Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of truste...Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.展开更多
Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent techni...Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.展开更多
This paper analyzes the threat of TCG Software Stack(TSS)/TCM Service Module(TSM) deadlock in multi-user environment such as cloud and discusses its causes and mechanism.In addition,this paper puts forward a dynamic p...This paper analyzes the threat of TCG Software Stack(TSS)/TCM Service Module(TSM) deadlock in multi-user environment such as cloud and discusses its causes and mechanism.In addition,this paper puts forward a dynamic priority task scheduling strategy based on value evaluation to handle this threat.The strategy is based on the implementation features of trusted hardware and establishes a multi-level ready queue.In this strategy,an algorithm for real-time value computing is also designed,and it can adjust the production curves of the real time value by setting parameters in different environment,thus enhancing its adaptability,which is followed by scheduling and algorithm description.This paper also implements the algorithm and carries out its performance optimization.Due to the experiment result from Intel NUC,it is shown that TSS based on advanced DPTSV is able to solve the problem of deadlock with no negative influence on performance and security in multi-user environment.展开更多
基金Supported by the National Natural Science Foun-dation of China (60373054)
文摘Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.
基金National Natural Science Foundation of China under Grant No. 60873203Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education under Grant No. AISTC2009_03+1 种基金Hebei National Funds for Distinguished Young Scientists under Grant No. F2010000317National Science Foundation of Hebei Province under Grant No. F2010000319
文摘Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.
基金supported by the State Key Program of National Natural Science Foundation of China(Grant No.91118003)the National Natural Science Foundation of China(Grant No.61173138,61272452,61332019)+1 种基金the National Basic Research Program of China("973"Program)(Grant No.2014CB340600)the National High-Tech Research and Development Program of China("863"Program)(Grant No.2015AA016002)
文摘This paper analyzes the threat of TCG Software Stack(TSS)/TCM Service Module(TSM) deadlock in multi-user environment such as cloud and discusses its causes and mechanism.In addition,this paper puts forward a dynamic priority task scheduling strategy based on value evaluation to handle this threat.The strategy is based on the implementation features of trusted hardware and establishes a multi-level ready queue.In this strategy,an algorithm for real-time value computing is also designed,and it can adjust the production curves of the real time value by setting parameters in different environment,thus enhancing its adaptability,which is followed by scheduling and algorithm description.This paper also implements the algorithm and carries out its performance optimization.Due to the experiment result from Intel NUC,it is shown that TSS based on advanced DPTSV is able to solve the problem of deadlock with no negative influence on performance and security in multi-user environment.
