Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch att...Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.展开更多
To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist ...To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist in the cloud platform, a novel trusted domain hierarchical model(TDHM) based on noninterference theory was proposed in this paper to solve these problems. First of all, the abstraction modeling of tenants' computing environment and trusted domain(TD) were introduced for designing TDHM with formal methods. Secondly, corresponding constraints for trusted running were given to satisfy security requirements of tenants' TD, and security properties of TDHM ware analyzed. After that, trusted behavior of TD was defined based on these properties, and the decision theorem of that was proved. It illustrated that the design and implementation of TD in cloud followed the model with characteristics of trusted behavior. Finally, the implementation of prototype system was introduced based on our previous work, and evaluation results showed that the performance loss was in the acceptable range.展开更多
基金Supported by the National High-TechnologyResearch and Development Programof China (2002AA1Z2101)
文摘Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.
基金supported by the National Natural Science Foundation of China (61272447)the National Key Technology R&D Program of China (2012BAH18B05)the National New Generation Broadband Wireless Mobile Communication Network Major Project (03 Project) of China (12H1510)
文摘To ensure the integrity and security of cloud tenants' workload, and to prevent unexpected interference among tenants, cloud platform must make sure that system behaviors are trusted. By analyzing threats that exist in the cloud platform, a novel trusted domain hierarchical model(TDHM) based on noninterference theory was proposed in this paper to solve these problems. First of all, the abstraction modeling of tenants' computing environment and trusted domain(TD) were introduced for designing TDHM with formal methods. Secondly, corresponding constraints for trusted running were given to satisfy security requirements of tenants' TD, and security properties of TDHM ware analyzed. After that, trusted behavior of TD was defined based on these properties, and the decision theorem of that was proved. It illustrated that the design and implementation of TD in cloud followed the model with characteristics of trusted behavior. Finally, the implementation of prototype system was introduced based on our previous work, and evaluation results showed that the performance loss was in the acceptable range.
