摘要
信任链是可信计算机系统的重要部分,它保证计算机系统从可信源头至系统各组件的可信,但存在信任链建立过程的信任度逐层衰减问题。文中通过可信平台控制模块授权CPU进行链式度量,同时TPCM尾随CPU对信任链进行实时的、随机的和分块的度量,然后在平台信任链中嵌入检查点,统计并检查各块运行时间,从而判断各信任节点是否被篡改。该方法提高了信任链建立和验证的实时性,尤其可以防御针对信任链的时间差攻击。
Trust chain, as an important part of trusted computing system, guarantees the trust of computer system from root of trust to various system components, while the trust exhibits a trend of gradual attenuation during the process of trust chain establishment. In this paper, TPCM authorizes CPU to do chain measuring while itself randomly measures the components of the chain in real time. Then the checkpoints are insert to platform trust chain, and the running time of all blocks are checked and recorded so as to find if the trusted nodes are tampered. This method could improve the real-time performance in establishing and validating the trust chain, and in particular, could resist TOCTOU attack against the trust chain.
出处
《信息安全与通信保密》
2012年第2期45-47,共3页
Information Security and Communications Privacy
关键词
可信平台控制模块
信任链
信任传递
trusted platform control module
trust chain
trust transfer