基于可信计算的移动智能终端安全技术研究
|
摘要
随着无线通信技术的快速发展,移动网络的通信能力日益提高,具有更强大处理能力和更多存储空间的移动智能终端成为移动计算领域的发展趋势。与传统的移动电话不同,以数据为中心的移动智能终端拥有独立的操作系统,具备安装和运行第三方软件的能力,并面向个人用户提供移动互联网服务和数据计算及存储服务,成为人们日常生活中不可缺少的个人信息中心和办公助手,但也导致了其成为病毒和恶意软件的攻击目标,使个人隐私信息面临着巨大的安全威胁。由于移动环境的复杂性,其面临的安全问题比PC更严峻,造成的危害也更大。移动智能终端安全已经成为当今社会亟待解决的问题,是制约移动互联网发展的关键因素之一。现有的以防病毒技术为基础的安全防护方案只能降低被攻击的风险,并不能从根本上杜绝安全隐患。
针对存在的安全问题,从系统的角度出发,对移动智能终端的可信体系结构和关键安全技术进行了研究,主要取得了以下几个方面的研究成果:
(1)构建了基于可信计算技术和现有智能手机的硬件结构的移动智能终端可信体系架构,实现软件形式的MTM(Mobile Trusted Module)模块,并以微内核为可信基面向内核各组件建立信任链,保证整个系统运行环境的可信。经过分析,智能卡的硬件特性和应用隔离性能够很好的满足MTM的安全需求,并给出了全启动过程可信性和安全性的形式化论证,对比分析结果和相应规范,采用可信体系架构的智能终端满足安全等级2要求,能够很好的满足用户隐私数据和金融交易的安全性要求。
(2)建立了基于使用控制模型的移动应用动态行为可信度量机制,依照应用运行状态的变化,将动态度量过程划分为启动前静态使用控制过程和运行中的动态使用控制过程两个阶段。第一阶段通过完整性条件和能力访问层次访问控制进行使用控制授权,当满足控制规则时,授权应用启动。第二阶段通过拦截应用关键行为对系统的调用,启发式的分析行为链的可信属性以及对系统数据和用户数据的完整性影响,依照动态授权规则控制应用的继续运行。在系统动态可信基础之上,基于属性阈值的远程证明能够向远程方证明平台具有要求的最低安全属性,属性证明的粒度细且灵活性强。
(3)通过将可信网络连接技术扩展到移动网络环境,提出了移动可信网络连接认证体系方案。认证机制不仅依赖于用户身份,还依赖于移动智能终端平台的软硬件配置状态。该方案以端口接入控制技术和改进的EAP认证协议为基础,采用直接匿名认证(DirectAnonymousAttention, DAA)和远程证明技术向认证服务器证明MTM模块的真实性和平台可信状态,实现了移动智能终端在本地网络和漫游网络的可信接入认证。认证过程中采用的用户身份匿名认证机制可保护用户隐私和防止追踪攻击。针对移动环境存在多个可信域而不能直接使用DAA的问题,提出了可信联合域DAA(UDAA)认证方案,拥有域联合证书的终端通过该方案能够直接使用DAA向跨可信域的校验方证明MTM模块的合法性。与现有认证方案相比,UDAA方案具有认证效率高,终端主机和MTM计算量少等优点。
(4)在移动可信网络体系结构下,针对OMADRMv2.0存在的安全威胁,尤其是在终端解析内容过程中存在的安全问题,将可信计算技术引入到数字版权保护中,提出了适合于移动可信环境的改进OMADRM方案。依照数字内容的使用流程,研究了可信DRM应用下载、DCF下载、可信ROAP协议和DRM内容解析等四个主要过程,并利用基于行为的可信度量保护DRM应用的完整性和解析行为的可信性。借助可信终端提供的安全存储机制以及时间保护机制和计数保护机制有效保护了解析过程中数字内容和密钥的安全,并确保使用权限的强制执行。
最后,设计了与安全存储卡高速传输控制指令的指令识别协议,以智能TF卡为基础实现了移动智能终端可信体系架构的原型系统。
With the rapid development of wireless communication technology, the communicationcapability of mobile network increases day by day, mobile smart terminals with morepowerful processing capabilities and storage space are becoming the developing trend ofmobile computing. Different from traditional feature phone, the data-centric mobile smartterminal is featured with independent operating system and the ability to install and runthird-party software, and it provides mobile Internet surfing service, data computing andstorage service for the individual user. Mobile smart terminal becomes the informationprocessing center and office assistant in people's daily work and life, however, that attractsattacks from viruses and malicious software, bringing secure threats to personal privacyinformation. Due to the complexity of mobile environment, the security issues faced by themobile terminals are much more serious than the PCs, and so it is with the damage. Thesecurity of mobile smart terminal has become today's unsolved social problems, which isone of the key factors restricting the development of mobile Internet. The security solutionsbased on anti-virus technology can only reduce the risk of being attack, but can not solvethe security problem essentially. Therefore, it is necessary to construct trust mobile terminalarchitecture to eliminate the security threats and risk from the essence of security issues.
For the existed security issues, this dissertation studies the trust architecture of mobilesmart terminal and several key security technologies from the viewpoint of system. Themain research results are as follows:
(1)The trusted mobile terminal based on trusted computing technology uses the existedsmartphone hardware architecture, and implements a software-based MTM module insidethe secure element and the secure storage memory in secure boundaries. By using themicro-kernel as the Trusted Computing Based (TCB), the trust software structure is builtbased on paravirtualization technology. The secure boot procedure in the micro-kernelensures the establishment of trust chain in TCB; after the trust boot, the trust relationship isextended to the core components to ensure the system bootstrap into a trust runningenvironment. After analysis, the smartcard hardware feature and Applet isolation feature can meet the security requirements of the MTM. By using the formal Analysis method, thetrustworthy and security of the secure boot can be demonstrated in theory. According to theTMP Specification, the proposed architecture can meet the security requirements of ClassLevel2, which can protect user privacy and carry out secure transaction.
(2)The application behavior dynamic measurement mechanism is proposed byintroducing a behavior-based usage control (UCON) model and it divides the dynamicmeasurement into two stages in accordance with the running state of application: thepre-start static usage control and the on-running dynamic usage control. The first stageaccomplishes the usage control authorization relies on the integrity measurement resultsand the capability level based access control. When the control policy is met, application isauthorized to start. The second stage intercepts the key system call of application behavior,and analyzes the trusted property of the key behavior chain and the integrity impact on thesystem data and user data by busing the heuristic algorithm, then authorizes the applicationcontinue to run according to dynamic control policy. Based on the dynamic trust runningenvironment of the system, a proposed threshold property remote attestation scheme canprove that the platform have the required security properties to the remote platform. Suchscheme is featured with fine-grained and flexibility.
(3)One mobile trust network connection (MTNC) authentication architecture isproposed by extending the TNC technology to mobile network environment, suchauthentication mechanism depends not only on user identification, but also the trust statusof mobile platform. Based on port access control mechanism and improved EAPauthentication protocols, the MTNC adopts direct anonymous authentication (DAA) andremote attestation to prove the authenticity of the MTM module and the trust status of themobile platform, which realizes the Home Network and Roaming Network accessauthentication. User anonymous authentication mechanism used in the identificationprocedure can protect user privacy and prevent tracking attacks. For the problem that theexisting DAA scheme can not be achieved directly in multi trust domains in mobileenvironment, a trust domain Union DAA (UDAA) is proposed. Mobile terminal whichobtains the domain union credential can use the DAA to prove the legitimacy of the MTMmodule effectively to the remote cross-domain verifier by using the UDAA scheme.
(4)Under the mobile trust network architecture, for the existing security threats inOMA DRM v2.0, especially the security issues exposed when rendering digital content inmobile platform, an improvement OMA DRM scheme suitable for the trust mobileenvironment is proposed by introducing trust computing technology to the digital rightsprotection. In accordance with the usage procedure of digital content, four main processessuch as trusted DRM application downloading, DCF downloading, trust ROAP protocoland DRM content rendering are analyzed in detail. By using the behavior-based trustmeasurement, the proposed scheme can protect the integrity of DRM application and thetrustworthiness of the DRM content rending behavior. With the secure storage mechanismprovide by the trust terminal, the decrypted content and related key in rending procedurecan be protected effectively, and the time and count protection mechanism can ensure theenforcement digital usage rights.
Finally, an identification protocol is designed to transfer control command to the securestorage card with high-speed. One prototype system is completed to realize full protectionin the mobile phone system based on smart TF card.
针对存在的安全问题,从系统的角度出发,对移动智能终端的可信体系结构和关键安全技术进行了研究,主要取得了以下几个方面的研究成果:
(1)构建了基于可信计算技术和现有智能手机的硬件结构的移动智能终端可信体系架构,实现软件形式的MTM(Mobile Trusted Module)模块,并以微内核为可信基面向内核各组件建立信任链,保证整个系统运行环境的可信。经过分析,智能卡的硬件特性和应用隔离性能够很好的满足MTM的安全需求,并给出了全启动过程可信性和安全性的形式化论证,对比分析结果和相应规范,采用可信体系架构的智能终端满足安全等级2要求,能够很好的满足用户隐私数据和金融交易的安全性要求。
(2)建立了基于使用控制模型的移动应用动态行为可信度量机制,依照应用运行状态的变化,将动态度量过程划分为启动前静态使用控制过程和运行中的动态使用控制过程两个阶段。第一阶段通过完整性条件和能力访问层次访问控制进行使用控制授权,当满足控制规则时,授权应用启动。第二阶段通过拦截应用关键行为对系统的调用,启发式的分析行为链的可信属性以及对系统数据和用户数据的完整性影响,依照动态授权规则控制应用的继续运行。在系统动态可信基础之上,基于属性阈值的远程证明能够向远程方证明平台具有要求的最低安全属性,属性证明的粒度细且灵活性强。
(3)通过将可信网络连接技术扩展到移动网络环境,提出了移动可信网络连接认证体系方案。认证机制不仅依赖于用户身份,还依赖于移动智能终端平台的软硬件配置状态。该方案以端口接入控制技术和改进的EAP认证协议为基础,采用直接匿名认证(DirectAnonymousAttention, DAA)和远程证明技术向认证服务器证明MTM模块的真实性和平台可信状态,实现了移动智能终端在本地网络和漫游网络的可信接入认证。认证过程中采用的用户身份匿名认证机制可保护用户隐私和防止追踪攻击。针对移动环境存在多个可信域而不能直接使用DAA的问题,提出了可信联合域DAA(UDAA)认证方案,拥有域联合证书的终端通过该方案能够直接使用DAA向跨可信域的校验方证明MTM模块的合法性。与现有认证方案相比,UDAA方案具有认证效率高,终端主机和MTM计算量少等优点。
(4)在移动可信网络体系结构下,针对OMADRMv2.0存在的安全威胁,尤其是在终端解析内容过程中存在的安全问题,将可信计算技术引入到数字版权保护中,提出了适合于移动可信环境的改进OMADRM方案。依照数字内容的使用流程,研究了可信DRM应用下载、DCF下载、可信ROAP协议和DRM内容解析等四个主要过程,并利用基于行为的可信度量保护DRM应用的完整性和解析行为的可信性。借助可信终端提供的安全存储机制以及时间保护机制和计数保护机制有效保护了解析过程中数字内容和密钥的安全,并确保使用权限的强制执行。
最后,设计了与安全存储卡高速传输控制指令的指令识别协议,以智能TF卡为基础实现了移动智能终端可信体系架构的原型系统。
With the rapid development of wireless communication technology, the communicationcapability of mobile network increases day by day, mobile smart terminals with morepowerful processing capabilities and storage space are becoming the developing trend ofmobile computing. Different from traditional feature phone, the data-centric mobile smartterminal is featured with independent operating system and the ability to install and runthird-party software, and it provides mobile Internet surfing service, data computing andstorage service for the individual user. Mobile smart terminal becomes the informationprocessing center and office assistant in people's daily work and life, however, that attractsattacks from viruses and malicious software, bringing secure threats to personal privacyinformation. Due to the complexity of mobile environment, the security issues faced by themobile terminals are much more serious than the PCs, and so it is with the damage. Thesecurity of mobile smart terminal has become today's unsolved social problems, which isone of the key factors restricting the development of mobile Internet. The security solutionsbased on anti-virus technology can only reduce the risk of being attack, but can not solvethe security problem essentially. Therefore, it is necessary to construct trust mobile terminalarchitecture to eliminate the security threats and risk from the essence of security issues.
