基于云计算环境下的可信平台设计
|
摘要
云计算环境的灵活性、开放性以及公众可用性等特性,给应用安全带来了很多挑战。随着新兴可信计算技术的出现,可信计算在信息安全中使用的越来越多,使用可信计算技术来保障系统和硬件安全的技术也越来越成熟。本文就是通过在嵌入式终端设备中引入可信计算技术,结合动态度量和远程证明等保护方式,来构建一个安全可靠的终端可信平台和系统。信任链可信传递作为可信计算的一种机制,能够保护可信终端的每一个链条的绝对可信性,从而构建成一个可信链条,以此筑成安全可信终端使用环境。使用可信计算技术,就是希望从“根”上来建立安全可信的终端计算系统,防止信息的泄露,杜绝潜在的攻击。本文通过分析当前云计算、可信计算等技术,结合目前计算终端平台的软硬件与可信性需求的基础上,提出了一个系统的解决方案,以提高在云计算下终端平台的可信性。
本文对云计算终端平台的可信性、安全性等方面进行研究,希望能提供一套实际、有效以及可靠的解决方案,使现有终端平台与云服务器系统能利用该研究的成果,保证终端平台与云服务器之间能够安全的访问。本文提出的可信计算技术在云计算终端的使用,不仅对于云计算具有重要意义,而且将促进终端设备在信息安全方面安全保护的应用前景。本文的主要创新工作包括:
1.将可信平台模块TPM嵌入到可信计算平台中,以构建一个安全可信的计算终端平台,即通过静态信任链的构建,保证硬件本身和系统的安全可信;通过动态信任链的构建,保证应用程序的安装和系统运行过程的安全可信。这样,整个嵌入式系统平台都是处于一个安全可信的状态,就从内而外构建了一条安全可信的可信链,再加上有效的可信传递,从而使整个嵌入式终端平台成为一个安全可信计算终端平台。在动态度量中基于虚拟机监控动态度量方法设计和基于可信计算的实时度量模型设计的建立,更能有效地保障应用程序的可信传递和系统可信运行。
2.在嵌入式系统中,可信设备的可信启动是整个系统可信的关键,因此,在构建可信的嵌入式设备中,信任根的构建是非常重要的。因为信任根是信任链的起点,是构建可信设备的基础。在可信度量技术的保障下,信任链的传递,从底层到操作系统,再到最上层的应用程序,都需要经过严格的度量,才能得到信任,我们通常说的度量指一个测量或者是认证过程,通过对模块的摘要与同期值进行比较,判断模块的完整性。只有通过度量认可之后,才能使信任链能够可靠的传递。
3.为了保证可信终端平台能够安全访问云服务器,引入了远程证明技术。远程证明就是为了实现网络环境的可信,确保终端的可信性向网络中传递,确保终端与终端之间、终端与服务器之间可以进行可信通信,从而建立安全的网络环境。在远程证明中,将终端的完整性状态信息传递给需要的验证方,当验证方得到终端信息之后,通过验证和判断,建立一条资源共享的通道。通过远程证明技术的使用,就是为了建立一个可信的网络终端设备,可以对服务器进行可信性的访问。本文提出了基于身份和属性证书的远程证明方案设计,通过身份和属性与平台配置之间的映射关系,在可信第三方的帮助下,颁发身份和属性证书,来证明证明方的可信安全属性,验证方再通过第三方的颁发身份和属性证书来验证证明方的安全可信,保证访问服务器的终端设备是安全可信的。
4.利用公司提供的技术平台,结合嵌入式可信启动的设计、静态信任链和动态信任链的构建、可信终端设备访问服务器的基于身份与属性的远程证明设计,实现了基于云计算环境下可信平台——云电视。基于可信终端云电视平台的可信认证机制原型系统的实现,使得云电视终端在启动、运行、访问云服务平台中心,能够安全、有效地运行和通信。
综上所述,本文对可信技术中可信计算中的可信启动,静态信任链和动态信任链的可信链传递、可信计算的度量机制的设计、可信终端访问服务器的远程证明设计等可信认证关键技术进行了研究,利用提供的技术平台,建立了基于云计算环境下的终端可信认证的原型系统———云电视,为了嵌入式终端系统在信息安全方面提供了一些新的思路和新的途径。
The cloud computing environment has the characteristics of flexibility, opennessand public availability, but these characteristics also brought many challenges. With theemergence of the trusted computing technology, trusted computing is used ininformation security field widely. And trusted computing technology is used verymaturely to protect the security of systems and hardware. This dissertation introduced amethod which is to build a secure and reliable terminal Trusted Platform system byintroducing trusted computing technology to embedded terminal equipment andcombing with dynamic metrics and remote proof protection. Trusted chain as a specialprotection mechanism ensures that the absolute credibility of every aspect of thecalculating terminal platform, and passed down credibility to every step. Thus it cancreate a trusted computing environment to ensure the security and credibility of theterminal platform and put an end to the invasion of evil code. This dissertation presentsa solution to improve the credibility of the cloud computing terminal platform throughanalyzing the current cloud computing and trusted computing technologies, on thecombination of the basis for the hardware and software of the calculation terminalplatform and credibility of demand.
This dissertation will study the credibility and security of the terminal platform ofcloud computing. This dissertation aims to provide a practical, effective and reliablesolution, so that it can make the existing terminal platforms and cloud server systemsuse the research result to ensure the safe access between the terminal platform and cloudservers. In this dissertation, the trusted computing technology of cloud computingmeans not only the great significance for cloud computing, but also the applicationprospects of security protection of terminal equipment. The main innovations of thisdissertation include:
1. Taking trusted platform module TPM embedded into the trusted computingplatform to build a secure and trusted computing terminal platform. That is ensuring thehardware and system security and credible through construction of the static trustedchain, and ensuring the application installation and system operation security and credible through construction of the dynamic trusted chain. In this way, the entireembedded system platform is always in a safe and reliable state and the entireembedded terminal platform becomes a safe and trusted computing terminal platformthrough trusted chains and effective trusted transitions. The dynamic measurementmethod design based on virtual machine monitor and the real-time measurement modeldesign based on trusted computing can more effectively protect application transitionand system operation reliable.
2. In the embedded systems, the trusted boot of the credible equipment is the keyof the whole system; therefore, the construction of the trusted root is very important inthe construction of credible embedded devices. Because the trusted root are the startingpoint of the trust chain and also the foundation of credible equipment. The trustedmeasurement technology protects the transition of the trusted chains. In the theory ofthe chain of trust, from the bottom BIOS module to the top of the application, all needto go through the measure after the order to be trusted. We usually say that the measuremeans a measure or the certification process by the module summary with the sameperiod the value of carried out the comparison, to determine the integrity of the module.Only measure recognized to the chain of trust can be reliably transfer.
