摘要
本文提出一种利用可信计算技术增强文件系统可信性的方法,以Linux为基础,设计实现了一个可信文件系统原型CIVFS。CIVFS是一个结合加密和完整性校验两种保护措施的文件系统,它借助堆式文件系统技术,嵌入在Linux内核中,添加了文件加密和完整性校验模块,利用TPM芯片提供的可信计算和安全存储等功能,增强了对系统安全组件和数据的安全保护。
This paper proposes a method for utilizing the trusted computing technology to enhance the trust of file system, and designs and implements a prototype system CIVFS based on Linux. CIVFS combines two file protection measures: encryption and integrity verification. With the stackable file system technology, CIVFS is implemented in Linux kernel. CIVFS adds file encryption and integrity verification modules to the file system, and strengthens the securiyt of system components and data with the functions of trusted computing and secure storage supplied by TPM chip.
出处
《计算机科学》
CSCD
北大核心
2008年第2期256-258,共3页
Computer Science
基金
国家自然科学基金项目(60373054)资助