For the existed security issues, this dissertation studies the trust architecture of mobilesmart terminal and several key security technologies from the viewpoint of system. Themain research results are as follows:
(1)The trusted mobile terminal based on trusted computing technology uses the existedsmartphone hardware architecture, and implements a software-based MTM module insidethe secure element and the secure storage memory in secure boundaries. By using themicro-kernel as the Trusted Computing Based (TCB), the trust software structure is builtbased on paravirtualization technology. The secure boot procedure in the micro-kernelensures the establishment of trust chain in TCB; after the trust boot, the trust relationship isextended to the core components to ensure the system bootstrap into a trust runningenvironment. After analysis, the smartcard hardware feature and Applet isolation feature can meet the security requirements of the MTM. By using the formal Analysis method, thetrustworthy and security of the secure boot can be demonstrated in theory. According to theTMP Specification, the proposed architecture can meet the security requirements of ClassLevel2, which can protect user privacy and carry out secure transaction.
(2)The application behavior dynamic measurement mechanism is proposed byintroducing a behavior-based usage control (UCON) model and it divides the dynamicmeasurement into two stages in accordance with the running state of application: thepre-start static usage control and the on-running dynamic usage control. The first stageaccomplishes the usage control authorization relies on the integrity measurement resultsand the capability level based access control. When the control policy is met, application isauthorized to start. The second stage intercepts the key system call of application behavior,and analyzes the trusted property of the key behavior chain and the integrity impact on thesystem data and user data by busing the heuristic algorithm, then authorizes the applicationcontinue to run according to dynamic control policy. Based on the dynamic trust runningenvironment of the system, a proposed threshold property remote attestation scheme canprove that the platform have the required security properties to the remote platform. Suchscheme is featured with fine-grained and flexibility.
(3)One mobile trust network connection (MTNC) authentication architecture isproposed by extending the TNC technology to mobile network environment, suchauthentication mechanism depends not only on user identification, but also the trust statusof mobile platform. Based on port access control mechanism and improved EAPauthentication protocols, the MTNC adopts direct anonymous authentication (DAA) andremote attestation to prove the authenticity of the MTM module and the trust status of themobile platform, which realizes the Home Network and Roaming Network accessauthentication. User anonymous authentication mechanism used in the identificationprocedure can protect user privacy and prevent tracking attacks. For the problem that theexisting DAA scheme can not be achieved directly in multi trust domains in mobileenvironment, a trust domain Union DAA (UDAA) is proposed. Mobile terminal whichobtains the domain union credential can use the DAA to prove the legitimacy of the MTMmodule effectively to the remote cross-domain verifier by using the UDAA scheme.
(4)Under the mobile trust network architecture, for the existing security threats inOMA DRM v2.0, especially the security issues exposed when rendering digital content inmobile platform, an improvement OMA DRM scheme suitable for the trust mobileenvironment is proposed by introducing trust computing technology to the digital rightsprotection. In accordance with the usage procedure of digital content, four main processessuch as trusted DRM application downloading, DCF downloading, trust ROAP protocoland DRM content rendering are analyzed in detail. By using the behavior-based trustmeasurement, the proposed scheme can protect the integrity of DRM application and thetrustworthiness of the DRM content rending behavior. With the secure storage mechanismprovide by the trust terminal, the decrypted content and related key in rending procedurecan be protected effectively, and the time and count protection mechanism can ensure theenforcement digital usage rights.
Finally, an identification protocol is designed to transfer control command to the securestorage card with high-speed. One prototype system is completed to realize full protectionin the mobile phone system based on smart TF card.
引文
[1]郑宇.4G无线网络安全若干关键技术研究[D].成都:西南交通大学,2006.
[2]张勉.移动通信技术的发展历史及趋势[J].电脑与电信,2007,9:19-20.
[3]孔晓波.浅谈移动通信终端发展趋势[J].移动通信,2007,12:48-52.
[4] S.J. Vaughan-Nichols. OSs battle in the smart-phone market [J]. Computer,2003,36(6):10-12.
[5] C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses[C]. In:Proceedings of Third ACM Workshop on Hot Topics in Networks (HotNets-III),New York: ACM Press2004:p6.
[6] Van Cleeff. A. Future consumer mobile phone security: a case study using thedata-centric security model [J]. Information Security Technical Report,2008,13(3):112-117.
[7] Jen Mailley. UK Mobile Phone Theft Costs at least1Bn [EB/OL],2006.http://www-staff.lboro.ac.uk/~ssgf/PDFs/2006_Cost_of_Mobile_Phone_Theft.pdf.
[8] Sandra Haurant. Mobile stolen every12seconds [EB/OL], Tuesday May16,2006.http://www.guardian.co.uk/money/2006/may/16/internetphonesbroadband.phones.
[9] D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: Theviruses are coming![J]. IEEE Pervasive Computing,2004,3(4):11-15.
[10] J.Cheng, S. H. Y. Song, H. Yang et.al. SmartSiren: Virus Detection and Alert forSmartphones[C]. In:Mobisys’07, New York:ACM Press.2007:258-271.
[11] Wayne Jansen, Karen Scarfone. Guidelines on Cell Phone and PDA Security[EB/OL],2008. http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf.
[12] iGR. Securing Mobile Devices on Converged Networks White Paper [EB/OL],2006,http://complianceandprivacy.com/supplementary-papers/TCG-iGR-mobile-security-white-paper-sept-2006.pdf.
[13] Bruce Potter. Securing the mobile device [J]. Network Security,2004,2004(2):4-5.
[14] Olivier Benoit, Nora Dabbous, Laurent Gautron et.al. Mobile Terminal Security[EB/OL],2004. http://eprint.iacr.org/2004/158.pdf.
[15] J.Cheng, S. H. Y. Song, H. Yang et.al. SmartSiren: Virus Detection and Alert forSmartphones[C]. In: Mobisys’07, New York:ACM Press.2007:258-271
[16]刘一静,孙莹,蔺洋.基于手机病毒攻击方式的研究[J].信息安全与通信保密,2007,12:96-98.
[17] Sampo T yssy and Marko Helenius. About malicious software in smartphones [J].Computer Virology,2006,2(2):109-119.
[18] A. Bose and K. G. Shin. On Mobile Viruses Exploiting Messaging and BluetoothServices[C]. In:SecureComm06, New York:IEEE Press,2006:322-331.
[19] S. Y. Teck and T. E. Hong. A Mobile Phone Malicious Software Detection Modelwith Behavior Checker[C].In HSI2005, Berlin Heidelberg:Springer-Verlag.2005:57–65.
[20]吴俊军,方明伟,张新访.基于启发式行为监测的手机病毒防治研究[J].计算机工程与科学,2010,32(1):35-38.
[21] Suhizaz Sudin, Alexei Tretiakov, Raja Haslinda Raja Mohd Ali et.al. Attacks onMobile Networks: An Overview of New Security Challenge [C]. In:2008International Conference on Electronic Design, ICED2008. New York: IEEEPress,2008.
[22] Arbaugh W.A. Wireless security is different [J]. IEEE Computer.2003,36(8):99-101.
[23] Woo T., Yacobi Y. Topics in wireless security [J]. IEEE Wireless Communications.2004,11(1):6-7.
[24] Reijo Savola, Pasi Ahonen, Juha Roning. Information Security Threats to MobileServices Development[C]. In: EUROCON2005-The International Conference on'Computer as a Tool', New York: IEEE Press,2005:145:149.
[25] Evgenia Pisko, Kai Rannenberg, Heiko Roβnagel. Trusted Computing in MobilePlatforms: Players, Usage Scenarios, and Interests [J]. Datenschutz andDatensicherheit,2005,29(9):526-530.
[26]林宏刚.可信网络连接若干关键技术的研究[D].成都:四川大学,2006.
[27] Bojan Bakmaz, Miodrag Bakmaz and Zoran Bojkovic. Security Aspects in FutrueMobile Networks[C]. In: IWSSIP2008, New York: IEEE Press,2008:479-482.
[28] Trusted Mobile Platform: Hardware Architecture Description [EB/OL],2004.http://xml.coverpages.org/TMP-HWADv10.pdf.
[29] Trusted Mobile Platform:Software Architecture Description[EB/OL],2004.http://xml.coverpages.org/TMP-SWADv10.pdf.
[30] Trusted Mobile Platform:Protocol Specification Document[EB/OL],2004.http://xml.coverpages.org/TMP-ProtocolV10.pdf.
[31] OMTP. Application Framework Concept Paper [EB/OL],2005.http://internal.omtp.org/Lists/ReqPublications/Attachments/21/OMTP_Application_Framework.pdf.
[32] OMTP. Application Security Framework v2.2[EB/OL],2008.http://internal.omtp.org/Lists/ReqPublications/Attachments/47/OMTP_Application_Security_Framework_v2_2.pdf.
[33] OMTP. Mobile Application Security: Requirements for Mobile ApplicationSigning Schemes v1.3[EB/OL],2007.http://internal.omtp.org/Lists/ReqPublications/Attachments/31/OMTP_Signing_Scheme_Requirements_V1_3.pdf.
[34] OMTP. Trusted Environment: OMTP TR0v1.2[EB/OL],2009.http://internal.omtp.org/Lists/ReqPublications/Attachments/56/OMTP_Trusted_Environment_OMTP_TR0_v1_2.pdf.
[35] OMTP. Advanced Trusted Environment: OMTP TR1v1.1[EB/OL],2009.http://internal.omtp.org/Lists/ReqPublications/Attachments/54/OMTP_Advanced_Trusted_Environment_OMTP_TR1_v1_1.pdf.
