基于可信计算的云计算安全若干关键问题研究
|
摘要
云计算是一种新兴的计算服务方式,以其便利、经济、高可扩展性等优势,在各行业应用中快速兴起。用户通过将计算任务和数据委托给云服务商,大大减轻了用户计算和存储的负担。但与同时,这也意味着用户对自己的计算任务和数据失去了控制,因此,云计算安全问题已成为影响其发展的首要问题。本文结合可信计算技术和虚拟机技术,从云基础设施安全角度,构建了一种安全、高效、通用的基于可信计算基(TCB)的可信云计算平台(TCCP),对可信云计算平台的安全体系结构、可信云计算平台完整性度量和保护、可信云计算平台的远程证明以及可信云计算平台云用户的统一身份认证4个方面内容进行了研究,取得了以下几方面的创新性成果:
1.通过对平台完整性度量和保护方法进行全面的分析,明确提出了动态完整性保护应该建立在安全策略上的思想,为当前无法依赖于动态完整性度量方法保证系统动态完整性的局面提供了一种重要的思路。为此,基于无干扰概念提出了一种非传递无干扰可信模型,并据此提出了一种动态完整性保护模型即BIBA-BLP强制访问控制模型来实施可信云计算平台组件间的信息流控制。在此基础上,借鉴PRIMA架构的信任链构建方法,构建了一套可信云计算平台完整性保护框架,即静态完整性保护框架和动态完整性保护框架,既保证了平台启动时的静态完整性,同时又确保了平台运行时的动态完整性。在构建静态完整性保护框架时,在现有硬件和软件环境下,采用SRTM技术和DRTM技术,分别提出了一种基于TrustedGRUB和TBoot(Trusted Boot)的可信启动架构,实现了平台特权虚拟域Dom0静态信任链和动态信任链的扩展,然后在此基础上再构建出了用户虚拟域的可信启动信任链。而在构建动态完整性保护框架时,根据系统可信判断条件着重从动态完整性保护框架中可信通道的3个方面的安全要求进行了实现,包括可信通道中组件的完整性保护、虚拟域之间的访问控制以及虚拟域敏感数据的安全存储与访问。在实现可信通道组件完整性保护时,通过PTEs(Page Table Entities)的监控,保证了信道中不安全组件的动态完整性;在实现虚拟域之间的访问控制时,采用BIBA-BLP多级安全策略进行信息流控制,保证了所有虚拟域的有效隔离;而在实现虚拟域敏感数据的安全存储与访问时,采用本文提出的OOAP授权协议,确保了对受保护对象的访问都是经过授权的,并防止了现有授权协议的已知安全漏洞。上述3方面的实现满足了非传递无干扰可信的要求,达到了平台运行时可信的目标。
2.基于可信计算技术和属性签名机制提出了一种简单、安全、高效的可信云计算平台远程匿名证明协议——RAA-CCP协议。该协议不需双线性对,也不需属性证书和AIK证书,大大简化了证书的管理工作,并同时实现了计算节点的身份证明和完整性状态证明。分析和实验表明,该协议具有不可伪造性、平台身份匿名性、配置隐私保护性和抗共谋性,即使在高安全强度下也具有很高运行效率,很好地满足了云环境下远程证明的安全需求和性能需求。然后,在此基础上提出了用户虚拟域远程证明协议和vTPM移植协议。对于用户虚拟域的远程证明既证明了其所在的物理节点的可信性,同时又证明了其本身的可信性;而对于vTPM移植协议要求验证目的平台至少具有与源平台相同的安全属性,然后在保密下进行移植,保证了vTPM实例移植过程的安全和移植的目的平台的安全。
3.基于PGP信任模型和RAA-CCP协议提出了一种简单、安全、可扩展的云用户身份统一认证方案。该方案通过安全中间件的形式为各云服务提供了强安全身份认证,并能简单地实现单点登录(SSO)。方案中,根据PGP信任模型将公钥管理与用户管理结为一体,具有很强的灵活性,能满足用户数不断增长的需求,同时还能避免传统基于PKI方法中烦琐的证书管理工作;而基于RAA-CCP协议实现了无中心联盟认证,使得跨域认证不再需要权威机构的交叉认证,避免了PKI中在证书路径构造和证书链有效性检验时造成的大量计算,大大提高了联盟认证的效率。分析表明,该方案具有简单、安全、通用3大特性。并且,通过公钥环数据同步还能进一步提高方案运行效率,并实现认证服务器的自动负载均衡,很好地满足了云环境中身份认证的需求。
总之,结合可信计算和虚拟机技术构建可信云计算平台,从真正意义上建立了一个可信的云环境,为用户能真正享受到云计算带来的价值提供了保障。本文的研究成果不仅为云计算安全的研究提供了支撑,还为基于可信计算的安全技术的研究方向提供了一定的借鉴。
Cloud computing is a new computing service pattern. It is rapidly developing inindustries for its advantages such as convenience, economy, high extensibility, and etc.Customers can outsource their computations and data to cloud providers. It greatly cuts downcustomers' cost on computations and storages. However, it also means the customers get outof control of their computations and data. So cloud computing security is a vital problem thatwill affect its development. In this thesis, we proposed a secure, efficient and multipurposetrusted cloud computing platform (TCCP) based on trusted computing base (TCB) from theviewpoint of cloud infrastructure security. For this purpose, we combined trusted computingtechnologies with virtual machine technologies. We researched on the TCCP from4aspects.They were security architecture, integrity measurement and protection, remote attestation, andunified identity authentication to customers. The main contributions of this thesis are listed asfollows.
1. By rounded analyses of the methods of integrity measurement and protection, weclearly presented a thought that it should be based on security policies to achieve a dynamicintegrity protection, which provided an important idea for the current situation unable toensure the dynamic integrity of a system depending on dynamic integrity measurements.Hence, we proposed an intransitive noninterference trusted model. And then, based on it, weproposed a dynamic integrity protection model named BIBA-BLP mandatory access controlmodel to enforce information flow control between components on the TCCP. Based on theBIBA-BLP model, we proposed a suit of integrity protection frameworks used for the staticand dynamic integrity protection, referring to the method of constructing trusted chains inPRIMA. They ensured the integrity of the TCCP at boot time and runtime. For the staticintegrity protection framework, we separately proposed two trusted boot frameworks based onTrustedGRUB and TBoot (Trusted Boot), adopting SRTM and DRTM technologies underexisting hardware and software environments. They were used to do the extensions of staticand dynamic trusted chains for the privileged domain Dom0. In succession, we constructed atrusted chain for the user domain DomU. And then, for the dynamic integrity protectionframework, we implemented it mainly from3security demands of the trusted channel in it according to trusted decision conditions, including the integrity protection of components inthe trusted channel, the access control between domains, and the security storage and accessto sensitive data in domains. As for the first, we implemented it by monitoring PTEs (PageTable Entities), which ensured the dynamic integrity of insecure components in the channel.As for the second, we implemented it by adopting the multilevel security policies ofBIBA-BLP model to enforce the information flow control, which ensured the efficientseparation from domains each other. And as for the third, we implemented it by adopting anovel authorization protocol called OOAP protocol proposed in this thesis, which ensured thelegal access to all protected objects and avoided the known security leak in existingauthorization protocols. The above3implementations satisfied the trusted decision conditionsof the intransitive noninterference trusted model, and ensure the TCCP be trusted at runtime.
2. Based on trusted computing technologies and a property-based signature mechanism,we proposed an elegant, secure, efficient and anonymous remote attestation protocol toTCCPs, namely, the RAA-CCP protocol. There was a need for neither bilinear parings norproperty certificates nor AIK certificates in the protocol, which greatly simplified thecertificate managements. It concurrently achieved the identity attestation and integrity stateattestation to computing nodes. Analyses and experiments show the protocol satisfies theproperties of non-forgeability, anonymity of platform identity, protection of configurationprivacy and resistance to collusion, and has fine performance even under the strong security.It well satisfies the security and performance demands of remote attestation in cloudsurroundings. Then, based on it, we proposed a protocol of remote attestation to user domainsand a vTPM migration protocol. The remote attestation protocol attested to the physical noderunning it as well as the user domain itself. And the vTPM migration protocol required thedestination platform to at least satisfy the same security properties as ones of the sourceplatform, and then allowed the vTPM instance to be migrated by encryption. This ensured thesecurity of the migration process and the destination platform.
3. Based on the PGP trust model and the RAA-CCP protocol, we proposed an elegant,secure and scalable scheme for unified identity authentications to cloud users. The scheme iscapable to provide a strong identity authentication for all cloud services and easily achieveSingle Sign-On (SSO) by the form of a middleware. In the scheme, user managements were combined with public-key managements through the PGP model, which was very flexible forthe increase of cloud users and avoided the exhaustive certificate managements in traditionalPKI. And based on the RAA-CCP protocol, the scheme implemented an allianceauthentication without centers, which made a cross-domain authentication no longer process across-certification between CAs, and avoided massive computations when building certificatepaths and verifying the validity of certificate chains. And so it greatly raised the efficiency ofalliance authentications. Analyses show the scheme satisfies the properties of easiness,security, and universality. In addition, the scheme will be more efficient if the data inpublic-key rings keep synchronal, and at this time, the balance of loads on authenticationservers will be automatically achieved. The scheme well satisfies the demands of identityauthentications in cloud surroundings.
In short, we set up truly trusted cloud computing surroundings through combiningtrusted computing technologies with virtual machine technologies to build TCCPs, whichensures that cloud users are indeed able to enjoy the cloud computing. The achievements inthis thesis not only promote the researches on cloud computing security, but also provide areference for the work based on trusted computing.
1.通过对平台完整性度量和保护方法进行全面的分析,明确提出了动态完整性保护应该建立在安全策略上的思想,为当前无法依赖于动态完整性度量方法保证系统动态完整性的局面提供了一种重要的思路。为此,基于无干扰概念提出了一种非传递无干扰可信模型,并据此提出了一种动态完整性保护模型即BIBA-BLP强制访问控制模型来实施可信云计算平台组件间的信息流控制。在此基础上,借鉴PRIMA架构的信任链构建方法,构建了一套可信云计算平台完整性保护框架,即静态完整性保护框架和动态完整性保护框架,既保证了平台启动时的静态完整性,同时又确保了平台运行时的动态完整性。在构建静态完整性保护框架时,在现有硬件和软件环境下,采用SRTM技术和DRTM技术,分别提出了一种基于TrustedGRUB和TBoot(Trusted Boot)的可信启动架构,实现了平台特权虚拟域Dom0静态信任链和动态信任链的扩展,然后在此基础上再构建出了用户虚拟域的可信启动信任链。而在构建动态完整性保护框架时,根据系统可信判断条件着重从动态完整性保护框架中可信通道的3个方面的安全要求进行了实现,包括可信通道中组件的完整性保护、虚拟域之间的访问控制以及虚拟域敏感数据的安全存储与访问。在实现可信通道组件完整性保护时,通过PTEs(Page Table Entities)的监控,保证了信道中不安全组件的动态完整性;在实现虚拟域之间的访问控制时,采用BIBA-BLP多级安全策略进行信息流控制,保证了所有虚拟域的有效隔离;而在实现虚拟域敏感数据的安全存储与访问时,采用本文提出的OOAP授权协议,确保了对受保护对象的访问都是经过授权的,并防止了现有授权协议的已知安全漏洞。上述3方面的实现满足了非传递无干扰可信的要求,达到了平台运行时可信的目标。
2.基于可信计算技术和属性签名机制提出了一种简单、安全、高效的可信云计算平台远程匿名证明协议——RAA-CCP协议。该协议不需双线性对,也不需属性证书和AIK证书,大大简化了证书的管理工作,并同时实现了计算节点的身份证明和完整性状态证明。分析和实验表明,该协议具有不可伪造性、平台身份匿名性、配置隐私保护性和抗共谋性,即使在高安全强度下也具有很高运行效率,很好地满足了云环境下远程证明的安全需求和性能需求。然后,在此基础上提出了用户虚拟域远程证明协议和vTPM移植协议。对于用户虚拟域的远程证明既证明了其所在的物理节点的可信性,同时又证明了其本身的可信性;而对于vTPM移植协议要求验证目的平台至少具有与源平台相同的安全属性,然后在保密下进行移植,保证了vTPM实例移植过程的安全和移植的目的平台的安全。
3.基于PGP信任模型和RAA-CCP协议提出了一种简单、安全、可扩展的云用户身份统一认证方案。该方案通过安全中间件的形式为各云服务提供了强安全身份认证,并能简单地实现单点登录(SSO)。方案中,根据PGP信任模型将公钥管理与用户管理结为一体,具有很强的灵活性,能满足用户数不断增长的需求,同时还能避免传统基于PKI方法中烦琐的证书管理工作;而基于RAA-CCP协议实现了无中心联盟认证,使得跨域认证不再需要权威机构的交叉认证,避免了PKI中在证书路径构造和证书链有效性检验时造成的大量计算,大大提高了联盟认证的效率。分析表明,该方案具有简单、安全、通用3大特性。并且,通过公钥环数据同步还能进一步提高方案运行效率,并实现认证服务器的自动负载均衡,很好地满足了云环境中身份认证的需求。
总之,结合可信计算和虚拟机技术构建可信云计算平台,从真正意义上建立了一个可信的云环境,为用户能真正享受到云计算带来的价值提供了保障。本文的研究成果不仅为云计算安全的研究提供了支撑,还为基于可信计算的安全技术的研究方向提供了一定的借鉴。
Cloud computing is a new computing service pattern. It is rapidly developing inindustries for its advantages such as convenience, economy, high extensibility, and etc.Customers can outsource their computations and data to cloud providers. It greatly cuts downcustomers' cost on computations and storages. However, it also means the customers get outof control of their computations and data. So cloud computing security is a vital problem thatwill affect its development. In this thesis, we proposed a secure, efficient and multipurposetrusted cloud computing platform (TCCP) based on trusted computing base (TCB) from theviewpoint of cloud infrastructure security. For this purpose, we combined trusted computingtechnologies with virtual machine technologies. We researched on the TCCP from4aspects.They were security architecture, integrity measurement and protection, remote attestation, andunified identity authentication to customers. The main contributions of this thesis are listed asfollows.
1. By rounded analyses of the methods of integrity measurement and protection, weclearly presented a thought that it should be based on security policies to achieve a dynamicintegrity protection, which provided an important idea for the current situation unable toensure the dynamic integrity of a system depending on dynamic integrity measurements.Hence, we proposed an intransitive noninterference trusted model. And then, based on it, weproposed a dynamic integrity protection model named BIBA-BLP mandatory access controlmodel to enforce information flow control between components on the TCCP. Based on theBIBA-BLP model, we proposed a suit of integrity protection frameworks used for the staticand dynamic integrity protection, referring to the method of constructing trusted chains inPRIMA. They ensured the integrity of the TCCP at boot time and runtime. For the staticintegrity protection framework, we separately proposed two trusted boot frameworks based onTrustedGRUB and TBoot (Trusted Boot), adopting SRTM and DRTM technologies underexisting hardware and software environments. They were used to do the extensions of staticand dynamic trusted chains for the privileged domain Dom0. In succession, we constructed atrusted chain for the user domain DomU. And then, for the dynamic integrity protectionframework, we implemented it mainly from3security demands of the trusted channel in it according to trusted decision conditions, including the integrity protection of components inthe trusted channel, the access control between domains, and the security storage and accessto sensitive data in domains. As for the first, we implemented it by monitoring PTEs (PageTable Entities), which ensured the dynamic integrity of insecure components in the channel.As for the second, we implemented it by adopting the multilevel security policies ofBIBA-BLP model to enforce the information flow control, which ensured the efficientseparation from domains each other. And as for the third, we implemented it by adopting anovel authorization protocol called OOAP protocol proposed in this thesis, which ensured thelegal access to all protected objects and avoided the known security leak in existingauthorization protocols. The above3implementations satisfied the trusted decision conditionsof the intransitive noninterference trusted model, and ensure the TCCP be trusted at runtime.
2. Based on trusted computing technologies and a property-based signature mechanism,we proposed an elegant, secure, efficient and anonymous remote attestation protocol toTCCPs, namely, the RAA-CCP protocol. There was a need for neither bilinear parings norproperty certificates nor AIK certificates in the protocol, which greatly simplified thecertificate managements. It concurrently achieved the identity attestation and integrity stateattestation to computing nodes. Analyses and experiments show the protocol satisfies theproperties of non-forgeability, anonymity of platform identity, protection of configurationprivacy and resistance to collusion, and has fine performance even under the strong security.It well satisfies the security and performance demands of remote attestation in cloudsurroundings. Then, based on it, we proposed a protocol of remote attestation to user domainsand a vTPM migration protocol. The remote attestation protocol attested to the physical noderunning it as well as the user domain itself. And the vTPM migration protocol required thedestination platform to at least satisfy the same security properties as ones of the sourceplatform, and then allowed the vTPM instance to be migrated by encryption. This ensured thesecurity of the migration process and the destination platform.
3. Based on the PGP trust model and the RAA-CCP protocol, we proposed an elegant,secure and scalable scheme for unified identity authentications to cloud users. The scheme iscapable to provide a strong identity authentication for all cloud services and easily achieveSingle Sign-On (SSO) by the form of a middleware. In the scheme, user managements were combined with public-key managements through the PGP model, which was very flexible forthe increase of cloud users and avoided the exhaustive certificate managements in traditionalPKI. And based on the RAA-CCP protocol, the scheme implemented an allianceauthentication without centers, which made a cross-domain authentication no longer process across-certification between CAs, and avoided massive computations when building certificatepaths and verifying the validity of certificate chains. And so it greatly raised the efficiency ofalliance authentications. Analyses show the scheme satisfies the properties of easiness,security, and universality. In addition, the scheme will be more efficient if the data inpublic-key rings keep synchronal, and at this time, the balance of loads on authenticationservers will be automatically achieved. The scheme well satisfies the demands of identityauthentications in cloud surroundings.
In short, we set up truly trusted cloud computing surroundings through combiningtrusted computing technologies with virtual machine technologies to build TCCPs, whichensures that cloud users are indeed able to enjoy the cloud computing. The achievements inthis thesis not only promote the researches on cloud computing security, but also provide areference for the work based on trusted computing.
引文
[1] