As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of th...As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of the nodes.There is no continuance of network communication between nodes in a delay-tolerant network(DTN).DTN is designed to complete recurring connections between nodes.This approach proposes a dynamic source routing protocol(DSR)based on a feed-forward neural network(FFNN)and energybased random repetition trust calculation in DTN.If another node is looking for a node that swerved off of its path in this situation,routing will fail since it won’t recognize it.However,in the suggested strategy,nodes do not stray from their pathways for routing.It is only likely that the message will reach the destination node if the nodes encounter their destination or an appropriate transitional node on their default mobility route,based on their pattern of mobility.The EBRRTC-DTN algorithm(Energy based random repeat trust computation)is based on the time that has passed since nodes last encountered the destination node.Compared to other existing techniques,simulation results show that this process makes the best decision and expertly determines the best and most appropriate route to send messages to the destination node,which improves routing performance,increases the number of delivered messages,and decreases delivery delay.Therefore,the suggested method is better at providing better QoS(Quality of Service)and increasing network lifetime,tolerating network system latency.展开更多
Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch att...Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.展开更多
Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computi...Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.展开更多
Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled ...Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relation...In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.展开更多
Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mu...Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.展开更多
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM...With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.展开更多
A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture, a newsecurity module TCB (Trusted Computing Base) is adde...A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture, a newsecurity module TCB (Trusted Computing Base) is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection. The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality. Ihe TCBmodule implements the trusted mechanism such as measurement and attestation, while the othercomponents of security kernel provide security functionality based on these mechanisms. Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision. We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.展开更多
Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cry...Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.展开更多
It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen who...It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.展开更多
The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on acc...The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.展开更多
Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signatu...Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signature scheme is constructed, and it is provably existentially unforgeable under adaptive chosen message attack. By decentralizing the initial key generation process of the original scheme within the signature process, a large Merkle tree with 6.87×10^10 possible signatures can be initialized in 590 milliseconds. Storing some small Merkle trees in hard disk and memory can speed up Merkle tree signature scheme. Mekle tree signature schemes are fit for trusted computing platform in most scenarios.展开更多
A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer...A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.展开更多
According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing me...According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.展开更多
Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous qu...Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.展开更多
This paper fist gives an investigation on trusted computing on mainstream operation system (OS). Based on the observations, it is pointed out that Trusted Computing cannot be achieved due to the lack of separation m...This paper fist gives an investigation on trusted computing on mainstream operation system (OS). Based on the observations, it is pointed out that Trusted Computing cannot be achieved due to the lack of separation mechanism of the components in mainstream OS. In order to provide a kind of separation mechanism, this paper proposes a separated domain-based kernel model (SDBKM), and this model is verified by non-interference theory. By monitoring and simplifying the trust dependence between domains, this model can solve problems in trust measurement such as deny of service (DoS) attack, Host security, and reduce the overhead of measurement.展开更多
With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applica...With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applications, like the electronic payment which will be discussed in this paper, the lack of trust in the underlying mobile infrastructure and secure interface to legacy systems (for this case, the banking systems) poses obstacles to their widespread presence in mobile services. Recently, the exposure of hacking of iPhone and other smart phones further emphasizes the criticality of establishing a trust platform for mobile applications. This paper analyzes the building blocks of the trusted smart phone, and proposes a framework to provide a trusted platform for mobile electronic payment. Such a proposed system may allow direct interface to the banking systems due to the banking industry recognized strong security, and hence, may enable its widespread use.展开更多
While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of runni...While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.展开更多
Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadad...Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadada.com and Microsoft and pork tracking blockchains by Walmart and IBM.Blockchain is poised to become the most exciting invention after the Internet;while the latter connects the world to enable new business models based on online business processes,the former will help resolve the trust issue more efficiently via network computing.In this paper,we give an overview on blockchain research and development as well as introduce the papers in this special issue.We show that while blockchain has enabled Bitcoin,the most successful digital currency,its widespread adoption in finance and other business sectors will lead to many business innovations as well as many research opportunities.展开更多
文摘As the use of mobile devices continues to rise,trust administration will significantly improve security in routing the guaranteed quality of service(QoS)supply in Mobile Ad Hoc Networks(MANET)due to the mobility of the nodes.There is no continuance of network communication between nodes in a delay-tolerant network(DTN).DTN is designed to complete recurring connections between nodes.This approach proposes a dynamic source routing protocol(DSR)based on a feed-forward neural network(FFNN)and energybased random repetition trust calculation in DTN.If another node is looking for a node that swerved off of its path in this situation,routing will fail since it won’t recognize it.However,in the suggested strategy,nodes do not stray from their pathways for routing.It is only likely that the message will reach the destination node if the nodes encounter their destination or an appropriate transitional node on their default mobility route,based on their pattern of mobility.The EBRRTC-DTN algorithm(Energy based random repeat trust computation)is based on the time that has passed since nodes last encountered the destination node.Compared to other existing techniques,simulation results show that this process makes the best decision and expertly determines the best and most appropriate route to send messages to the destination node,which improves routing performance,increases the number of delivered messages,and decreases delivery delay.Therefore,the suggested method is better at providing better QoS(Quality of Service)and increasing network lifetime,tolerating network system latency.