[36] TCG MPWG. Mobile Phone Work Group: Use Case Scenarios-v2.7[EB/OL],2005.https://members.trustedcomputinggroup.org/groups/mobile/MPWG_Use_Cases.pdf.
[37] TCG MPWG. Mobile Trusted Module Specification, v1.0[EB/OL],2007.https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-trusted-module-1.0.pdf.
[38] TCG MPWG. TCG Mobile Reference Architecture v1.0[EB/OL],2007.https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-architecture-1.0.pdf.
[39] TCG MPWG. TCG Mobile Abstraction Layer v1.0[EB/OL],2010.http://www.trustedcomputinggroup.org/files/static_page_files/3D9503D5-1A4B-B294-D02404634C7AFEA0/tcg-mtm-mobile-abstraction-layer-1.0r2.03.pdf.
[40] Ahmad-Reza Sadeghi. Trusted Computing-Special Aspects and Challenges[C].In:SOPSEM2008, LNCS4910, Berlin Heidelberg:Springer-Verlag,2008:98-117.
[41]腾讯移动安全实验室.“安自心,简随行”——基于MTAA的移动安全解决方案白皮书[EB/OL],2011. http://www.cnbeta.com/down/mtaa.pdf.
[42] Symantec. http://www.symantec.com/index.jsp.
[43] Trend Micro. http://us.trendmicro.com/us/products/enterprise/mobile-security/.
[44] Jain A. K, Lin Hong, Pankati S. B..An identity authentication system usingfingerprints[C]. In: Proceedings of the IEEE,1997,85(9):1365-1388.
[45] Lee J.K., Ryu S.R., Yoo K.Y..Fingerprint-based remote user authenticationscheme using smart cards [J]. Electronics Letters,2002,38(12):554-555.
[46] Lin C.H., Lai Y. Y.. A flexible biometrics remote user authentication scheme [J].Computer Standards&Interfaces,2004,27(1):19-23.
[47]郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案[J].计算机学报,2006,29(8):1255-1264.
[48]陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案[J].东北大学学报(自然科学版),2008,29(8):1096-1099.
[49]赵波,张焕国,李晶等.可信PDA计算平台系统结构与安全机制[J].计算机学报,2010,33(1):82-92.
[50] Jetway Information Security Industry Corporation. J2810security chip [EB/OL].2008-04-28. http://jetsec.com.cn/third/3cp/cp-ESM.htm.
[51] Najwa Aaraj, Anand Raghunathan, Niraj K.JHA. Analysis and Design of aHardware/Software Trusted Platform Module for Embedded Systems [J]. ACMTransactions on Embedded Computing Systems,2008,8(1):8-38.
[52] Markku Kylanpaa, Jan-Erik Ekberg. Mobile Trusted Module (MTM)-anintroduction [EB/OL].2007, http://research.nokia.com/files/NRCTR2007015.pdf.
[53] Kurt Dietrich. An Integrated Architecture for Trusted Computing for Java enabledEmbedded Devices[C]. In: Proceedings of the2007ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2007:2-6.
[54] T. Alves and D. Felton. TrustZone: Integrated Hardware and Software. Security,Enabling Trusted Computing in Embedded Systems [EB/OL].2007,http://www.arm.com/pdfs/TZ_Whitepaper.
[55] Johannes Winter. Trusted Computing Building Blocks for EmbeddedLinux-based ARM TrustZone Platforms[C]. In: Proceedings of the2008ACMWorkshop on Scalable Trusted Computing. New York: ACM Press,2008:21-30.
[56] Johann Groβsch dl, Tobias Vejda, Dan Page. Reassessing the TCG Specificationfor Trusted Computing in Mobile and Embedded Systems[C]. In:2008IEEEInternational Workshop on Hardware-Oriented Security and Trust. New York:IEEE Press,2008:84-90.
[57] Mooseop Kim, Youngse Kim, Jaecheol Ryou et.al.. Efficient Implementation ofthe Keyed-Hash Message Authentication Code Based on SHA-1Algorithm forMobile Trusted Computing[C]. In: The4thInternational Conference on Autonomicand Trusted Computing, LNCS4610, Berlin Heidelberg:Springer-Verlag,2007:410-419.
[58] Mooseop Kim, Hongil Ju, Youngsae Kim et.al.. Design and Implementation ofMobile Trusted Module for Trusted Mobile Computing [J]. IEEE Transactions onConsumer Electronics,2010,56(1):134-140.
[59] Zhang Xinwen, Onur Aclicmez, Jean-Pierre Seifert. A Trusted Mobile PhoneReference Architecture via Secure Kernel[C]. In: Proceedings of the2007ACMWorkshop on Scalable Trusted Computing. New York: ACM Press,2007:7-14.
[60] Jan-Erik Ekberg, Sven Bugiel. Trust in a Small Package-Minimized MRTMSoftware Implementation for Mobile Secure Environments[C]. In: Proceedings ofthe2009ACM Workshop on Scalable Trusted Computing. New York: ACM Press,2009:9-18.
[61] Seven Bugiel, Jan-Erik Ekberg. Implementing an Application-Specific CredentialPlatform Using Late-Launched Mobile Trusted Mobule[C]. In: Proceedings of the2010ACM Workshop on Scalable Trusted Computing. New York: ACM Press,2010:21-30.
[62] SuGil Choi, JinHee Han, JeongWoo Lee et.al.. Implementation of a TCG-BasedTrusted Computing in Mobile Device[C]. In TrustBus2008:5th InternationalConference on Trust, Privacy and Security in Digital Business, LNCS5185, BerlinHeidelberg: Springer-Verlag.2008:18–27.
[63]刘威鹏,胡俊,方艳湘等.基于可信计算的终端安全体系结构研究与进展[J].计算机科学,2007,34(10):257-263.
[64]胡爱群,李涛,薛明富.移动网络安全防护技术[J].中兴通讯技术,2011,17(1):21-26.
[65] Microsoft. Microsoft Next-Generation Secure Computing Base–Technical FAQ[EB/OL]. July,2003. http://technet.microsoft.com/en-us/library/cc723472.aspx.
[66] Zhang Xinwen, Chen Songqing, Michael J. Covington et.al.. SecureBus: TowardsApplication-Transparent Trusted Computing with Mandatory Access Control[C].In ASIACCS '07: Proceedings of the2nd ACM Symposium on Information,Computer and Communications Security. New York: ACM Press,2007:117-126.
[67] Shi Elaine, Adrian Perrig, Leendert Van Doorn. BIND: A Fine-grained AttestationService for Secure Distributed Systems [C]. In:2005IEEE Symposium onSecurity and Privacy. New York: IEEE Press,2005:154-168.
[68] Ahmad-Reza Sadeghi, Christian Stuble, Norbert Pohlmann. European MultilateralSecure Computing Base–open trusted computing for you and me[J]. Datenschutzund Datensicherheit DuD,2004,28(9):548–554.
[69] Tal Garfinkel, Ben Pfaff, Jim Chow et.al.. Terra: A Virtual Machine-BasedPlatform for Trusted Computing [C]. In SOSP’03: Proceedings of the19th ACMSymposium on Operating Systems Principles. New York: ACM Press,2003:193-206.
[70] Reiner Sailer, Zhang Xiaolan, Trent Jaeger et.al.. Design and Implementation of aTCG-based Integrity Measurement Architecture[C]. In: Proceedings of the13thUSENIX Security Symposium. USA CA Berkeley: USENIX Association,2004:223-238.
[71] Trent Jaeger, Reiner Sailer, Umesh Shanker. PRIMA: Policy-Reduced IntegrityMeasurement Architecture[C]. In SACMAT’06: Proceedings of ACM Symposiumon Access Control Models and Technologies. New York: ACM Press,2006:19-28.
[72] Umesh Shankar, Trent Jaeger, Reiner. Toward Automated Information-FlowIntegrity Verification for Security-Critical Applications[C]. In NDSS'06: Networkand Distributed System Security Symposium. ISOC,2006.
[73]张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[74] J. Risikko and B. Choudhary. Mobile Financial Services Business EcosystemScenarios&Consequences.Mobey Forum Mobile Financial Services Ltd.,Satamaradankatu3B,3rd floor00020Nordea, Helsinki/Finland,042006.
[75] Marie Reveilhac and Marc Pasquet. Promising Secure Element Alternatives forNFC Technology[C]. In: Proceedings2009First International Workshop on NearField Communication. New York: IEEE Computer Society,2007:75-80.
[76] Gerald Madlmayr, Oliver Dillinger, Josef Langer et.al.. The benefit of using SIMapplication toolkit in the context of near field communication applications[C]. InICMB2007:6th International Conference on the Management of Mobile Business.New York: IEEE Computer Society,2007.
[77]王同洋,余鹏飞,吴俊军等.一种在标准数据接口实现智能卡控制指令传输的方法[P].中国:发明专利, ZL200910061181.8,2009.08.19.
[78]吴俊军,方明伟,王同洋等.一种与安全存储设备进行通信的方法[P].中国:发明专利, ZL200910147209.X,2009.10.28.
[79] H. H rtig and M. Roitzsch. Ten years of research on L4-based real-timesystems[C]. In: Proceedings of the8th Real-Time Linux Workshop, Lanzhou,China,2006.
[80]王婧怡.微内核系统中设备驱动环境的设计与优化[D].上海:上海交通大学,2010.
[81]丁莹.基于微内核系统的设备驱动虚拟化技术研究[D].兰州:兰州大学,2010.
[82] Derek Gordon Murray, Grzegorz Milos, Steven Hand. Improving Xen securitythrough disaggregation[C]. In: Proceedings of the4th ACM SIGPLAN/SIGOPSinternational conference on Virtual execution environments. New York: ACMPress,2008:151-160.
[83] Michael Hohmuth, Michael Peter, Hermann Hartig et.al.. Reducing TCB size byusing untrusted components—small kernels versus virtual-machine monitors[C].In: Proceedings of the11th Workshop on ACM SIGOPS European Workshop. NewYork: ACM Press,2004.
[84] Matthias Lange, Steffen Liebergeld, Adam Lackorzynski et.al.. L4Android: AGeneric Operating System Framework for Secure Smartphones [C]. In:Proceedings of the1st ACM Workshop: Security and Privacy in Smartphones andMobile Devices. New York: ACM Press,2011:39-50.
[85] Jochen Liedtke. On μ-Kernel Construction[C]. In: Proceedings of the fifteenthACM symposium on Operating systems principles. New York: ACM Press,1995:237-250.
[86] W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure andreliable bootstraparchitecture[C]. In SP’97: Proceedings of the1997IEEE Symposium on Securityand Privacy. New York: IEEE Computer Society,1997:75-61.
[87] Christian St ü ble, Anoosheh Zaerin. μ TSS-A Simplified Trusted SoftwareStack[C]. In TRUST2010: Trust and Trustworthy Computing-Third InternationalConference. LNCS6101, Berlin Heidelberg: Springer-Verlag.2010:124–140.
