计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2013年
13期
59-64,197
,共7页
可信计算环境%信任链%可信度量根
可信計算環境%信任鏈%可信度量根
가신계산배경%신임련%가신도량근
trusted computing environment%chain of trust%root of trust measurement
可信计算环境构建是通过软硬件结合的方式构建满足可信计算定义的系统,使其上进行的计算具有真实性、机密性、可控性等特性,并利用这些特性来弥补仅依靠传统安全防护方式的不足,从而更好地解决计算机安全面临的挑战和问题。介绍了可信计算环境构建的硬件基础,归纳了近年来基于静态可信度量根、动态可信度量根以及轻量虚拟机监控器的可信计算环境的构建机制,分析了现有可信计算环境构建机制的优势和不足;通过对可信计算环境中信任链的分析,指明了今后的研究方向。
可信計算環境構建是通過軟硬件結閤的方式構建滿足可信計算定義的繫統,使其上進行的計算具有真實性、機密性、可控性等特性,併利用這些特性來瀰補僅依靠傳統安全防護方式的不足,從而更好地解決計算機安全麵臨的挑戰和問題。介紹瞭可信計算環境構建的硬件基礎,歸納瞭近年來基于靜態可信度量根、動態可信度量根以及輕量虛擬機鑑控器的可信計算環境的構建機製,分析瞭現有可信計算環境構建機製的優勢和不足;通過對可信計算環境中信任鏈的分析,指明瞭今後的研究方嚮。
가신계산배경구건시통과연경건결합적방식구건만족가신계산정의적계통,사기상진행적계산구유진실성、궤밀성、가공성등특성,병이용저사특성래미보부의고전통안전방호방식적불족,종이경호지해결계산궤안전면림적도전화문제。개소료가신계산배경구건적경건기출,귀납료근년래기우정태가신도량근、동태가신도량근이급경량허의궤감공기적가신계산배경적구건궤제,분석료현유가신계산배경구건궤제적우세화불족;통과대가신계산배경중신임련적분석,지명료금후적연구방향。
Trusted computing environment provides a new arena to address the challenges in computer security by combining software and hardware to meet the definition of trusted computing. The authenticity, confidentiality, controllability and other properties that it provides can make up the deficiencies of traditional security methods. This paper describes the hardware basis of trusted computing, summarizes the recent trusted computing environment which is based on the DRTM(Dynamic Root of Trust for Measurement)and SRTM(Static Root of Trust for Measurement), analyzes the advantages and disadvantages of existed trusted computing environment, and indicates the direction of future research by analyzing the trust chain.
