期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

可信网络连接的安全量化分析与协议改进 被引量:21

Security Quantifying Method and Enhanced Mechanisms of TNC
下载PDF
导出
摘要 可信网络连接(TNC)被认为是可信的网络体系结构的重要部分,随着TNC研究和应用的不断深入,TNC架构自身的安全性问题变得更加至关重要.文中重点研究TNC协议架构的安全性问题,首先提出了一种针对TNC协议的基于半马尔可夫过程的安全性量化分析方法;其次针对TNC完整性验证和访问授权过程中存在的安全威胁和漏洞,提出了一套安全性增强机制,并通过安全量化分析方法进行了验证.最后利用IntelIXP2400网络处理器搭建了TNC原型系统,为文中提出的改进机制和系统框架提供了安全量化验证的实际平台. Trusted Network Connect (TNC) is considered as an important part of trusted network architecture, and with its deeper research and application development, whether it is enough trustworthy during TNC platform authentication and access control becomes a key problem. In the paper, we mainly focus on the trustworthy problem of TNC. First, we proposed a novel security quantifying method which is based on semi-Markov processes. And then, according to the potential threat and security holes during typical message flow and access authorization process in TNC specification, we proposed a set of trustworthy enhanced mechanisms, which is verified by our security quantifying method. Finally a TNC prototype system framework based on IXP2400 network processor is built to be a performance evaluation and trustworthy verification platform.
作者 罗安安 林闯 王元卓 邓法超 陈震
机构地区 清华大学计算机科学与技术系
出处 《计算机学报》 EI CSCD 北大核心 2009年第5期887-898,共12页 Chinese Journal of Computers
基金 国家自然科学基金(90718040 60673187 60673054 60673160 60803123)资助~~
关键词 可信网络连接 随机模型 认证性 机密性 完整性 trusted network connect stochastic model authenticity integrity confidentiality
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Zhang Xin-Wen, Chen Song-Qing, Ravi Sandhu. Enhancing data authenticity and integrity in P2P systems. IEEE Internet Computing, 2005, 9(6): 42-49
  • 2向冬,王润孝,石乘齐,姜晓鹏.基于可信网络连接的数据采集系统访问控制模型[J].计算机应用研究,2006,23(12):157-158. 被引量:4
  • 3Xu Gang, Borcea Cristian, Iftode Liviu. Trusted applicationcentfic Ad-Hoc networks//Proceedings of the MASS07. Pisa,Italy, 2007
  • 4IEEE802. Port-based network access control. IEEE Std 802. 1X-2001, June 2001
  • 5Trusted Computing Group. TCG Trusted Network Connect TNC Architecture for Interoperahility Specifieation Version 1.3. Release 6 TCG Published, April, 2008:7-35
  • 6Trusted Computing Group. TCG 1.1b Specification Architecture Overview. Revision 0. 14, March, 2004
  • 7林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956. 被引量:92
  • 8Trusted Computing Group. TCG Trusted Network Connect TNC IF-TNCCS Specification Version 1.1 Revision 1.0, TCG published, February, 2007: 20
  • 9Trusted Computing Group. TCG Trusted Network Connect TNC IF-T: Protocol Bindings for Tunneled EAP Methods Specification Version 1.0 Revision 3, TCG published, May, 2006: 9-30
  • 10Asokan N, Niemi Valtteri, Nyberg Kaisa. Man in the middle attacks in tunneled authentication protocols. Nokia Research Center, Finland, 2002

二级参考文献60

  • 1林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:253
  • 2Qu G.,Jayaprakash,Ramkishore M.,Hariri S.,Raghavendra C.S.A framework for network vulnerability analysis.In:Proceedings of the 1st IASTED International Conference on Communications,Internet,Information Technology (CⅡT2002),St.Thomas,Virgin Islands,USA,2002,289~298
  • 3Moore A.P.,Ellison R.J.,Linger R.C.Attack modeling for information security and survivability.Carnegie Mellon Univer sity:Technical Note CMV/SEI-2001-TH-001,2001
  • 4Jonsson E.,Olovsson T.A quantitative model of the security intrusion process based on attacker behavior.IEEE Transactions on Software Engineering,1997,23(4):235~245
  • 5Mahimkar A.,Shmatikov V.Game-based analysis of Denial-of-service prevention protocols.In:Proceedings of the IEEE Computer Security Foundations Workshop(CSFW05),Aix-en-Provence,France,2005,287~301
  • 6Xia Zheng-You,Zhang Shi-Yong.A kind of network security behavior model based on game theory.In:Proceedings of the 4th International Conference on Parallel and Distributed Computing,Applications and Technologies,PDCAT,Chengdu,China,2003,950~954
  • 7Avizenis A.,Laprie J.,Randell B.Fundamental concepts of dependability.In:Proceedings of the 3rd Information Survivability Workshop,Boston,MA,2000,7~12
  • 8Goseva-Postojanova K.,Wang F.,Wang R.,Gong F.,Vaidyanathan K.,Trivedi K.S.,Muthusamy B.Characterizing intrusion tolerant systems using a state transition model.In:Proceedings of DARPA DISCEX Ⅱ Conference,2001,Ⅱ(2):211~221
  • 9Schneier B.Secrets and Lies:Digital Security in a Networked World.New York:John Wiley & Sons,2000
  • 10Dacier M.Towards quantitative evaluation of computer secur ity[Ph.D.dissertation].Institut National Polytechnique de Toulouse,France,1994

共引文献93

同被引文献184

引证文献21

二级引证文献136

计算机学报
2009年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部