[88]毛丰江,温希东.智能卡攻击技术与安全策略的研究[J].计算机工程与设计,2006,27(13):2396-2399.
[89]刘玉珍,张焕国.多应用安全智能卡结构的研究[J].武汉大学学报(理学版),2006,52(1):087-091.
[90] CHEN Shuyi, WEN Yingyou, ZHAO Hong. Modeling Trusted Computing [J].Wuhan University Journal of Natural Sciences,2006,11(6):1507-1510.
[91] TCG Infrastructure Working Group. Architecture Part II-Integrity Management,Specification Version1.0, Revision1.0[EB/OL],2006.http://www.trustedcomputinggroup.org/files/resource_files/87651761-1D09-3519-AD6C5B3E41547285/IWG_ArchitecturePartII_v1.0.pdf.
[92] Chen Liqun, Rainer Landfermann, Hans L hr. A protocol for Property-BasedAttestation[C]. In STC’06: Proceedings of the First ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2006:7-16.
[93]李莉,曾国荪,陈波.开放网络环境下的属性远程证明[J].计算机应用,2007,28(1):77-79.
[94] Jonathan Poritz, Matthisa Schunter, Els Van Herreweghen et.al.. Propertyattestation—scalable and privacy-friendly security assessment of peer computersRZ3548.[R]. Switzerland: IBM Zurich Research Laboratory, May2004.
[95] Ahmad-Reza Sadeghi, Christian Stüble. Property-based Attestation for ComputingPlatforms: Caring about properties, not mechanisms [C]. In: Proceedings NewSecurity Paradigms Workshop2004. New York: ACM Press,2005:67-77.
[96] Ulrich Kühn, Marcel Selhorst and Christian Stüble. Realizing Property-BasedAttestation and Sealing with Commonly Available Hard-and Software[C]. InSTC’07: Proceedings of the2007ACM Workshop on Scalable Trusted Computing.New York: ACM Press,2007:50-57.
[97] Chen Liqun, Hans L hr, Mark Manulis et.al.. Property-Based Attestation withouta Trusted Third Party[C]. In ISC2008:11th International Conference onInformation Security, LNCS5222. Berlin Heidelberg: Springer-Verlag,2008:31-46.
[98]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1641.
[99]锁琰,徐小岩,张毓森等.支持组件动态更新的远程证明[J].西安电子科技大学学报(自然科学版),2011,38(4):11-19.
[100] Aarthi Nagarajan, Vijay Varadharajan and Michael Hitchens et.al.. PropertyBased Attestation and Trusted Computing: Analysis and Challenges[C]. In NSS2009:20093rd International Conference on Network and System Security. NewYork: IEEE Computer Society,2009:278-285.
[101] Trusted Computing Group. TCG Specification Architecture Overview [EB/OL].2005, https://www. trustedcomputinggroup.org/.
[102]沈昌祥,张焕国,冯登国等.信息安全综述[J].中国科学E绩:信息科学,2007,37(2):129-150.
[103] Avizienis A, Laprie J C, Randell B et al.. Basic concepts and taxonomy ofdependable and secure computing [J]. IEEE Trans Dependable Secur Comput,2004,1(1):11-33.
[104]张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[105] ZHANG Huanguo, WANG Fan. A Behavior-Based Remote Trust AttestationModel [J]. Whuan University Journal of Natural Sciences,2006,11(6):1819-1822.
[106] Li Xiao-Yong, Shen Chang-Xiang, Zuo Xiao-Dong. An Efficient Attestation forTrustworthiness of Computing Platform [C]. In IIH-MSP'06:2006InternationalConference on Intelligent Information Hiding and Multimedia Signal Processing.New York: IEEE Press,2006:625-630.
[107] Alamo Masoom, Zhang Xinwen, Nauman Mohammad. Model-based BehavioralAttestation[C]. In SACMAT’08: Proceedings of ACM Symposium on AccessControl Models and Technologies. New York: ACM Press,2008:175-184.
[108] Gu Liang, Ding Xuhua, Deng Robert H. et al.. Remote Attestation on ProgramExecution[C]. In STC'08: Proceedings of the3rd ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2008:11-19.
[109] Gu Liang, Cheng Yueqiang, Ding Xuhua et al.. Remote Attestation on FunctionExecution (Work-in-Progress)[C]. In INTRUST2009:1st InternationalConference on Trusted Systems, LNCS6163. Berlin Heidelberg: Springer-Verlag,2010:60-72.
[110]庄琭,蔡勉,李晨.基于软件行为的可信动态度量[J].武汉大学学报(理学版),2010,56(2):133-137.
[111] YU Fajiang, XU Yuewei, YU Yue, LIN Yang, WANG Yaohui. Optimization ofProgram Behavior Model for Trusted Computing Dynamic Attestation [J]. Journalof Computational Information Systems,2011,7(5):1436-1445.
[112] Jaehong Park, Ravi Sandhu. Towards usage control models: beyond traditionalaccess control[C]. In: Proceedings of the seventh ACM symposium on Accesscontrol models and technologies. New York: ACM Press,2002:57-64.
[113] Jaehong Park, Ravi Sandhu. The UCONABCUsage Control Model [J]. ACMTransactions on Information and System Security,2004,7(1):128-174.
[114] Zhang Xinwen, Francesco Parisi-Presicce, Ravi Sandhu et.al.. Formal model andpolicy specification of usage control [J]. ACM Transactions on Information andSystem Security,2005,8(4):351-387.
[115] Richard Harrison, Mark Shackman. Symbian OS C++for Mobile Phones [M].Volume3, USA: Wiley Publishing, June2007.
[116] Ench William, Ongtang Hachigar, McDanliel Patrich. Understanding AndroidSecurity [J]. IEEE Security and Privacy,2009,7(1):50-57.
[117] TRUSTIE (Trustworthy Software Tools and Integration Environment).软件可信分级规范[EB/OL].2009. http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf.
[118]古亮,郭耀,王华等.基于TPM的运行时软件可信证据收集机制[J].软件学报,2010,21(2):373-387.
[119]屈延文.软件行为学[M].北京:电子工业出版社,2004.
[120] Stephanie Forrest, Steven A. Hofmeyr, Thomas A. Longstaff. A Sense of Self forUnix Processes[C]. In: Proceedings of the1996IEEE Symposium on Security andPrivacy. New York: IEEE Computer Society Press,1996:120-128.
[121] Wojciech Penczek. Temporal approach to causal knowledge [J]. Logic Journal ofthe IGPL,2000,8(1):87-99.
[122] Lawrence R. Rabiner. A tutorial on hidden Markov models and selectedapplications in speech recognition [J]. Proceddings of The IEEE,1989,77(2):257-286.
[123]谭小彬,王卫平,奚宏生等.基于隐马尔科夫模型的异常监测[J].小型微型计算机系统,2004,25(8):1546-1549.
[124] Qiao Y, Xin XW, Bin Y et.al. Anomaly intrusion detection method based onHMM [J]. Electronics Letters, June2002,38(13):663-664.
[125] Siamak F. Shahandashti, Reihaneh Safavi-Naini. Threshold Attribute-BasedSignatures and Their Application to Anonymous Credential Systems[C]. InAFRICACRYPT2009: Second International Conference on Cryptology in Africa,LNCS5580, Berlin Heidelberg: Springer-Verlag.2009:198-216.
[126] Martin Gagn é, Shivaramakrishnan Narayan and Reihaneh Safavi-Naini.Threshold Attribute-Based Signcryption[C]. In SCN2010:7th InternationalConference on Security and Cryptography for Networks, LNCS6280, BerlinHeidelberg: Springer-Verlag.2010:154-171.
[127] S Sharmila Deva Selvi, Subhashini Venugopalan, C. Pandu Rangan. A NewApproach to Threshold Attribute Based Signatures [EB\OL].2010.http://researcher.ibm.com/files/in-subhvenu/New-ABS-scheme.pdf.
[128] Venugopal Deepak. An Efficient Signature Representation and matching Methodfor Mobile Devices[C]. In WICON '06:2nd Annual International Workshop onWireless Internet. New York: ACM Press,2006.
[129]启明星辰. UTM技术概论[M].北京:电子工业出版社,2009.
[130] Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis.Behavior-based network access control: a proof-of-concept[C]. In ISC2008:11thInternational Conference on Information Security, LNCS5222, Berlin Heidelberg:Springer-Verlag.2008:175-190.
[131] Trusted Computing Group. TCG Trusted Network Connect TNC Architecture forInteroperability [EB/OL]. Specification v1.4Rev4.http://www.trustedcomputinggroup.org/files/resource_files/51F9691E-1D09-3519-AD1C1E27D285F03B/TNC_Architecture_v1_4_r4.pdf. May2009.
[132] Luo An’an, Lin Chuang, Cheng Zhen et al.. TNC-compatible NAC Systemimplemented on Network Processor[C]. In LCN2007:32nd IEEE Conference onLocal Computer Networks. New York: IEEE Computer Society Press,2007:1069-1075.
[133] Wang Jian, Liu Yangheng, Jiao yu. Novel access and remediation scheme inhierarchical trusted network [J]. Computer Communications,2011,34(3):375-383.
[134] Rehbock Sascha, Hunt Ray. Trustworthy clients: Extending TNC to web-basedenvironments [J]. Computer Communications,2009,32(5):1006-1013.
[135] Kai-Oliver Detken, Hervais Simo Fhom, Richard Sethmann. Leveraging TrustedNetwork Connect for Secure Connection of Mobile Devices to corporateNetworks[C]. In: Wireless in Developing Countries and Networks of the Future,IFIP AICT327, Berlin Heidelberg: Springer-Verlag.2010:158-169.
[136] Bente Ingo, Vieweg Joerg, Von Helden Joser. Privacy Enhanced Trusted NetworkConnect[C]. In INTRUST2009:1st International Conference on Trusted Systems,LNCS6163, Berlin Heidelberg: Springer-Verlag.2010:129-145.
[137]罗安安,林闯,王元卓等.可信网络连接的安全量化分析与协议改进[J].计算机学报,2009,32(5):887-898.
[138]王功名,关永,赵春江等.可信网络框架及研究[J].计算机工程与设计,2007,28(5):1016-1019.
[139]张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010,33(1):706-717.
[140]池亚平,杨磊,李兆斌等.基于EAP-TLS的可信网络连接认证方案设计与实现[J].计算机工程与科学,2011,33(4):8-12.
[141] IEEE Std.802.1X.2004IEEE Standard for Local and Metropolitan AreaNetworks Port-Based Network Access Control [S]. IEEE,2004.
[142] Aboba B, Blunk L, Vollbrecht J et al.. Extensible authentication protocol (EAP)[EB/OL]. IETF RFC3748. Http://www.ietf.org/rfc/rfc3748.txt.2004.
[143] Omar Cheikhrouhou, Maryline Layrent, Amin Ben Abdallah et al.. AnEAP-EHash authentication method adapted to resource constrained terminals [J].Annals of Telecommunications,2010,65(5-6):271-284.
[144]王永斌.移动互联网安全探析[J].通信世界,2008,(47).