基金Supported by the National High-TechnologyResearch and Development Programof China (2002AA1Z2101)
文摘Networks are composed with servers and rather larger amounts of terminals and most menace of attack and virus come from terminals. Eliminating malicious code and ac cess or breaking the conditions only under witch attack or virus can be invoked in those terminals would be the most effec tive way to protect information systems. The concept of trusted computing was first introduced into terminal virus immunity. Then a model of security domain mechanism based on trusted computing to protect computers from proposed from abstracting the general information systems. The principle of attack resistant and venture limitation of the model was demonstrated by means of mathematical analysis, and the realization of the model was proposed.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023) Network andInformation Security Key Laboratory Programof Ministry of Educa-tion of China
文摘Trusted computing is the new trend of information security today. This paper surveys the theory and technology of trusted computing. The development history of trusted computing, and the development of trusted computing in China are introduced in this paper, and then it analyzes some problems of trusted computing at present which are delay in theory research, some key technologies to be developed and lack of trusted software system. Some fields are worthy to be explored on are pointed out including key technology, basic theory and application in trusted computing.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 and 90104005)HP Labo-ratories of China
文摘Current delegation mechanism of grid security infrastructure (GSI) can't satisfy the requirement of dynamic, distributed and practical security in grid virtual organization. To improve this situation, a TC-enabled GSI is discussed in this paper. With TC-enabled GSI, a practical delegation solution is proposed in this paper through enforcing fine granularity policy over distributed platforms with the emerging trusted computing technologies. Here trusted platform module is treated as a tamper-resistance module to improve grid security infrastructure. With the implement of Project Daonity, it is demonstrated that the solution could gain dynamic and distributed security in grid environment.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金Supported by the National High-Technology Re-search and Development Program ( 863 Program)China(2004AA113020)
文摘In this paper, a formal approach based on predicate logic is proposed for representing and reasoning of trusted computing models. Predicates are defined to represent the characteristics of the objects and the relationship among these objects in a trusted system according to trusted computing specifications. Inference rules of trusted relation are given too. With the semantics proposed, some trusted computing models are formalized and verified, which shows that Predicate calculus logic provides a general and effective method for modeling and reasoning trusted computing systems.
基金the National Natural Science Foundation of China (60673071, 60743003,90718005,90718006)the National High Technology Research and Development Program of China (2006AA01Z442,2007AA01Z411)
文摘Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
基金Supported by the National Program on Key Basic Re-search Project of China (G1999035801)
文摘With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.
基金Supported by the National Basic Research Programof China (G1999035801)
文摘A security kernel architeclrne built on trusted computing platform in thelight of thinking about trusted computing is presented According to this architecture, a newsecurity module TCB (Trusted Computing Base) is added to the operation system kerneland twooperation interface modes are provided for the sake of self-protection. The security kernel isdivided into two parts and trusted mechanism Is separated from security functionality. Ihe TCBmodule implements the trusted mechanism such as measurement and attestation, while the othercomponents of security kernel provide security functionality based on these mechanisms. Thisarchitecture takes full advantage of functions provided by trusted platform and clearly defines thesecurity perimeter of TCB so as to assure stlf-securily from architcetmal vision. We also presentfunction description of TCB and discuss the strengths and limitations comparing with other relatedresearches.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 ,90104005) HP Laborato-ry of China
文摘Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.
基金the National High Technology Research and Development Program of China (2007AA01Z412)
文摘It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa- tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.