3. In order to guarantee the credibility of terminal platform’s access to cloud server,remote attestation technology is introduced. Remote attestation can ensure the reliabletransmission of networks and the reliable communications of terminals and terminals,terminals and servers, so that it can establish a safe network environment. In the remoteattestation process, the information of the integrity status of the terminal is passed to theauthenticator, when authenticator obtained terminal information, it will authenticate andjudge its reliability then create a resource sharing channel. The using of remoteattestation technology is to build a trusted network terminal equipment and access toservers reliably. This dissertation proposed a program design of remote attestationwhich based on identity and attribute certificate. The requesting side can be provedcredible through the mapping between the identical properties and the platformconfiguration, with the help of a trusted third party such as identity issue and attributecertificates. And the authenticator can verify the security and credibility of therequesting side through the third party’s identity and attribute certificate, so that it canensure the access to server terminal equipment credibly.
4. A cloud-based environment trusted platform-cloud TV has been established onthe technology platform provided by the company and combined with the design of thetrusted boot of the trusted computing, construction of static trusted chains and dynamictrusted chains and trusted computing measure mechanism and trusted authentication.The realization of the prototype system based on the credibility of the trusted terminalcloud TV platform authentication mechanism, making the startup, operation, access tocloud services platform center can be operate and communicate safely and effectively.
In summary, this dissertation studied the key technologies of credible certification,such as the trusted boot of the trusted computing, transitions of static trusted chains anddynamic trusted chains, trusted computing measure mechanism and trustedauthentication. Using the technology platform established a credible certification ofterminal prototype system-cloud TV, which based on the cloud computing environment.This dissertation provided some new ideas and new ways for the application of theembedded terminal system in information security.
本文对云计算终端平台的可信性、安全性等方面进行研究,希望能提供一套实际、有效以及可靠的解决方案,使现有终端平台与云服务器系统能利用该研究的成果,保证终端平台与云服务器之间能够安全的访问。本文提出的可信计算技术在云计算终端的使用,不仅对于云计算具有重要意义,而且将促进终端设备在信息安全方面安全保护的应用前景。本文的主要创新工作包括:
1.将可信平台模块TPM嵌入到可信计算平台中,以构建一个安全可信的计算终端平台,即通过静态信任链的构建,保证硬件本身和系统的安全可信;通过动态信任链的构建,保证应用程序的安装和系统运行过程的安全可信。这样,整个嵌入式系统平台都是处于一个安全可信的状态,就从内而外构建了一条安全可信的可信链,再加上有效的可信传递,从而使整个嵌入式终端平台成为一个安全可信计算终端平台。在动态度量中基于虚拟机监控动态度量方法设计和基于可信计算的实时度量模型设计的建立,更能有效地保障应用程序的可信传递和系统可信运行。
2.在嵌入式系统中,可信设备的可信启动是整个系统可信的关键,因此,在构建可信的嵌入式设备中,信任根的构建是非常重要的。因为信任根是信任链的起点,是构建可信设备的基础。在可信度量技术的保障下,信任链的传递,从底层到操作系统,再到最上层的应用程序,都需要经过严格的度量,才能得到信任,我们通常说的度量指一个测量或者是认证过程,通过对模块的摘要与同期值进行比较,判断模块的完整性。只有通过度量认可之后,才能使信任链能够可靠的传递。
3.为了保证可信终端平台能够安全访问云服务器,引入了远程证明技术。远程证明就是为了实现网络环境的可信,确保终端的可信性向网络中传递,确保终端与终端之间、终端与服务器之间可以进行可信通信,从而建立安全的网络环境。在远程证明中,将终端的完整性状态信息传递给需要的验证方,当验证方得到终端信息之后,通过验证和判断,建立一条资源共享的通道。通过远程证明技术的使用,就是为了建立一个可信的网络终端设备,可以对服务器进行可信性的访问。本文提出了基于身份和属性证书的远程证明方案设计,通过身份和属性与平台配置之间的映射关系,在可信第三方的帮助下,颁发身份和属性证书,来证明证明方的可信安全属性,验证方再通过第三方的颁发身份和属性证书来验证证明方的安全可信,保证访问服务器的终端设备是安全可信的。
4.利用公司提供的技术平台,结合嵌入式可信启动的设计、静态信任链和动态信任链的构建、可信终端设备访问服务器的基于身份与属性的远程证明设计,实现了基于云计算环境下可信平台——云电视。基于可信终端云电视平台的可信认证机制原型系统的实现,使得云电视终端在启动、运行、访问云服务平台中心,能够安全、有效地运行和通信。
综上所述,本文对可信技术中可信计算中的可信启动,静态信任链和动态信任链的可信链传递、可信计算的度量机制的设计、可信终端访问服务器的远程证明设计等可信认证关键技术进行了研究,利用提供的技术平台,建立了基于云计算环境下的终端可信认证的原型系统———云电视,为了嵌入式终端系统在信息安全方面提供了一些新的思路和新的途径。
The cloud computing environment has the characteristics of flexibility, opennessand public availability, but these characteristics also brought many challenges. With theemergence of the trusted computing technology, trusted computing is used ininformation security field widely. And trusted computing technology is used verymaturely to protect the security of systems and hardware. This dissertation introduced amethod which is to build a secure and reliable terminal Trusted Platform system byintroducing trusted computing technology to embedded terminal equipment andcombing with dynamic metrics and remote proof protection. Trusted chain as a specialprotection mechanism ensures that the absolute credibility of every aspect of thecalculating terminal platform, and passed down credibility to every step. Thus it cancreate a trusted computing environment to ensure the security and credibility of theterminal platform and put an end to the invasion of evil code. This dissertation presentsa solution to improve the credibility of the cloud computing terminal platform throughanalyzing the current cloud computing and trusted computing technologies, on thecombination of the basis for the hardware and software of the calculation terminalplatform and credibility of demand.
This dissertation will study the credibility and security of the terminal platform ofcloud computing. This dissertation aims to provide a practical, effective and reliablesolution, so that it can make the existing terminal platforms and cloud server systemsuse the research result to ensure the safe access between the terminal platform and cloudservers. In this dissertation, the trusted computing technology of cloud computingmeans not only the great significance for cloud computing, but also the applicationprospects of security protection of terminal equipment. The main innovations of thisdissertation include:
1. Taking trusted platform module TPM embedded into the trusted computingplatform to build a secure and trusted computing terminal platform. That is ensuring thehardware and system security and credible through construction of the static trustedchain, and ensuring the application installation and system operation security and credible through construction of the dynamic trusted chain. In this way, the entireembedded system platform is always in a safe and reliable state and the entireembedded terminal platform becomes a safe and trusted computing terminal platformthrough trusted chains and effective trusted transitions. The dynamic measurementmethod design based on virtual machine monitor and the real-time measurement modeldesign based on trusted computing can more effectively protect application transitionand system operation reliable.
2. In the embedded systems, the trusted boot of the credible equipment is the keyof the whole system; therefore, the construction of the trusted root is very important inthe construction of credible embedded devices. Because the trusted root are the startingpoint of the trust chain and also the foundation of credible equipment. The trustedmeasurement technology protects the transition of the trusted chains. In the theory ofthe chain of trust, from the bottom BIOS module to the top of the application, all needto go through the measure after the order to be trusted. We usually say that the measuremeans a measure or the certification process by the module summary with the sameperiod the value of carried out the comparison, to determine the integrity of the module.Only measure recognized to the chain of trust can be reliably transfer.
3. In order to guarantee the credibility of terminal platform’s access to cloud server,remote attestation technology is introduced. Remote attestation can ensure the reliabletransmission of networks and the reliable communications of terminals and terminals,terminals and servers, so that it can establish a safe network environment. In the remoteattestation process, the information of the integrity status of the terminal is passed to theauthenticator, when authenticator obtained terminal information, it will authenticate andjudge its reliability then create a resource sharing channel. The using of remoteattestation technology is to build a trusted network terminal equipment and access toservers reliably. This dissertation proposed a program design of remote attestationwhich based on identity and attribute certificate. The requesting side can be provedcredible through the mapping between the identical properties and the platformconfiguration, with the help of a trusted third party such as identity issue and attributecertificates. And the authenticator can verify the security and credibility of therequesting side through the third party’s identity and attribute certificate, so that it canensure the access to server terminal equipment credibly.
4. A cloud-based environment trusted platform-cloud TV has been established onthe technology platform provided by the company and combined with the design of thetrusted boot of the trusted computing, construction of static trusted chains and dynamictrusted chains and trusted computing measure mechanism and trusted authentication.The realization of the prototype system based on the credibility of the trusted terminalcloud TV platform authentication mechanism, making the startup, operation, access tocloud services platform center can be operate and communicate safely and effectively.
In summary, this dissertation studied the key technologies of credible certification,such as the trusted boot of the trusted computing, transitions of static trusted chains anddynamic trusted chains, trusted computing measure mechanism and trustedauthentication. Using the technology platform established a credible certification ofterminal prototype system-cloud TV, which based on the cloud computing environment.This dissertation provided some new ideas and new ways for the application of theembedded terminal system in information security.
引文
[1] L Vaquero. A break in the clouds: towards a cloud definition[J]. Computer CommunicationReview,2008,39(1):50-55
[2] T Ristenpart. Hey, you, get off of my cloud: exploring information leakage in third-partycompute clouds[C]. Proceedings of the16th ACM conference on Computer andcommunications security, Charlotte, USA,2009,199-212
[3] A Williamson. Comparing cloud computing providers[J]. Cloud Comp. J.,2009,2(3):3–5
[4]陈康,郑纬民.云计算:系统实例与研究现状[J].软件学报,2009,20(5):1337-1348
[5] D Ma. The business model of software-as-a-service[C]. Proceedings of the2007IEEEInternational Conference on Service Computing, Salt Lake, USA,2007,701–702
[6] C Collberg, C Thomborson. Watermarking, tamper-proofing, and obfuscation-tools for softwareprotection[J]. IEEE Trans. Software Eng.,2002,28(1):735–746
[7] J Yang, K G Shin. Using hypervisor to provide data secrecy for user applications on a per-pagebasis[J]. Virtual Execution Environments,2008,71–80
[8] GuanHua Tian, Dan Meng, JianFeng Zhan. Reliable resource provision policy for cloudcomputing[J]. Chinese Journal of Computers,2010,33(10):1859-1872
[9] E Deelman, G Singh, M Livny. The cost of doing science on the cloud: The MontageExample[C]. Proceedings of the2008International Conference for High PerformanceComputing, Networking, Storage and Analysis, Austin, USA,2008,1-12
[10] Huiying Chen, Feng Wang, Hui Deng. An investigation on applications of cloud computing inscientific computing[J]. Communications in Computer and Information Science2011,235(5):201-206
[11] M Vouk. Cloud computing issues, research and implementations[C]. Proceedings of the30thInternational Conference on Information Technology Interfaces, Dubrovnik, Croatia,2008,31-40
[12] ChunHua Hu, JiBo Liu, JianXun Liu. Services selection based on trust evolution and union forcloud computing[J]. Journal on Communications,2011,32(7):71-79
[13] J Abawajy. Determining service trustworthiness in intercloud computing environments[J]. Int.Symposium on Parallel Architectures, Algorithms, and Networks,2009,784–788
[14]朱源,闻剑峰.云计算安全浅析[J].电信科学,2010,26(6):53-57
[15]杨怡,赖迎春.云计算环境下的安全问题浅析[J].电脑知识与技术,2009,5(16):4154-4156
[16]张云勇,陈清金,潘松柏,等.云计算安全关键技术分析[J].电信科学,2010,26(09):64-69
[17] J Harauz, L M Kaufman, B Potter. Data security in the world of cloud computing[J]. IEEESecurity&Privacy,2009,7(4):61-64
[18] F B Shaikh, S Haider. Security threats in cloud computing[C]. Proceedings of the2011International Conference for Internet Technology and Secured Transactions, Abu Dhabi, UAE,2011,214-219
[19] A Avizienis, J C Laprie, B Randell, et al. Basic concepts and taxonomy of dependable andsecure computing[J]. IEEE transactions on dependable and secure computing,2004,1(1):11-13
[20] M Jensen. On technical security issues in cloud computing[C]. Proceedings of the2009IEEEInternational Conference on Cloud Computing, Bangalore, India,2009,109-116
[21] K K Muniswamy, P Macko, M Seltzer. Provenance for the Cloud[C]. Proceedings of the8thUSENIX Conference on File and Storage Technologies, Washington, D.C, USA,2010,197-210
[22]靳蓓蓓,张仕斌.可信计算平台及其研究现状[J].长春大学学报,2007,17(04):45-49
[23]张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报,2006,52(05):513-18
[24]熊光泽,常政威,桑楠.可信计算发展综述[J].计算机应用,2009,29(4):915-919
[25]张焕国,罗捷,金刚,等.可信计算机技术与应用综述[J].计算机安全,2006,(6):8-12
[26]冯登国,秦宇,汪丹,等.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349
[27] Xiang Yang, Wanlei Zhou. Trusted computing: future generation computer system[J]. TheInternational Journal of Grid Computing,2011,527-528
[28] L T Yang, G J Wang. Special issue on trusted computing and communications[J]. Journal ofNetwork and Computer Applications,2012,(05):865-866
[29] Keqiu Li, Hai Jin, Jingwei Jin. Guest editorial: high performance trusted computing[J]. Journalof Supercomputing,2011,1-3
[30] Wenchao Huang, Yan Xiong, Wenjuan Cheng, et al. A formal specification of mobile trustedcomputing[J]. Chinese Journal of Electronics,2011,11-16
[31] Surya Nepal, John Zic, Dong-xi Liu, et al. A mobile and portable trusted computing platform[J].Eurasip Journal on Wireless Communications and Networking,2011,1-19
[32] M Yildiz, J Abawajy, T Ercan, et al. A layered security approach for cloud computinginfrastructure[C]. Proceedings of the10th International Symposium on Pervasive Systems,Algorithms, and Networks, Kaohsiung, China,2009,763-767
[33] J Arshad, P Townend, J Xu. Quantification of security for compute intensive workloads inclouds[C]. Proceedings of the15th International Conference on Parallel and DistributedSystems, Shenzhen, China,2009,479-486
[34] Zhuo Hao, Sheng Zhong, Nenghai Yu. A privacy-preserving remote data integrity checkingprotocol with data dynamics and public verifiability[J]. IEEE Transactions on Knowledge andData Engineering,2011,23(9):1432-1437
[35]季一木,康家邦,潘俏羽,等.一种云计算安全模型与架构设计研究[J].信息网络安全,2012,11(06):6-8
[36] R Uhlig, G Neiger, D Rodgers, et al. Intel virtualization technology[J]. Computer,2005,38(5):48–56
[37]薛海峰,卿斯汉,张焕国.XEN虚拟机分析[J].系统仿真学报,2007,19(23):5556-5569
[38] Kevin Sloan, Security in a virtualized world[J]. Network Security,2009,15-18
[39] M Rosenblum, T Gargnkel. Virtual machine monitors: Current technology and future trends[J].Computer,2005,38(5):39–47
[40] S J Young, H P Jong. Visual trustworthy monitoring system (v-TMS) for behavior of trustedcomputing[J]. Journal of Internet Technology,2010,731-741
[41] Z Song, J Molina, C Strong. Trusted anonymous execution: a model to raise trust in cloud[C].Proceedings of the9th International Conference on Grid and Cooperative Computing, Nanjing,China,2010,133–138
[42] Huanan Liu, Shiqing Wang. The analysis and design of trusted computing applied into cloud[C].Proceedings of the2012IEEE Control and System Graduate Research Colloquium, Shah Alam,Malaysia,2012,5–9
[43] N Santos, K P Gummadi, R Rodrigues. Towards trusted cloud computing[J]. In USENIX HotCloud,2009,23-27
[44]张润莲,武小年,周胜源,等.一种基于实体行为风险评估的信任模型[J].计算机学报,2009,32(04):688-698
[45]陈幼雷.可信计算模型及体系结构研究[D].武汉:武汉大学,2006,58-70
[46]黄强.基于可信计算的终端安全体系结构研究[D].武汉:海军工程大学,2007,48-60
[47] G Wei, X Zhou, H Zhang. A trusted computing model based on code authorization[C].Proceedings of the2008International Symposiums on Information Processing, Washington, DC,USA,2008,495–499
[48]赵佳.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980
[49]李小将,师俊芳,梅栾芳,等.嵌入式可信终端的信任链模型研究[J].计算机应用与软件,2010,27(10):55-57
[50] K K Tae, S S Hee. A trust model using fuzzy logic in wireless sensor network[J]. Journal ofWorld Academy of Science, Engineering and Technology,2008,42(13):63-66
[51]李焕洲,林宏刚,张健,等.可信计算中完整性度量模型研究[J].四川大学学报(工程科学版),2008,40(11):150-153
[52]宋成.可信计算平台中若干关键技术研究[D].北京:北京邮电大学,2011,71-82
[53]王曙霞,王因传.Windows可信计算实现研究[J].计算机与数字工程,2011,39(5):100-104
[54] A Seshadri, M Luk, N Qu, et al. A tiny hypervisor to provide lifetime kernel code integrity forcommodity OSes[C]. Proceedings of the21st Symposium on Operating Systems Principles,New York, USA,2007,335–350
[55] Fan He, Jing Len, Huanguo Zhang. Evolutionary testing of trusted computing supportingsoftware based on genetic algorithms[C]. Proceedings of the2008International Symposium onKnowledge Acquisition and Modeling, Wuhan, China,2008,713-717
[56] J E Smith, R Nair. The architecture of virtual machines[J]. Computer,2005,38(5):32–38
[57] X Jiang, X Wang, D Xu. Stealthy malware detection through VMM-based out-of-the-boxsemantic view reconstruction[J]. Computer and Communications Security,2007,128–138
[58] T Garfinkel, B Pfaff, J Chow, et al. Terra: a virtual machine-based platform for trustedcomputing[C]. Proceedings of the19th ACM Symposium on Operating Systems Principles,Bolton Landing,USA,2003,193–206
[59] Q C Xian, W Han, M W Su, et al. Seamless virtual machine live migration on network securityenhanced hypervisor[C]. Proceedings of the2nd IEEE International Conference on BroadbandNetwork Multimedia Technology, Beijing, China,2009,847–853
[60] F Stumpf, C Eckert. Enhancing trusted platform modules with hardware-based virtualizationtechniques[C]. Proceedings of the Second International Conference on Emerging SecurityInformation, Systems and Technologies, Cap Esterel, France,2008,1-9
[61] M Jonathan. Flicker: an execution infrastructure for tcb minimization[C]. Proceedings of the3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, Glasgow, ScotlandUK,2008,01-04
[62] J K Lee, J C Hou. Modeling steady-state and transient behaviors of user mobility: formulation,analysis, and application[C]. Proceedings of the7th ACM international symposium on Mobilead hoc networking and computing, New York, USA,2006,85–96
[63] Z Qiang, C Dong, L W Yun, et al. The out-of-band virtualization model of network storagebased on trusted computing[C]. Proceedings of the2010Sixth International Conference inNatural Computation, Yantai, China,2010,4354–4357
[64]王泽辉.基于8阶LFSR序列的可证明安全性公钥密码体制[J].中山大学学报,2008,47(5):28-32
[65]王泽辉.基于6阶LFSR序列的可证明安全性公钥密码体制[J].计算机研究与发展,2006,43(09):232-238
[66]鲍皖苏,隗云,钟普查.原始签名人匿名的代理环签名研究[J].电子与信息学报,2009,31(10):2392-2395
[67]何韦伟,季新生,刘彩霞.基于数字签名认证的IKE协议安全性分析及改进[J].计算机应用,2008,28(7):1807-1815
[68]潘雷.TPM中身份证明密钥AIK的研究[J].南京晓庄学院学报,2007,(06):72-74
[69]张志勇,裴庆祺,杨林,等.支持验证代理方的远程证明模型及其安全协议[J].西安电子科技大学学报,2009,36(01):58-63
[70]户家富,李立新.基于策略和虚拟机技术的动态远程证明框架[J].武汉大学学报,2009,55(01):45-48
[71]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报,2009,32(07):1304-1310
[72]徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制[J].软件学报,2011,22(2):339-352
[73]李莉,曾国荪,陈波.开放网络环境下的属性远程证明[J].计算机应用,2008,28(01):77-79
[74]李尚杰,贺也平,刘冬梅,等.基于属性的远程证明的隐私性分析[J].通信学报,2009,30(11):146-152
[75]胡杨建,陈兴刚,胡杨军.基于PKI/PMI属性证书的研究[J].黑龙江科技信息,2008,(31):151-154
[76]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(06):1625-1641
[77]冯登国,秦宇.一种基于TCM的属性证明协议[J].中国科学:信息科学,2010,40(02):189-199
[78] C Wang, Q Wang, K Ren, et al. Ensuring data storage security in cloud computing[C].Proceedings of the17th IEEE International Workshop on Quality of Service (IWQoS'09),Charleston, South Carolina, USA.2009,1-9
[79] C Wang, Q Wang, K Ren, et al. Privacy-preserving public auditing for data storage security incloud computing[C]. Proceedings of the29th IEEE International Conference on ComputerCommunications, San Diego, USA,2010,1-9
[80] N Ravi, C Narayanaswami, M Raghunath, et al. Towards securing pocket hard drives andportable personalities[J]. IEEE Pervasive Computing,2007,6(4):127-135
[81] Shugang Liu, An architecture of mobile internet base on cloud computing[J]. AdvancedMaterials and Engineering Materials,2012,38-41
[82] S Pearson, A Benameur. Privacy, security and trust issues arising from cloud computing[C].Proceedings of the Second International Conference on Cloud Computing Technology andScience (CloudCom), Indianapolis, India,2010,693–702
[83] Khan K M, Malluhi Q. Establishing trust in cloud computing[J]. IT Professional,2010,12(5):20-27
[84] K Xiong, H Perros. Service performance and analysis in cloud computing[C]. Proceedings ofthe2009World Conference on Services-I, Los Angeles, USA,2009,693–700
[85] M Alam, M Nauman, X Zhang, et al. Behavioral attestation for business processes[C].Proceedings of the2009IEEE International Conference on Web Services, Los Alamitos, USA,2009,343-350
[86] Masoom Alam, Tamleek Ali, Sanaullah Khan, et al. Analysis of existing remote attestationtechniques[J]. Security and Communication Networks,2012,5(9),1062-1082
[87] M Smith, M Schmidt, N Fallenbeck, et al. Secure on-demand grid computing[J]. Journal ofFuture Generation Computer Systems,2009,25(3):315–325
[88] A Imad, M Alawneh. Secure information sharing for grid computing[J]. Security andCommunication Networks,2010,486-502
[89] V Vijayakumar, S D WahidaBanu, J Abawajy. Novel mechanism for evaluating feedback in thegrid environment on resource allocation[C]. Proceedings of the2010International Conferenceon Grid Computing and Applications, Las Vegas, USA,2010,12-15
[90] Zhidong Shen, Xiaoping Wu. The protection for private keys in distributed computing systemenabled by trusted computing platform[C]. Proceedings of the2010International Conferenceon Computer Design and Applications, Qinhuangdao, China,2010,576-580
[91] A Iliev, S W Smith. Protecting client privacy with trusted computing at the server[J]. Security&Privacy,2005,3(2):20-28
[92] R Jason, M Juan, N Gonzalez, et al. Privacy and trusted computing[C]. Proceedings of the14thInternational Workshop on Database and Expert Systems Applications, Prague, Czech Republic,2003,383-388
[93]刘宏伟,卫国斌.可信计算在VPN中的应用[J].计算机应用,2006,26(12):2935-2937
[94]武小平,赵波,张焕国.基于TPM硬件的移动Agent安全模型研究[J].计算机科学,2008,35(10):86-89
[95] Thomas Winkler, Bernhard Rinner. Securing embedded smart cameras with trustedcomputing[J]. Eurasip Journal on Wireless Communications and Networking,2011,45-54
[96]赵佳.可信认证关键技术研究[D].北京:北京交通大学,2008,43-52
[97]肖政,韩英,刘小杰,等.基于可信计算平台的接入认证模型和OIAP授权协议的研究与应用[J].小型微型计算机系统,2007,28(08):1397-1401
[98] R Sandhu, K Ranganathan, X Zhang. Secure information sharing enabled by trusted computingand PEI models[C]. Proceedings of the ACM Symposium on Information, Computer, andCommunication Security, Lake Tahoe, USA,2006,272-283
[99] P A Loscocco, P W Wilson, J A Pendergrass, et al. Linux kernel integrity measurement usingcontextual inspection[C]. Proceedings of the2nd ACM Workshop on Scalable TrustedComputing, New York, USA,2007:21-29
[100]邢剑锋,王鹏飞,沈松.基于虚拟机的可信云计算平台研究与设计[J].微型机与应用,2010,(16):75-77
[101] B Sotomayor, R S Montero, I M Llorente, et al. Virtual infrastructure management in privateand hybrid clouds[J]. IEEE Internet Computing,2009,13(1):14–22
[102] C Y Liu, M Feng, X J Dai, et al. A new algorithm of backward cloud[J]. Journal of SystemSimulation,2004,16(11):2417-2420
[103]林宏刚.可信网络连接若干关键技术研究[D].成都:四川大学,2006,62-71
[104] M Luk, G Mezzour, A Perrig, et al. Minisec: a secure sensor network communicationarchitecture[C]. Proceedings of the6th international conference on Information processing insensor networks, New York, USA,2007,479–488
[105] Liu He, Yongzheng Zhang, Yu Zong. Research on management of USB storage device basedon trusted network connect architectures[J]. Microcomputer information,2008,24(53):90-92
[106] S Song. Trusted P2P transactions with fuzzy reputation aggregation[J]. IEEE InternetComputing,2005,9(6):24–34
[107] R Zhou, K Wang. Power trust: a robust and scalable reputation system for trusted peer-to-peercomputing[J]. IEEE Trans. Parallel and Distributed Systems,2007,460–473
[108] Yanjiang Yang, Jianying Zhou, Robert, et al. Better security enforcement in trusted computingenabled heterogeneous wireless sensor networks[J]. Security and Communication Networks,2011,11-22
[109] R Sandhu, X Zhang. Peer-to-peer access control architecture using trusted computingtechnology[C]. Proceedings of the tenth ACM symposium on Access control models andtechnologies, Stockholm, Sweden,2005,147-158
[110] G J Wang, T Y Laurence, S Kouichi. Trusted computing and communications[J]. Security andCommunication Networks,2011,1-2
[111] A Nagarajan, V Varadharajan, M Hitchens, et al. On the applicability of trusted computing indistributedauthorization using web services[C]. Proceedings of the22nd Working Conferenceon Data and Applications Security, London, UK,2008,222-237
[112] R Sailer, X Zhang, T Jaeger, et al. Designand implementation of a TCG-based integritymeasurementarchitecture[C]. Proceedings of the13th conferenceon USENIX SecuritySymposium, Berkeley, USA,2004,16–19
[2] T Ristenpart. Hey, you, get off of my cloud: exploring information leakage in third-partycompute clouds[C]. Proceedings of the16th ACM conference on Computer andcommunications security, Charlotte, USA,2009,199-212
[3] A Williamson. Comparing cloud computing providers[J]. Cloud Comp. J.,2009,2(3):3–5
[4]陈康,郑纬民.云计算:系统实例与研究现状[J].软件学报,2009,20(5):1337-1348
[5] D Ma. The business model of software-as-a-service[C]. Proceedings of the2007IEEEInternational Conference on Service Computing, Salt Lake, USA,2007,701–702
[6] C Collberg, C Thomborson. Watermarking, tamper-proofing, and obfuscation-tools for softwareprotection[J]. IEEE Trans. Software Eng.,2002,28(1):735–746
[7] J Yang, K G Shin. Using hypervisor to provide data secrecy for user applications on a per-pagebasis[J]. Virtual Execution Environments,2008,71–80
[8] GuanHua Tian, Dan Meng, JianFeng Zhan. Reliable resource provision policy for cloudcomputing[J]. Chinese Journal of Computers,2010,33(10):1859-1872
[9] E Deelman, G Singh, M Livny. The cost of doing science on the cloud: The MontageExample[C]. Proceedings of the2008International Conference for High PerformanceComputing, Networking, Storage and Analysis, Austin, USA,2008,1-12
[10] Huiying Chen, Feng Wang, Hui Deng. An investigation on applications of cloud computing inscientific computing[J]. Communications in Computer and Information Science2011,235(5):201-206
[11] M Vouk. Cloud computing issues, research and implementations[C]. Proceedings of the30thInternational Conference on Information Technology Interfaces, Dubrovnik, Croatia,2008,31-40
[12] ChunHua Hu, JiBo Liu, JianXun Liu. Services selection based on trust evolution and union forcloud computing[J]. Journal on Communications,2011,32(7):71-79
[13] J Abawajy. Determining service trustworthiness in intercloud computing environments[J]. Int.Symposium on Parallel Architectures, Algorithms, and Networks,2009,784–788
[14]朱源,闻剑峰.云计算安全浅析[J].电信科学,2010,26(6):53-57
[15]杨怡,赖迎春.云计算环境下的安全问题浅析[J].电脑知识与技术,2009,5(16):4154-4156
[16]张云勇,陈清金,潘松柏,等.云计算安全关键技术分析[J].电信科学,2010,26(09):64-69
[17] J Harauz, L M Kaufman, B Potter. Data security in the world of cloud computing[J]. IEEESecurity&Privacy,2009,7(4):61-64
[18] F B Shaikh, S Haider. Security threats in cloud computing[C]. Proceedings of the2011International Conference for Internet Technology and Secured Transactions, Abu Dhabi, UAE,2011,214-219
[19] A Avizienis, J C Laprie, B Randell, et al. Basic concepts and taxonomy of dependable andsecure computing[J]. IEEE transactions on dependable and secure computing,2004,1(1):11-13
[20] M Jensen. On technical security issues in cloud computing[C]. Proceedings of the2009IEEEInternational Conference on Cloud Computing, Bangalore, India,2009,109-116
[21] K K Muniswamy, P Macko, M Seltzer. Provenance for the Cloud[C]. Proceedings of the8thUSENIX Conference on File and Storage Technologies, Washington, D.C, USA,2010,197-210
[22]靳蓓蓓,张仕斌.可信计算平台及其研究现状[J].长春大学学报,2007,17(04):45-49
[23]张焕国,罗捷,金刚,等.可信计算研究进展[J].武汉大学学报,2006,52(05):513-18
[24]熊光泽,常政威,桑楠.可信计算发展综述[J].计算机应用,2009,29(4):915-919
[25]张焕国,罗捷,金刚,等.可信计算机技术与应用综述[J].计算机安全,2006,(6):8-12
[26]冯登国,秦宇,汪丹,等.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349
[27] Xiang Yang, Wanlei Zhou. Trusted computing: future generation computer system[J]. TheInternational Journal of Grid Computing,2011,527-528
[28] L T Yang, G J Wang. Special issue on trusted computing and communications[J]. Journal ofNetwork and Computer Applications,2012,(05):865-866
[29] Keqiu Li, Hai Jin, Jingwei Jin. Guest editorial: high performance trusted computing[J]. Journalof Supercomputing,2011,1-3
[30] Wenchao Huang, Yan Xiong, Wenjuan Cheng, et al. A formal specification of mobile trustedcomputing[J]. Chinese Journal of Electronics,2011,11-16
[31] Surya Nepal, John Zic, Dong-xi Liu, et al. A mobile and portable trusted computing platform[J].Eurasip Journal on Wireless Communications and Networking,2011,1-19
[32] M Yildiz, J Abawajy, T Ercan, et al. A layered security approach for cloud computinginfrastructure[C]. Proceedings of the10th International Symposium on Pervasive Systems,Algorithms, and Networks, Kaohsiung, China,2009,763-767
[33] J Arshad, P Townend, J Xu. Quantification of security for compute intensive workloads inclouds[C]. Proceedings of the15th International Conference on Parallel and DistributedSystems, Shenzhen, China,2009,479-486
[34] Zhuo Hao, Sheng Zhong, Nenghai Yu. A privacy-preserving remote data integrity checkingprotocol with data dynamics and public verifiability[J]. IEEE Transactions on Knowledge andData Engineering,2011,23(9):1432-1437
[35]季一木,康家邦,潘俏羽,等.一种云计算安全模型与架构设计研究[J].信息网络安全,2012,11(06):6-8
[36] R Uhlig, G Neiger, D Rodgers, et al. Intel virtualization technology[J]. Computer,2005,38(5):48–56
[37]薛海峰,卿斯汉,张焕国.XEN虚拟机分析[J].系统仿真学报,2007,19(23):5556-5569
[38] Kevin Sloan, Security in a virtualized world[J]. Network Security,2009,15-18
[39] M Rosenblum, T Gargnkel. Virtual machine monitors: Current technology and future trends[J].Computer,2005,38(5):39–47
[40] S J Young, H P Jong. Visual trustworthy monitoring system (v-TMS) for behavior of trustedcomputing[J]. Journal of Internet Technology,2010,731-741
[41] Z Song, J Molina, C Strong. Trusted anonymous execution: a model to raise trust in cloud[C].Proceedings of the9th International Conference on Grid and Cooperative Computing, Nanjing,China,2010,133–138
[42] Huanan Liu, Shiqing Wang. The analysis and design of trusted computing applied into cloud[C].Proceedings of the2012IEEE Control and System Graduate Research Colloquium, Shah Alam,Malaysia,2012,5–9
[43] N Santos, K P Gummadi, R Rodrigues. Towards trusted cloud computing[J]. In USENIX HotCloud,2009,23-27
[44]张润莲,武小年,周胜源,等.一种基于实体行为风险评估的信任模型[J].计算机学报,2009,32(04):688-698
[45]陈幼雷.可信计算模型及体系结构研究[D].武汉:武汉大学,2006,58-70
[46]黄强.基于可信计算的终端安全体系结构研究[D].武汉:海军工程大学,2007,48-60
[47] G Wei, X Zhou, H Zhang. A trusted computing model based on code authorization[C].Proceedings of the2008International Symposiums on Information Processing, Washington, DC,USA,2008,495–499
[48]赵佳.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980
[49]李小将,师俊芳,梅栾芳,等.嵌入式可信终端的信任链模型研究[J].计算机应用与软件,2010,27(10):55-57
[50] K K Tae, S S Hee. A trust model using fuzzy logic in wireless sensor network[J]. Journal ofWorld Academy of Science, Engineering and Technology,2008,42(13):63-66
[51]李焕洲,林宏刚,张健,等.可信计算中完整性度量模型研究[J].四川大学学报(工程科学版),2008,40(11):150-153
[52]宋成.可信计算平台中若干关键技术研究[D].北京:北京邮电大学,2011,71-82
[53]王曙霞,王因传.Windows可信计算实现研究[J].计算机与数字工程,2011,39(5):100-104
[54] A Seshadri, M Luk, N Qu, et al. A tiny hypervisor to provide lifetime kernel code integrity forcommodity OSes[C]. Proceedings of the21st Symposium on Operating Systems Principles,New York, USA,2007,335–350
[55] Fan He, Jing Len, Huanguo Zhang. Evolutionary testing of trusted computing supportingsoftware based on genetic algorithms[C]. Proceedings of the2008International Symposium onKnowledge Acquisition and Modeling, Wuhan, China,2008,713-717
[56] J E Smith, R Nair. The architecture of virtual machines[J]. Computer,2005,38(5):32–38
[57] X Jiang, X Wang, D Xu. Stealthy malware detection through VMM-based out-of-the-boxsemantic view reconstruction[J]. Computer and Communications Security,2007,128–138
[58] T Garfinkel, B Pfaff, J Chow, et al. Terra: a virtual machine-based platform for trustedcomputing[C]. Proceedings of the19th ACM Symposium on Operating Systems Principles,Bolton Landing,USA,2003,193–206
[59] Q C Xian, W Han, M W Su, et al. Seamless virtual machine live migration on network securityenhanced hypervisor[C]. Proceedings of the2nd IEEE International Conference on BroadbandNetwork Multimedia Technology, Beijing, China,2009,847–853
[60] F Stumpf, C Eckert. Enhancing trusted platform modules with hardware-based virtualizationtechniques[C]. Proceedings of the Second International Conference on Emerging SecurityInformation, Systems and Technologies, Cap Esterel, France,2008,1-9
[61] M Jonathan. Flicker: an execution infrastructure for tcb minimization[C]. Proceedings of the3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, Glasgow, ScotlandUK,2008,01-04
[62] J K Lee, J C Hou. Modeling steady-state and transient behaviors of user mobility: formulation,analysis, and application[C]. Proceedings of the7th ACM international symposium on Mobilead hoc networking and computing, New York, USA,2006,85–96
[63] Z Qiang, C Dong, L W Yun, et al. The out-of-band virtualization model of network storagebased on trusted computing[C]. Proceedings of the2010Sixth International Conference inNatural Computation, Yantai, China,2010,4354–4357
[64]王泽辉.基于8阶LFSR序列的可证明安全性公钥密码体制[J].中山大学学报,2008,47(5):28-32
[65]王泽辉.基于6阶LFSR序列的可证明安全性公钥密码体制[J].计算机研究与发展,2006,43(09):232-238
[66]鲍皖苏,隗云,钟普查.原始签名人匿名的代理环签名研究[J].电子与信息学报,2009,31(10):2392-2395
[67]何韦伟,季新生,刘彩霞.基于数字签名认证的IKE协议安全性分析及改进[J].计算机应用,2008,28(7):1807-1815
[68]潘雷.TPM中身份证明密钥AIK的研究[J].南京晓庄学院学报,2007,(06):72-74
[69]张志勇,裴庆祺,杨林,等.支持验证代理方的远程证明模型及其安全协议[J].西安电子科技大学学报,2009,36(01):58-63
[70]户家富,李立新.基于策略和虚拟机技术的动态远程证明框架[J].武汉大学学报,2009,55(01):45-48
[71]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报,2009,32(07):1304-1310
[72]徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制[J].软件学报,2011,22(2):339-352
[73]李莉,曾国荪,陈波.开放网络环境下的属性远程证明[J].计算机应用,2008,28(01):77-79
[74]李尚杰,贺也平,刘冬梅,等.基于属性的远程证明的隐私性分析[J].通信学报,2009,30(11):146-152
[75]胡杨建,陈兴刚,胡杨军.基于PKI/PMI属性证书的研究[J].黑龙江科技信息,2008,(31):151-154
[76]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(06):1625-1641
[77]冯登国,秦宇.一种基于TCM的属性证明协议[J].中国科学:信息科学,2010,40(02):189-199