[145] Ernie Brickell, Jan Camenisch, Chen Liqun. Direct Anonymous Attestation [C].In CCS’04: Proceedings of the11th ACM Conference on Computer andCommunications Security, New York: ACM Press,2004:132-145.
[146] Ernie Brickell, Chen Liqun, Li Jiangtao. Simplified security notions of directanonymous attestation and a concrete scheme from pairings [J]. InternationalJournal of Information Security,2009,8(5):315-330.
[147] Dan Boneh, Matthew Franklin. Identity-Based Encryption from the Weil Pairing[J]. SIAM Journal on Computing,2003,32(3):586-615.
[148] Antoine Joux, Kim Nguyen. Separating Decision Diffie–Hellman fromComputational Diffie–Hellman in Cryptographic [J]. Journal of Cryptology,2003,16(4):239-247.
[149] Oded Goldreich. Foundations of Cryptography: Basic Tools [M]. London:Cambridge University Press,2003.
[150] Oded Goldreich. Foundations of Cryptography Volume II Basic Applications [M].London: Cambridge University Press,2009.
[151]吴俊军,方明伟,张新访.一种基于可信计算的NFC认证模型[J].计算机工程与科学,2011,33(11):20-26.
[152] R. Marin-Lopez, F. Pereniguez, F. Bernal et al.. Secure three-party keydistribution protocol for fast network access in EAP-based wireless networks [J].Computer Networks,2010,54(15):2651-2673.
[153] Trusted Computing Group. Trusted Computing Platform Alliance (TCPA) MainSpecification Version1.1b [EB/OL].2002-02-10.https://www.trustedcomputinggroup.org.
[154] D. Hein, J. Wolkerstorfer and N. Elber. ECC is Ready for RFID-A proof inSilicon[C]. In SAC2008:15th International Workshop on Selected Areas inCryptography, LNCS5381, Berlin Heidelberg: Springer-Verlag.2008:401-413.
[155]陈小峰,冯登国.一种多信任域内的直接匿名证明方案[J].计算机学报,2008,31(7):1122-1130.
[156]蒋李,吴振强,王海燕等.基于动态信任值的DAA跨域认证机制[J].计算机工程,2010,36(11):156-158.
[157]李子臣,杨亚涛,曹陆林等.改进的跨域直接匿名认证方案[J].计算机应用,2010,30(12):3331-3333.
[158]杨力,马建峰,裴庆祺等.直接匿名的无线网络可信接入认证方案[J].通信学报,2010,31(8):98-104.
[159]吴振强,周彦伟,乔子芮.移动互联网下可信移动平台接入机制[J].通信学报,2010,31(10):158-169.
[160] Moffaert Van, Olivier Paridaens, Jerry Carr. Dgitial rights management [J].Alcatel Telecommunications Review,2003,24(2):147-152.
[161]俞银燕,汤帜.数字版权保护技术研究综述[J].计算机学报,2005,28(12):1957-1968.
[162]田捷.数字版权管理系统机理与关键技术研究[D].武汉:华中科技大学,2008.
[163] Mejdi Trimeche, Fehmi Chebil. Digital rights management for visual content inmobile applications [C]. In ISCCSP2004: First International Symposium onControl, Communications and Signal Processing. New York: IEEE ComputerSociety Press,2004:95-98.
[164] XrML. http://xml.coverpages.org/xrml.html. March2003.
[165] Renato Iannella, Susanne Guth, Daniel Paehler et al.. ODRL Version2.0CoreModel [EB\OL]. November2011. http://www.w3.org/community/odrl/two/model/.
[166] Chong C.N., Van Buuren R., Hartel P.H. et al.. Security attributes based digitalrights management[C]. In: Protocols and Systems for Interactive DistributedMultimedia, LNCS2515, Berlin Heidelberg: Springer-Verlag.2002:339-352.
[167] Cheun Ngen Chong, Sorin Iacob, Paul Koster et al.. License Transfer in OMA-DRM[C]. In ESORICS2006:11thEuropean Symposium on Research inComputer Security, LNCS4189, Berlin Heidelberg: Springer-Verlag.2006:81-96.
[168] Thomas S.Messerges, Ezzat A.Dabbish. Digital Rights Management in a3GMobile Phone and Beyond[C]. In DRM2003: Proceedings of the Third ACMWorkshop on Digital Rights Management, New York: ACM Press.2003:27-38.
[169] Imad Abbadi, Chris Mitchell. Digital Rights Management using a MobilePhone[C]. In ICEC2007: Proceedings of the Ninth International Conference onElectronic Commerce. New York: ACM Press.2007:185-194.
[170] ZHANG Li-he, KONG Xiang-wei, YANG Cheng. Digital rights managementindependent of terminals in mobile applications [J]. The Journal of ChinaUniversity of Posts and Telecommunications,2007,14(1):32-38.
[171] Siddharth Bhatt, Radu Sion, Bogdan Carbunar. A personal mobile DRM managerfor smartphones [J]. Computer and Security,2009,28(6):327-340.
[172] Wu Chia-Chi, Lin Chia-Chen, Chang Chin-chen. Digital rights management formultimedia content over3G mobile networks [J]. Expert Systems withApplications,2010,37(10):6787-6797.
[173] Jason F.Reid, William J.Caelli. DRM, Trusted Computing and Operating SystemArchitecture [EB\OL]. http://crpit.com/confpapers/CRPITV44Reid.pdf.
[174] Zheng Yu, He Dake, Wang Hongxia et al.. Secure DRM Scheme For FutureMobile Networks Based on Trusted Mobile Platform [C]. In WCNM2005:2005International Conference on Wireless Communications, Networking and MobileComputing, New York: IEEE Computer Society Press,2005:1164-1167.
[175] Victor Torres, Jaime Delgado, and Silvia Llorente. An Implementation of aTrusted and Secure DRM Architecture[C]. In: OTM2006Workshops-OTMConfederated International Workshops, LNCS4277, Berlin Heidelberg:Springer-Verlag.2006:312-321.
[176] Choi SuGil, Han JinHee, and Jun SungIk. Improvement on TCG Attestation andIts Implication for DRM[C]. In ICCSA2007: International Conference onComputational Science and its Applications, LNCS4705, Berlin Heidelberg:Springer-Verlag.2007:912-925.
[177] Ahmad-Reza Sadeghi, Marko Wofl, Christian Stuble et al.. Enabling FairerDigital Rights Management with Trusted Computing [C]. In ISC2007:10thInformation Security Conference, LNCS4779, Berlin Heidelberg: Springer-Verlag.2007:53-70.
[178] YANG Zhen, FAN Kefeng, LAI Yingxu. Trusted Computing Based Mobile DRMAuthentication Scheme[C]. In IAS2009:5th International Conference onInformation Assurance and Security, New York: IEEE Computer Society Press,2009:7-10.
[179] TCG MPWG. Mobile Phone Work Group: Selected Use Case Analyses-v1.0[EB\OL]. January2009.http://www.trustedcomputinggroup.org/files/temp/6443B207-1D09-3519-AD3180491A6DF1F5/MPWG%20Selected_Mobile_Phone_Use_Case_Analyses_v1.pdf.
[180] Open Mobile Alliance. OMA-TS-DRM-DRM-V2_0-20060303-A. OMA DRMSpecification Approved Version2.0[S].2006.
[181] Open Mobile Alliance. OMA-AD-DRM-V2_0-20060303-A.OMA DRMArchitecture Approved Version2.0[S].2006.
[182] Open Mobile Alliance.OMA-TS-DRM-DCF-V2_0-20060303-A. OMA DRMContent Format Approved Version2.0[S].2006.
[183] Open Mobile Alliance. OMA-TS-DRM-REL-V2_0-20060303-A. OMA DRMRights Expressin Language ApprovedVersion2.0[S].2006.
[184] Open Mobile Alliance. OMA-RD-DRM-V2_0-20060303-A.OMA DRMRequirements Approved Version2.0[S].2006.
[185] Chen Chin-Ling. A secure and traceable E-DRM system based on mobile device[J]. Expert Systems with Applications,2008,35(3):878-886.
[2]张勉.移动通信技术的发展历史及趋势[J].电脑与电信,2007,9:19-20.
[3]孔晓波.浅谈移动通信终端发展趋势[J].移动通信,2007,12:48-52.
[4] S.J. Vaughan-Nichols. OSs battle in the smart-phone market [J]. Computer,2003,36(6):10-12.
[5] C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses[C]. In:Proceedings of Third ACM Workshop on Hot Topics in Networks (HotNets-III),New York: ACM Press2004:p6.
[6] Van Cleeff. A. Future consumer mobile phone security: a case study using thedata-centric security model [J]. Information Security Technical Report,2008,13(3):112-117.
[7] Jen Mailley. UK Mobile Phone Theft Costs at least1Bn [EB/OL],2006.http://www-staff.lboro.ac.uk/~ssgf/PDFs/2006_Cost_of_Mobile_Phone_Theft.pdf.
[8] Sandra Haurant. Mobile stolen every12seconds [EB/OL], Tuesday May16,2006.http://www.guardian.co.uk/money/2006/may/16/internetphonesbroadband.phones.
[9] D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: Theviruses are coming![J]. IEEE Pervasive Computing,2004,3(4):11-15.
[10] J.Cheng, S. H. Y. Song, H. Yang et.al. SmartSiren: Virus Detection and Alert forSmartphones[C]. In:Mobisys’07, New York:ACM Press.2007:258-271.
[11] Wayne Jansen, Karen Scarfone. Guidelines on Cell Phone and PDA Security[EB/OL],2008. http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf.
[12] iGR. Securing Mobile Devices on Converged Networks White Paper [EB/OL],2006,http://complianceandprivacy.com/supplementary-papers/TCG-iGR-mobile-security-white-paper-sept-2006.pdf.
[13] Bruce Potter. Securing the mobile device [J]. Network Security,2004,2004(2):4-5.
[14] Olivier Benoit, Nora Dabbous, Laurent Gautron et.al. Mobile Terminal Security[EB/OL],2004. http://eprint.iacr.org/2004/158.pdf.
[15] J.Cheng, S. H. Y. Song, H. Yang et.al. SmartSiren: Virus Detection and Alert forSmartphones[C]. In: Mobisys’07, New York:ACM Press.2007:258-271
[16]刘一静,孙莹,蔺洋.基于手机病毒攻击方式的研究[J].信息安全与通信保密,2007,12:96-98.
[17] Sampo T yssy and Marko Helenius. About malicious software in smartphones [J].Computer Virology,2006,2(2):109-119.
[18] A. Bose and K. G. Shin. On Mobile Viruses Exploiting Messaging and BluetoothServices[C]. In:SecureComm06, New York:IEEE Press,2006:322-331.
[19] S. Y. Teck and T. E. Hong. A Mobile Phone Malicious Software Detection Modelwith Behavior Checker[C].In HSI2005, Berlin Heidelberg:Springer-Verlag.2005:57–65.
[20]吴俊军,方明伟,张新访.基于启发式行为监测的手机病毒防治研究[J].计算机工程与科学,2010,32(1):35-38.
