-47
,共3页
可信平台控制模块%信任链%信任传递
可信平檯控製模塊%信任鏈%信任傳遞
가신평태공제모괴%신임련%신임전체
trusted platform control module%trust chain%trust transfer
信任链是可信计算机系统的重要部分,它保证计算机系统从可信源头至系统各组件的可信,但存在信任链建立过程的信任度逐层衰减问题。文中通过可信平台控制模块授权CPU进行链式度量,同时TPCM尾随CPU对信任链进行实时的、随机的和分块的度量,然后在平台信任链中嵌入检查点,统计并检查各块运行时间,从而判断各信任节点是否被篡改。该方法提高了信任链建立和验证的实时性,尤其可以防御针对信任链的时间差攻击。
信任鏈是可信計算機繫統的重要部分,它保證計算機繫統從可信源頭至繫統各組件的可信,但存在信任鏈建立過程的信任度逐層衰減問題。文中通過可信平檯控製模塊授權CPU進行鏈式度量,同時TPCM尾隨CPU對信任鏈進行實時的、隨機的和分塊的度量,然後在平檯信任鏈中嵌入檢查點,統計併檢查各塊運行時間,從而判斷各信任節點是否被篡改。該方法提高瞭信任鏈建立和驗證的實時性,尤其可以防禦針對信任鏈的時間差攻擊。
신임련시가신계산궤계통적중요부분,타보증계산궤계통종가신원두지계통각조건적가신,단존재신임련건립과정적신임도축층쇠감문제。문중통과가신평태공제모괴수권CPU진행련식도량,동시TPCM미수CPU대신임련진행실시적、수궤적화분괴적도량,연후재평태신임련중감입검사점,통계병검사각괴운행시간,종이판단각신임절점시부피찬개。해방법제고료신임련건립화험증적실시성,우기가이방어침대신임련적시간차공격。
Trust chain, as an important part of trusted computing system, guarantees the trust of computer system from root of trust to various system components, while the trust exhibits a trend of gradual attenuation during the process of trust chain establishment. In this paper, TPCM authorizes CPU to do chain measuring while itself randomly measures the components of the chain in real time. Then the checkpoints are insert to platform trust chain, and the running time of all blocks are checked and recorded so as to find if the trusted nodes are tampered. This method could improve the real-time performance in establishing and validating the trust chain, and in particular, could resist TOCTOU attack against the trust chain.