基金Supported by Specialized Research Fund for theDoctoral Programof Higher Education of China (20050013011)
文摘The conception of trusted network connection (TNC) is introduced, and the weakness of TNC to control user's action is analyzed. After this, the paper brings out a set of secure access and control model based on access, authorization and control, and related authentication protocol. At last the security of this model is analyzed. The model can improve TNC's security of user control and authorization.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘Lack of efficiency in the initial key generation process is a serious shortcoming of Merkle tree signature scheme with a large number of possible signatures. Based on two kinds of Merkle trees, a new tree type signature scheme is constructed, and it is provably existentially unforgeable under adaptive chosen message attack. By decentralizing the initial key generation process of the original scheme within the signature process, a large Merkle tree with 6.87×10^10 possible signatures can be initialized in 590 milliseconds. Storing some small Merkle trees in hard disk and memory can speed up Merkle tree signature scheme. Mekle tree signature schemes are fit for trusted computing platform in most scenarios.
基金the National High Technology Research and Development Program of China(863 Program) (2005AA145110, 2006AA01Z436)the Natural Science Foundation of Shanghai (05ZR14083)the Pudong New Area Technology Innovation Public Service Platform of China (PDPT2005-04)
文摘A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.
基金supported by the National Natural Science Foundation of China(The key trusted running technologies for the sensing nodes in Internet of things: 61501007The outstanding personnel training program of Beijing municipal Party Committee Organization Department (The Research of Trusted Computing environment for Internet of things in Smart City: 2014000020124G041
文摘According to the high operating costs and a large number of energy waste in the current data center network architectures, we propose a kind of trusted flow preemption scheduling combining the energy-saving routing mechanism based on typical data center network architecture. The mechanism can make the network flow in its exclusive network link bandwidth and transmission path, which can improve the link utilization and the use of the network energy efficiency. Meanwhile, we apply trusted computing to guarantee the high security, high performance and high fault-tolerant routing forwarding service, which helps improving the average completion time of network flow.
基金supported by the National Natural Science Foundation of China (60774091)
文摘Quorum systems have been used to solve the problem of data consistency in distributed fault-tolerance systems. But when intrusions occur, traditional quorum systems have some disadvantages. For example, synchronous quorum systems are subject to DOS attacks, while asynchronous quorum systems need a larger system size (at least 3f+1 for generic data, and f fewer for self-verifying data). In order to solve the problems above, an intrusion-tolerance quorum system (ITQS) of hybrid time model based on trust timely computing base is presented (TTCB). The TTCB is a trust secure real-time component inside the server with a well defined interface and separated from the operation system. It is in the synchronous communication environment while the application layer in the server deals with read-write requests and executes update-copy protocols asynchronously. The architectural hybridization of synchrony and asynchrony can achieve the data consistency and availability correctly. We also build two kinds of ITQSes based on TTCB, i.e., the symmetrical and the asymmetrical TTCB quorum systems. In the performance evaluations, we show that TTCB quorum systems are of smaller size, lower load and higher availability.
基金Supported bythe National Basic Research Programof China (G1999035801)
文摘This paper fist gives an investigation on trusted computing on mainstream operation system (OS). Based on the observations, it is pointed out that Trusted Computing cannot be achieved due to the lack of separation mechanism of the components in mainstream OS. In order to provide a kind of separation mechanism, this paper proposes a separated domain-based kernel model (SDBKM), and this model is verified by non-interference theory. By monitoring and simplifying the trust dependence between domains, this model can solve problems in trust measurement such as deny of service (DoS) attack, Host security, and reduce the overhead of measurement.
基金This work was supported by the National Nature Science Foundation of China under Grant No.60472014.
文摘With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applications, like the electronic payment which will be discussed in this paper, the lack of trust in the underlying mobile infrastructure and secure interface to legacy systems (for this case, the banking systems) poses obstacles to their widespread presence in mobile services. Recently, the exposure of hacking of iPhone and other smart phones further emphasizes the criticality of establishing a trust platform for mobile applications. This paper analyzes the building blocks of the trusted smart phone, and proposes a framework to provide a trusted platform for mobile electronic payment. Such a proposed system may allow direct interface to the banking systems due to the banking industry recognized strong security, and hence, may enable its widespread use.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60373087 ,60473023)
文摘While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.
文摘Blockchain has become a new frontier of venture capitals that has attracted the attention of banks,governments,and other business corporations.The recent blockchain related attempts included legal blockchains by Fadada.com and Microsoft and pork tracking blockchains by Walmart and IBM.Blockchain is poised to become the most exciting invention after the Internet;while the latter connects the world to enable new business models based on online business processes,the former will help resolve the trust issue more efficiently via network computing.In this paper,we give an overview on blockchain research and development as well as introduce the papers in this special issue.We show that while blockchain has enabled Bitcoin,the most successful digital currency,its widespread adoption in finance and other business sectors will lead to many business innovations as well as many research opportunities.