[21] Suhizaz Sudin, Alexei Tretiakov, Raja Haslinda Raja Mohd Ali et.al. Attacks onMobile Networks: An Overview of New Security Challenge [C]. In:2008International Conference on Electronic Design, ICED2008. New York: IEEEPress,2008.
[22] Arbaugh W.A. Wireless security is different [J]. IEEE Computer.2003,36(8):99-101.
[23] Woo T., Yacobi Y. Topics in wireless security [J]. IEEE Wireless Communications.2004,11(1):6-7.
[24] Reijo Savola, Pasi Ahonen, Juha Roning. Information Security Threats to MobileServices Development[C]. In: EUROCON2005-The International Conference on'Computer as a Tool', New York: IEEE Press,2005:145:149.
[25] Evgenia Pisko, Kai Rannenberg, Heiko Roβnagel. Trusted Computing in MobilePlatforms: Players, Usage Scenarios, and Interests [J]. Datenschutz andDatensicherheit,2005,29(9):526-530.
[26]林宏刚.可信网络连接若干关键技术的研究[D].成都:四川大学,2006.
[27] Bojan Bakmaz, Miodrag Bakmaz and Zoran Bojkovic. Security Aspects in FutrueMobile Networks[C]. In: IWSSIP2008, New York: IEEE Press,2008:479-482.
[28] Trusted Mobile Platform: Hardware Architecture Description [EB/OL],2004.http://xml.coverpages.org/TMP-HWADv10.pdf.
[29] Trusted Mobile Platform:Software Architecture Description[EB/OL],2004.http://xml.coverpages.org/TMP-SWADv10.pdf.
[30] Trusted Mobile Platform:Protocol Specification Document[EB/OL],2004.http://xml.coverpages.org/TMP-ProtocolV10.pdf.
[31] OMTP. Application Framework Concept Paper [EB/OL],2005.http://internal.omtp.org/Lists/ReqPublications/Attachments/21/OMTP_Application_Framework.pdf.
[32] OMTP. Application Security Framework v2.2[EB/OL],2008.http://internal.omtp.org/Lists/ReqPublications/Attachments/47/OMTP_Application_Security_Framework_v2_2.pdf.
[33] OMTP. Mobile Application Security: Requirements for Mobile ApplicationSigning Schemes v1.3[EB/OL],2007.http://internal.omtp.org/Lists/ReqPublications/Attachments/31/OMTP_Signing_Scheme_Requirements_V1_3.pdf.
[34] OMTP. Trusted Environment: OMTP TR0v1.2[EB/OL],2009.http://internal.omtp.org/Lists/ReqPublications/Attachments/56/OMTP_Trusted_Environment_OMTP_TR0_v1_2.pdf.
[35] OMTP. Advanced Trusted Environment: OMTP TR1v1.1[EB/OL],2009.http://internal.omtp.org/Lists/ReqPublications/Attachments/54/OMTP_Advanced_Trusted_Environment_OMTP_TR1_v1_1.pdf.
[36] TCG MPWG. Mobile Phone Work Group: Use Case Scenarios-v2.7[EB/OL],2005.https://members.trustedcomputinggroup.org/groups/mobile/MPWG_Use_Cases.pdf.
[37] TCG MPWG. Mobile Trusted Module Specification, v1.0[EB/OL],2007.https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-trusted-module-1.0.pdf.
[38] TCG MPWG. TCG Mobile Reference Architecture v1.0[EB/OL],2007.https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobile-reference-architecture-1.0.pdf.
[39] TCG MPWG. TCG Mobile Abstraction Layer v1.0[EB/OL],2010.http://www.trustedcomputinggroup.org/files/static_page_files/3D9503D5-1A4B-B294-D02404634C7AFEA0/tcg-mtm-mobile-abstraction-layer-1.0r2.03.pdf.
[40] Ahmad-Reza Sadeghi. Trusted Computing-Special Aspects and Challenges[C].In:SOPSEM2008, LNCS4910, Berlin Heidelberg:Springer-Verlag,2008:98-117.
[41]腾讯移动安全实验室.“安自心,简随行”——基于MTAA的移动安全解决方案白皮书[EB/OL],2011. http://www.cnbeta.com/down/mtaa.pdf.
[42] Symantec. http://www.symantec.com/index.jsp.
[43] Trend Micro. http://us.trendmicro.com/us/products/enterprise/mobile-security/.
[44] Jain A. K, Lin Hong, Pankati S. B..An identity authentication system usingfingerprints[C]. In: Proceedings of the IEEE,1997,85(9):1365-1388.
[45] Lee J.K., Ryu S.R., Yoo K.Y..Fingerprint-based remote user authenticationscheme using smart cards [J]. Electronics Letters,2002,38(12):554-555.
[46] Lin C.H., Lai Y. Y.. A flexible biometrics remote user authentication scheme [J].Computer Standards&Interfaces,2004,27(1):19-23.
[47]郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案[J].计算机学报,2006,29(8):1255-1264.
[48]陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案[J].东北大学学报(自然科学版),2008,29(8):1096-1099.
[49]赵波,张焕国,李晶等.可信PDA计算平台系统结构与安全机制[J].计算机学报,2010,33(1):82-92.
[50] Jetway Information Security Industry Corporation. J2810security chip [EB/OL].2008-04-28. http://jetsec.com.cn/third/3cp/cp-ESM.htm.
[51] Najwa Aaraj, Anand Raghunathan, Niraj K.JHA. Analysis and Design of aHardware/Software Trusted Platform Module for Embedded Systems [J]. ACMTransactions on Embedded Computing Systems,2008,8(1):8-38.
[52] Markku Kylanpaa, Jan-Erik Ekberg. Mobile Trusted Module (MTM)-anintroduction [EB/OL].2007, http://research.nokia.com/files/NRCTR2007015.pdf.
[53] Kurt Dietrich. An Integrated Architecture for Trusted Computing for Java enabledEmbedded Devices[C]. In: Proceedings of the2007ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2007:2-6.
[54] T. Alves and D. Felton. TrustZone: Integrated Hardware and Software. Security,Enabling Trusted Computing in Embedded Systems [EB/OL].2007,http://www.arm.com/pdfs/TZ_Whitepaper.
[55] Johannes Winter. Trusted Computing Building Blocks for EmbeddedLinux-based ARM TrustZone Platforms[C]. In: Proceedings of the2008ACMWorkshop on Scalable Trusted Computing. New York: ACM Press,2008:21-30.
[56] Johann Groβsch dl, Tobias Vejda, Dan Page. Reassessing the TCG Specificationfor Trusted Computing in Mobile and Embedded Systems[C]. In:2008IEEEInternational Workshop on Hardware-Oriented Security and Trust. New York:IEEE Press,2008:84-90.
[57] Mooseop Kim, Youngse Kim, Jaecheol Ryou et.al.. Efficient Implementation ofthe Keyed-Hash Message Authentication Code Based on SHA-1Algorithm forMobile Trusted Computing[C]. In: The4thInternational Conference on Autonomicand Trusted Computing, LNCS4610, Berlin Heidelberg:Springer-Verlag,2007:410-419.
[58] Mooseop Kim, Hongil Ju, Youngsae Kim et.al.. Design and Implementation ofMobile Trusted Module for Trusted Mobile Computing [J]. IEEE Transactions onConsumer Electronics,2010,56(1):134-140.
[59] Zhang Xinwen, Onur Aclicmez, Jean-Pierre Seifert. A Trusted Mobile PhoneReference Architecture via Secure Kernel[C]. In: Proceedings of the2007ACMWorkshop on Scalable Trusted Computing. New York: ACM Press,2007:7-14.
[60] Jan-Erik Ekberg, Sven Bugiel. Trust in a Small Package-Minimized MRTMSoftware Implementation for Mobile Secure Environments[C]. In: Proceedings ofthe2009ACM Workshop on Scalable Trusted Computing. New York: ACM Press,2009:9-18.
[61] Seven Bugiel, Jan-Erik Ekberg. Implementing an Application-Specific CredentialPlatform Using Late-Launched Mobile Trusted Mobule[C]. In: Proceedings of the2010ACM Workshop on Scalable Trusted Computing. New York: ACM Press,2010:21-30.
[62] SuGil Choi, JinHee Han, JeongWoo Lee et.al.. Implementation of a TCG-BasedTrusted Computing in Mobile Device[C]. In TrustBus2008:5th InternationalConference on Trust, Privacy and Security in Digital Business, LNCS5185, BerlinHeidelberg: Springer-Verlag.2008:18–27.
[63]刘威鹏,胡俊,方艳湘等.基于可信计算的终端安全体系结构研究与进展[J].计算机科学,2007,34(10):257-263.
[64]胡爱群,李涛,薛明富.移动网络安全防护技术[J].中兴通讯技术,2011,17(1):21-26.
[65] Microsoft. Microsoft Next-Generation Secure Computing Base–Technical FAQ[EB/OL]. July,2003. http://technet.microsoft.com/en-us/library/cc723472.aspx.
[66] Zhang Xinwen, Chen Songqing, Michael J. Covington et.al.. SecureBus: TowardsApplication-Transparent Trusted Computing with Mandatory Access Control[C].In ASIACCS '07: Proceedings of the2nd ACM Symposium on Information,Computer and Communications Security. New York: ACM Press,2007:117-126.
[67] Shi Elaine, Adrian Perrig, Leendert Van Doorn. BIND: A Fine-grained AttestationService for Secure Distributed Systems [C]. In:2005IEEE Symposium onSecurity and Privacy. New York: IEEE Press,2005:154-168.
[68] Ahmad-Reza Sadeghi, Christian Stuble, Norbert Pohlmann. European MultilateralSecure Computing Base–open trusted computing for you and me[J]. Datenschutzund Datensicherheit DuD,2004,28(9):548–554.
[69] Tal Garfinkel, Ben Pfaff, Jim Chow et.al.. Terra: A Virtual Machine-BasedPlatform for Trusted Computing [C]. In SOSP’03: Proceedings of the19th ACMSymposium on Operating Systems Principles. New York: ACM Press,2003:193-206.
[70] Reiner Sailer, Zhang Xiaolan, Trent Jaeger et.al.. Design and Implementation of aTCG-based Integrity Measurement Architecture[C]. In: Proceedings of the13thUSENIX Security Symposium. USA CA Berkeley: USENIX Association,2004:223-238.
[71] Trent Jaeger, Reiner Sailer, Umesh Shanker. PRIMA: Policy-Reduced IntegrityMeasurement Architecture[C]. In SACMAT’06: Proceedings of ACM Symposiumon Access Control Models and Technologies. New York: ACM Press,2006:19-28.
[72] Umesh Shankar, Trent Jaeger, Reiner. Toward Automated Information-FlowIntegrity Verification for Security-Critical Applications[C]. In NDSS'06: Networkand Distributed System Security Symposium. ISOC,2006.
[73]张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[74] J. Risikko and B. Choudhary. Mobile Financial Services Business EcosystemScenarios&Consequences.Mobey Forum Mobile Financial Services Ltd.,Satamaradankatu3B,3rd floor00020Nordea, Helsinki/Finland,042006.
[75] Marie Reveilhac and Marc Pasquet. Promising Secure Element Alternatives forNFC Technology[C]. In: Proceedings2009First International Workshop on NearField Communication. New York: IEEE Computer Society,2007:75-80.
[76] Gerald Madlmayr, Oliver Dillinger, Josef Langer et.al.. The benefit of using SIMapplication toolkit in the context of near field communication applications[C]. InICMB2007:6th International Conference on the Management of Mobile Business.New York: IEEE Computer Society,2007.
[77]王同洋,余鹏飞,吴俊军等.一种在标准数据接口实现智能卡控制指令传输的方法[P].中国:发明专利, ZL200910061181.8,2009.08.19.
[78]吴俊军,方明伟,王同洋等.一种与安全存储设备进行通信的方法[P].中国:发明专利, ZL200910147209.X,2009.10.28.
[79] H. H rtig and M. Roitzsch. Ten years of research on L4-based real-timesystems[C]. In: Proceedings of the8th Real-Time Linux Workshop, Lanzhou,China,2006.
[80]王婧怡.微内核系统中设备驱动环境的设计与优化[D].上海:上海交通大学,2010.
[81]丁莹.基于微内核系统的设备驱动虚拟化技术研究[D].兰州:兰州大学,2010.
[82] Derek Gordon Murray, Grzegorz Milos, Steven Hand. Improving Xen securitythrough disaggregation[C]. In: Proceedings of the4th ACM SIGPLAN/SIGOPSinternational conference on Virtual execution environments. New York: ACMPress,2008:151-160.
[83] Michael Hohmuth, Michael Peter, Hermann Hartig et.al.. Reducing TCB size byusing untrusted components—small kernels versus virtual-machine monitors[C].In: Proceedings of the11th Workshop on ACM SIGOPS European Workshop. NewYork: ACM Press,2004.
[84] Matthias Lange, Steffen Liebergeld, Adam Lackorzynski et.al.. L4Android: AGeneric Operating System Framework for Secure Smartphones [C]. In:Proceedings of the1st ACM Workshop: Security and Privacy in Smartphones andMobile Devices. New York: ACM Press,2011:39-50.
[85] Jochen Liedtke. On μ-Kernel Construction[C]. In: Proceedings of the fifteenthACM symposium on Operating systems principles. New York: ACM Press,1995:237-250.
[86] W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure andreliable bootstraparchitecture[C]. In SP’97: Proceedings of the1997IEEE Symposium on Securityand Privacy. New York: IEEE Computer Society,1997:75-61.
[87] Christian St ü ble, Anoosheh Zaerin. μ TSS-A Simplified Trusted SoftwareStack[C]. In TRUST2010: Trust and Trustworthy Computing-Third InternationalConference. LNCS6101, Berlin Heidelberg: Springer-Verlag.2010:124–140.
[88]毛丰江,温希东.智能卡攻击技术与安全策略的研究[J].计算机工程与设计,2006,27(13):2396-2399.
[89]刘玉珍,张焕国.多应用安全智能卡结构的研究[J].武汉大学学报(理学版),2006,52(1):087-091.
[90] CHEN Shuyi, WEN Yingyou, ZHAO Hong. Modeling Trusted Computing [J].Wuhan University Journal of Natural Sciences,2006,11(6):1507-1510.
[91] TCG Infrastructure Working Group. Architecture Part II-Integrity Management,Specification Version1.0, Revision1.0[EB/OL],2006.http://www.trustedcomputinggroup.org/files/resource_files/87651761-1D09-3519-AD6C5B3E41547285/IWG_ArchitecturePartII_v1.0.pdf.
[92] Chen Liqun, Rainer Landfermann, Hans L hr. A protocol for Property-BasedAttestation[C]. In STC’06: Proceedings of the First ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2006:7-16.
[93]李莉,曾国荪,陈波.开放网络环境下的属性远程证明[J].计算机应用,2007,28(1):77-79.
[94] Jonathan Poritz, Matthisa Schunter, Els Van Herreweghen et.al.. Propertyattestation—scalable and privacy-friendly security assessment of peer computersRZ3548.[R]. Switzerland: IBM Zurich Research Laboratory, May2004.
[95] Ahmad-Reza Sadeghi, Christian Stüble. Property-based Attestation for ComputingPlatforms: Caring about properties, not mechanisms [C]. In: Proceedings NewSecurity Paradigms Workshop2004. New York: ACM Press,2005:67-77.
[96] Ulrich Kühn, Marcel Selhorst and Christian Stüble. Realizing Property-BasedAttestation and Sealing with Commonly Available Hard-and Software[C]. InSTC’07: Proceedings of the2007ACM Workshop on Scalable Trusted Computing.New York: ACM Press,2007:50-57.
[97] Chen Liqun, Hans L hr, Mark Manulis et.al.. Property-Based Attestation withouta Trusted Third Party[C]. In ISC2008:11th International Conference onInformation Security, LNCS5222. Berlin Heidelberg: Springer-Verlag,2008:31-46.
[98]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1641.
[99]锁琰,徐小岩,张毓森等.支持组件动态更新的远程证明[J].西安电子科技大学学报(自然科学版),2011,38(4):11-19.
[100] Aarthi Nagarajan, Vijay Varadharajan and Michael Hitchens et.al.. PropertyBased Attestation and Trusted Computing: Analysis and Challenges[C]. In NSS2009:20093rd International Conference on Network and System Security. NewYork: IEEE Computer Society,2009:278-285.
[101] Trusted Computing Group. TCG Specification Architecture Overview [EB/OL].2005, https://www. trustedcomputinggroup.org/.
[102]沈昌祥,张焕国,冯登国等.信息安全综述[J].中国科学E绩:信息科学,2007,37(2):129-150.
[103] Avizienis A, Laprie J C, Randell B et al.. Basic concepts and taxonomy ofdependable and secure computing [J]. IEEE Trans Dependable Secur Comput,2004,1(1):11-33.
[104]张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518.
[105] ZHANG Huanguo, WANG Fan. A Behavior-Based Remote Trust AttestationModel [J]. Whuan University Journal of Natural Sciences,2006,11(6):1819-1822.
[106] Li Xiao-Yong, Shen Chang-Xiang, Zuo Xiao-Dong. An Efficient Attestation forTrustworthiness of Computing Platform [C]. In IIH-MSP'06:2006InternationalConference on Intelligent Information Hiding and Multimedia Signal Processing.New York: IEEE Press,2006:625-630.
[107] Alamo Masoom, Zhang Xinwen, Nauman Mohammad. Model-based BehavioralAttestation[C]. In SACMAT’08: Proceedings of ACM Symposium on AccessControl Models and Technologies. New York: ACM Press,2008:175-184.
[108] Gu Liang, Ding Xuhua, Deng Robert H. et al.. Remote Attestation on ProgramExecution[C]. In STC'08: Proceedings of the3rd ACM Workshop on ScalableTrusted Computing. New York: ACM Press,2008:11-19.
[109] Gu Liang, Cheng Yueqiang, Ding Xuhua et al.. Remote Attestation on FunctionExecution (Work-in-Progress)[C]. In INTRUST2009:1st InternationalConference on Trusted Systems, LNCS6163. Berlin Heidelberg: Springer-Verlag,2010:60-72.
[110]庄琭,蔡勉,李晨.基于软件行为的可信动态度量[J].武汉大学学报(理学版),2010,56(2):133-137.
[111] YU Fajiang, XU Yuewei, YU Yue, LIN Yang, WANG Yaohui. Optimization ofProgram Behavior Model for Trusted Computing Dynamic Attestation [J]. Journalof Computational Information Systems,2011,7(5):1436-1445.
[112] Jaehong Park, Ravi Sandhu. Towards usage control models: beyond traditionalaccess control[C]. In: Proceedings of the seventh ACM symposium on Accesscontrol models and technologies. New York: ACM Press,2002:57-64.
[113] Jaehong Park, Ravi Sandhu. The UCONABCUsage Control Model [J]. ACMTransactions on Information and System Security,2004,7(1):128-174.
[114] Zhang Xinwen, Francesco Parisi-Presicce, Ravi Sandhu et.al.. Formal model andpolicy specification of usage control [J]. ACM Transactions on Information andSystem Security,2005,8(4):351-387.
[115] Richard Harrison, Mark Shackman. Symbian OS C++for Mobile Phones [M].Volume3, USA: Wiley Publishing, June2007.
[116] Ench William, Ongtang Hachigar, McDanliel Patrich. Understanding AndroidSecurity [J]. IEEE Security and Privacy,2009,7(1):50-57.
[117] TRUSTIE (Trustworthy Software Tools and Integration Environment).软件可信分级规范[EB/OL].2009. http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf.
[118]古亮,郭耀,王华等.基于TPM的运行时软件可信证据收集机制[J].软件学报,2010,21(2):373-387.
[119]屈延文.软件行为学[M].北京:电子工业出版社,2004.
[120] Stephanie Forrest, Steven A. Hofmeyr, Thomas A. Longstaff. A Sense of Self forUnix Processes[C]. In: Proceedings of the1996IEEE Symposium on Security andPrivacy. New York: IEEE Computer Society Press,1996:120-128.
[121] Wojciech Penczek. Temporal approach to causal knowledge [J]. Logic Journal ofthe IGPL,2000,8(1):87-99.
[122] Lawrence R. Rabiner. A tutorial on hidden Markov models and selectedapplications in speech recognition [J]. Proceddings of The IEEE,1989,77(2):257-286.
[123]谭小彬,王卫平,奚宏生等.基于隐马尔科夫模型的异常监测[J].小型微型计算机系统,2004,25(8):1546-1549.
[124] Qiao Y, Xin XW, Bin Y et.al. Anomaly intrusion detection method based onHMM [J]. Electronics Letters, June2002,38(13):663-664.
[125] Siamak F. Shahandashti, Reihaneh Safavi-Naini. Threshold Attribute-BasedSignatures and Their Application to Anonymous Credential Systems[C]. InAFRICACRYPT2009: Second International Conference on Cryptology in Africa,LNCS5580, Berlin Heidelberg: Springer-Verlag.2009:198-216.
[126] Martin Gagn é, Shivaramakrishnan Narayan and Reihaneh Safavi-Naini.Threshold Attribute-Based Signcryption[C]. In SCN2010:7th InternationalConference on Security and Cryptography for Networks, LNCS6280, BerlinHeidelberg: Springer-Verlag.2010:154-171.
[127] S Sharmila Deva Selvi, Subhashini Venugopalan, C. Pandu Rangan. A NewApproach to Threshold Attribute Based Signatures [EB\OL].2010.http://researcher.ibm.com/files/in-subhvenu/New-ABS-scheme.pdf.
[128] Venugopal Deepak. An Efficient Signature Representation and matching Methodfor Mobile Devices[C]. In WICON '06:2nd Annual International Workshop onWireless Internet. New York: ACM Press,2006.
[129]启明星辰. UTM技术概论[M].北京:电子工业出版社,2009.
[130] Vanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. Keromytis.Behavior-based network access control: a proof-of-concept[C]. In ISC2008:11thInternational Conference on Information Security, LNCS5222, Berlin Heidelberg:Springer-Verlag.2008:175-190.
[131] Trusted Computing Group. TCG Trusted Network Connect TNC Architecture forInteroperability [EB/OL]. Specification v1.4Rev4.http://www.trustedcomputinggroup.org/files/resource_files/51F9691E-1D09-3519-AD1C1E27D285F03B/TNC_Architecture_v1_4_r4.pdf. May2009.
[132] Luo An’an, Lin Chuang, Cheng Zhen et al.. TNC-compatible NAC Systemimplemented on Network Processor[C]. In LCN2007:32nd IEEE Conference onLocal Computer Networks. New York: IEEE Computer Society Press,2007:1069-1075.
[133] Wang Jian, Liu Yangheng, Jiao yu. Novel access and remediation scheme inhierarchical trusted network [J]. Computer Communications,2011,34(3):375-383.
[134] Rehbock Sascha, Hunt Ray. Trustworthy clients: Extending TNC to web-basedenvironments [J]. Computer Communications,2009,32(5):1006-1013.
[135] Kai-Oliver Detken, Hervais Simo Fhom, Richard Sethmann. Leveraging TrustedNetwork Connect for Secure Connection of Mobile Devices to corporateNetworks[C]. In: Wireless in Developing Countries and Networks of the Future,IFIP AICT327, Berlin Heidelberg: Springer-Verlag.2010:158-169.
[136] Bente Ingo, Vieweg Joerg, Von Helden Joser. Privacy Enhanced Trusted NetworkConnect[C]. In INTRUST2009:1st International Conference on Trusted Systems,LNCS6163, Berlin Heidelberg: Springer-Verlag.2010:129-145.
[137]罗安安,林闯,王元卓等.可信网络连接的安全量化分析与协议改进[J].计算机学报,2009,32(5):887-898.
[138]王功名,关永,赵春江等.可信网络框架及研究[J].计算机工程与设计,2007,28(5):1016-1019.
[139]张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010,33(1):706-717.
[140]池亚平,杨磊,李兆斌等.基于EAP-TLS的可信网络连接认证方案设计与实现[J].计算机工程与科学,2011,33(4):8-12.
[141] IEEE Std.802.1X.2004IEEE Standard for Local and Metropolitan AreaNetworks Port-Based Network Access Control [S]. IEEE,2004.
[142] Aboba B, Blunk L, Vollbrecht J et al.. Extensible authentication protocol (EAP)[EB/OL]. IETF RFC3748. Http://www.ietf.org/rfc/rfc3748.txt.2004.
[143] Omar Cheikhrouhou, Maryline Layrent, Amin Ben Abdallah et al.. AnEAP-EHash authentication method adapted to resource constrained terminals [J].Annals of Telecommunications,2010,65(5-6):271-284.
[144]王永斌.移动互联网安全探析[J].通信世界,2008,(47).
[145] Ernie Brickell, Jan Camenisch, Chen Liqun. Direct Anonymous Attestation [C].In CCS’04: Proceedings of the11th ACM Conference on Computer andCommunications Security, New York: ACM Press,2004:132-145.
[146] Ernie Brickell, Chen Liqun, Li Jiangtao. Simplified security notions of directanonymous attestation and a concrete scheme from pairings [J]. InternationalJournal of Information Security,2009,8(5):315-330.
[147] Dan Boneh, Matthew Franklin. Identity-Based Encryption from the Weil Pairing[J]. SIAM Journal on Computing,2003,32(3):586-615.
[148] Antoine Joux, Kim Nguyen. Separating Decision Diffie–Hellman fromComputational Diffie–Hellman in Cryptographic [J]. Journal of Cryptology,2003,16(4):239-247.
[149] Oded Goldreich. Foundations of Cryptography: Basic Tools [M]. London:Cambridge University Press,2003.
[150] Oded Goldreich. Foundations of Cryptography Volume II Basic Applications [M].London: Cambridge University Press,2009.
[151]吴俊军,方明伟,张新访.一种基于可信计算的NFC认证模型[J].计算机工程与科学,2011,33(11):20-26.
[152] R. Marin-Lopez, F. Pereniguez, F. Bernal et al.. Secure three-party keydistribution protocol for fast network access in EAP-based wireless networks [J].Computer Networks,2010,54(15):2651-2673.
[153] Trusted Computing Group. Trusted Computing Platform Alliance (TCPA) MainSpecification Version1.1b [EB/OL].2002-02-10.https://www.trustedcomputinggroup.org.
[154] D. Hein, J. Wolkerstorfer and N. Elber. ECC is Ready for RFID-A proof inSilicon[C]. In SAC2008:15th International Workshop on Selected Areas inCryptography, LNCS5381, Berlin Heidelberg: Springer-Verlag.2008:401-413.
[155]陈小峰,冯登国.一种多信任域内的直接匿名证明方案[J].计算机学报,2008,31(7):1122-1130.
[156]蒋李,吴振强,王海燕等.基于动态信任值的DAA跨域认证机制[J].计算机工程,2010,36(11):156-158.
[157]李子臣,杨亚涛,曹陆林等.改进的跨域直接匿名认证方案[J].计算机应用,2010,30(12):3331-3333.
[158]杨力,马建峰,裴庆祺等.直接匿名的无线网络可信接入认证方案[J].通信学报,2010,31(8):98-104.
[159]吴振强,周彦伟,乔子芮.移动互联网下可信移动平台接入机制[J].通信学报,2010,31(10):158-169.
[160] Moffaert Van, Olivier Paridaens, Jerry Carr. Dgitial rights management [J].Alcatel Telecommunications Review,2003,24(2):147-152.
[161]俞银燕,汤帜.数字版权保护技术研究综述[J].计算机学报,2005,28(12):1957-1968.
[162]田捷.数字版权管理系统机理与关键技术研究[D].武汉:华中科技大学,2008.
[163] Mejdi Trimeche, Fehmi Chebil. Digital rights management for visual content inmobile applications [C]. In ISCCSP2004: First International Symposium onControl, Communications and Signal Processing. New York: IEEE ComputerSociety Press,2004:95-98.
[164] XrML. http://xml.coverpages.org/xrml.html. March2003.
[165] Renato Iannella, Susanne Guth, Daniel Paehler et al.. ODRL Version2.0CoreModel [EB\OL]. November2011. http://www.w3.org/community/odrl/two/model/.
[166] Chong C.N., Van Buuren R., Hartel P.H. et al.. Security attributes based digitalrights management[C]. In: Protocols and Systems for Interactive DistributedMultimedia, LNCS2515, Berlin Heidelberg: Springer-Verlag.2002:339-352.
[167] Cheun Ngen Chong, Sorin Iacob, Paul Koster et al.. License Transfer in OMA-DRM[C]. In ESORICS2006:11thEuropean Symposium on Research inComputer Security, LNCS4189, Berlin Heidelberg: Springer-Verlag.2006:81-96.
[168] Thomas S.Messerges, Ezzat A.Dabbish. Digital Rights Management in a3GMobile Phone and Beyond[C]. In DRM2003: Proceedings of the Third ACMWorkshop on Digital Rights Management, New York: ACM Press.2003:27-38.
[169] Imad Abbadi, Chris Mitchell. Digital Rights Management using a MobilePhone[C]. In ICEC2007: Proceedings of the Ninth International Conference onElectronic Commerce. New York: ACM Press.2007:185-194.
[170] ZHANG Li-he, KONG Xiang-wei, YANG Cheng. Digital rights managementindependent of terminals in mobile applications [J]. The Journal of ChinaUniversity of Posts and Telecommunications,2007,14(1):32-38.
[171] Siddharth Bhatt, Radu Sion, Bogdan Carbunar. A personal mobile DRM managerfor smartphones [J]. Computer and Security,2009,28(6):327-340.
[172] Wu Chia-Chi, Lin Chia-Chen, Chang Chin-chen. Digital rights management formultimedia content over3G mobile networks [J]. Expert Systems withApplications,2010,37(10):6787-6797.
[173] Jason F.Reid, William J.Caelli. DRM, Trusted Computing and Operating SystemArchitecture [EB\OL]. http://crpit.com/confpapers/CRPITV44Reid.pdf.
[174] Zheng Yu, He Dake, Wang Hongxia et al.. Secure DRM Scheme For FutureMobile Networks Based on Trusted Mobile Platform [C]. In WCNM2005:2005International Conference on Wireless Communications, Networking and MobileComputing, New York: IEEE Computer Society Press,2005:1164-1167.
[175] Victor Torres, Jaime Delgado, and Silvia Llorente. An Implementation of aTrusted and Secure DRM Architecture[C]. In: OTM2006Workshops-OTMConfederated International Workshops, LNCS4277, Berlin Heidelberg:Springer-Verlag.2006:312-321.
[176] Choi SuGil, Han JinHee, and Jun SungIk. Improvement on TCG Attestation andIts Implication for DRM[C]. In ICCSA2007: International Conference onComputational Science and its Applications, LNCS4705, Berlin Heidelberg:Springer-Verlag.2007:912-925.
[177] Ahmad-Reza Sadeghi, Marko Wofl, Christian Stuble et al.. Enabling FairerDigital Rights Management with Trusted Computing [C]. In ISC2007:10thInformation Security Conference, LNCS4779, Berlin Heidelberg: Springer-Verlag.2007:53-70.
[178] YANG Zhen, FAN Kefeng, LAI Yingxu. Trusted Computing Based Mobile DRMAuthentication Scheme[C]. In IAS2009:5th International Conference onInformation Assurance and Security, New York: IEEE Computer Society Press,2009:7-10.
[179] TCG MPWG. Mobile Phone Work Group: Selected Use Case Analyses-v1.0[EB\OL]. January2009.http://www.trustedcomputinggroup.org/files/temp/6443B207-1D09-3519-AD3180491A6DF1F5/MPWG%20Selected_Mobile_Phone_Use_Case_Analyses_v1.pdf.
[180] Open Mobile Alliance. OMA-TS-DRM-DRM-V2_0-20060303-A. OMA DRMSpecification Approved Version2.0[S].2006.
[181] Open Mobile Alliance. OMA-AD-DRM-V2_0-20060303-A.OMA DRMArchitecture Approved Version2.0[S].2006.
[182] Open Mobile Alliance.OMA-TS-DRM-DCF-V2_0-20060303-A. OMA DRMContent Format Approved Version2.0[S].2006.
[183] Open Mobile Alliance. OMA-TS-DRM-REL-V2_0-20060303-A. OMA DRMRights Expressin Language ApprovedVersion2.0[S].2006.
[184] Open Mobile Alliance. OMA-RD-DRM-V2_0-20060303-A.OMA DRMRequirements Approved Version2.0[S].2006.
[185] Chen Chin-Ling. A secure and traceable E-DRM system based on mobile device[J]. Expert Systems with Applications,2008,35(3):878-886.