摘要
随着计算机网络的深度应用,最突出的威胁是:恶意代码攻击、信息非法窃取、数据和系统非法破坏,其中以用户秘密信息为目标的恶意代码攻击超过传统病毒成为最大安全威胁,这些安全威胁的根源在于缺乏体系架构层次的计算机的恶意代码攻击免疫机制,导致无法实现计算网络平台安全、可信赖地运行.可信网络连接是在此背景下提出的一种技术理念,它通过建立一种特定的完整性度量机制,使网络接入时不仅对用户的身份进行鉴别,还可提供对平台鉴别,就是基于平台完整性评估,具备对不可信平台的程序代码建立有效的防治方法和措施.根据我国已有的可信网络连接国家标准,给出可信连接架构TCA的实现及其相关的支撑技术,最后探讨了可信连接架构TCA技术的应用范围.
With the deep application of computer network, the main threats in network includes malicious code attacks, illegal information theft, data and system illegal destruction and so on. In these threats, malicious code attacks targeting users’ privacy information becomes the biggest security threat beyond traditional virus. The root of these security threats lies in the lack of architecture-level computer malicious code attack immune mechanism which can help the computer immune system to prevent malicious code attacks , and make sure the computing network platform operate securely and reliably. Therefore, the technical concept of trusted network connection was proposed. Through establishing a specific mechanism of integrity measurement can achieve platform authentication in addition to the authentication of user’s identity in network access process. Platform authentication is an effective methods to prevent illegal accessing of untrustworthy platform with malicious code. This paper presents implementation and related supporting technologies of TCA specified in China national standards, and discusses the application of TCA.
出处
《信息安全研究》
2017年第4期332-338,共7页
Journal of Information Security Research
关键词
可信计算
可信网络连接
平台鉴别
完整性度量
三元对等实体鉴别
可信连接架构
trusted computing
trusted network connection
platform authentication
integrity measurement
tri-element peer authentication
trusted connect architecture