[78] C Wang, Q Wang, K Ren, et al. Ensuring data storage security in cloud computing[C].Proceedings of the17th IEEE International Workshop on Quality of Service (IWQoS'09),Charleston, South Carolina, USA.2009,1-9
[79] C Wang, Q Wang, K Ren, et al. Privacy-preserving public auditing for data storage security incloud computing[C]. Proceedings of the29th IEEE International Conference on ComputerCommunications, San Diego, USA,2010,1-9
[80] N Ravi, C Narayanaswami, M Raghunath, et al. Towards securing pocket hard drives andportable personalities[J]. IEEE Pervasive Computing,2007,6(4):127-135
[81] Shugang Liu, An architecture of mobile internet base on cloud computing[J]. AdvancedMaterials and Engineering Materials,2012,38-41
[82] S Pearson, A Benameur. Privacy, security and trust issues arising from cloud computing[C].Proceedings of the Second International Conference on Cloud Computing Technology andScience (CloudCom), Indianapolis, India,2010,693–702
[83] Khan K M, Malluhi Q. Establishing trust in cloud computing[J]. IT Professional,2010,12(5):20-27
[84] K Xiong, H Perros. Service performance and analysis in cloud computing[C]. Proceedings ofthe2009World Conference on Services-I, Los Angeles, USA,2009,693–700
[85] M Alam, M Nauman, X Zhang, et al. Behavioral attestation for business processes[C].Proceedings of the2009IEEE International Conference on Web Services, Los Alamitos, USA,2009,343-350
[86] Masoom Alam, Tamleek Ali, Sanaullah Khan, et al. Analysis of existing remote attestationtechniques[J]. Security and Communication Networks,2012,5(9),1062-1082
[87] M Smith, M Schmidt, N Fallenbeck, et al. Secure on-demand grid computing[J]. Journal ofFuture Generation Computer Systems,2009,25(3):315–325
[88] A Imad, M Alawneh. Secure information sharing for grid computing[J]. Security andCommunication Networks,2010,486-502
[89] V Vijayakumar, S D WahidaBanu, J Abawajy. Novel mechanism for evaluating feedback in thegrid environment on resource allocation[C]. Proceedings of the2010International Conferenceon Grid Computing and Applications, Las Vegas, USA,2010,12-15
[90] Zhidong Shen, Xiaoping Wu. The protection for private keys in distributed computing systemenabled by trusted computing platform[C]. Proceedings of the2010International Conferenceon Computer Design and Applications, Qinhuangdao, China,2010,576-580
[91] A Iliev, S W Smith. Protecting client privacy with trusted computing at the server[J]. Security&Privacy,2005,3(2):20-28
[92] R Jason, M Juan, N Gonzalez, et al. Privacy and trusted computing[C]. Proceedings of the14thInternational Workshop on Database and Expert Systems Applications, Prague, Czech Republic,2003,383-388
[93]刘宏伟,卫国斌.可信计算在VPN中的应用[J].计算机应用,2006,26(12):2935-2937
[94]武小平,赵波,张焕国.基于TPM硬件的移动Agent安全模型研究[J].计算机科学,2008,35(10):86-89
[95] Thomas Winkler, Bernhard Rinner. Securing embedded smart cameras with trustedcomputing[J]. Eurasip Journal on Wireless Communications and Networking,2011,45-54
[96]赵佳.可信认证关键技术研究[D].北京:北京交通大学,2008,43-52
[97]肖政,韩英,刘小杰,等.基于可信计算平台的接入认证模型和OIAP授权协议的研究与应用[J].小型微型计算机系统,2007,28(08):1397-1401
[98] R Sandhu, K Ranganathan, X Zhang. Secure information sharing enabled by trusted computingand PEI models[C]. Proceedings of the ACM Symposium on Information, Computer, andCommunication Security, Lake Tahoe, USA,2006,272-283
[99] P A Loscocco, P W Wilson, J A Pendergrass, et al. Linux kernel integrity measurement usingcontextual inspection[C]. Proceedings of the2nd ACM Workshop on Scalable TrustedComputing, New York, USA,2007:21-29
[100]邢剑锋,王鹏飞,沈松.基于虚拟机的可信云计算平台研究与设计[J].微型机与应用,2010,(16):75-77
[101] B Sotomayor, R S Montero, I M Llorente, et al. Virtual infrastructure management in privateand hybrid clouds[J]. IEEE Internet Computing,2009,13(1):14–22
[102] C Y Liu, M Feng, X J Dai, et al. A new algorithm of backward cloud[J]. Journal of SystemSimulation,2004,16(11):2417-2420
[103]林宏刚.可信网络连接若干关键技术研究[D].成都:四川大学,2006,62-71
[104] M Luk, G Mezzour, A Perrig, et al. Minisec: a secure sensor network communicationarchitecture[C]. Proceedings of the6th international conference on Information processing insensor networks, New York, USA,2007,479–488
[105] Liu He, Yongzheng Zhang, Yu Zong. Research on management of USB storage device basedon trusted network connect architectures[J]. Microcomputer information,2008,24(53):90-92
[106] S Song. Trusted P2P transactions with fuzzy reputation aggregation[J]. IEEE InternetComputing,2005,9(6):24–34
[107] R Zhou, K Wang. Power trust: a robust and scalable reputation system for trusted peer-to-peercomputing[J]. IEEE Trans. Parallel and Distributed Systems,2007,460–473
[108] Yanjiang Yang, Jianying Zhou, Robert, et al. Better security enforcement in trusted computingenabled heterogeneous wireless sensor networks[J]. Security and Communication Networks,2011,11-22
[109] R Sandhu, X Zhang. Peer-to-peer access control architecture using trusted computingtechnology[C]. Proceedings of the tenth ACM symposium on Access control models andtechnologies, Stockholm, Sweden,2005,147-158
[110] G J Wang, T Y Laurence, S Kouichi. Trusted computing and communications[J]. Security andCommunication Networks,2011,1-2
[111] A Nagarajan, V Varadharajan, M Hitchens, et al. On the applicability of trusted computing indistributedauthorization using web services[C]. Proceedings of the22nd Working Conferenceon Data and Applications Security, London, UK,2008,222-237
[112] R Sailer, X Zhang, T Jaeger, et al. Designand implementation of a TCG-based integritymeasurementarchitecture[C]. Proceedings of the13th conferenceon USENIX SecuritySymposium, Berkeley, USA,2004,16–19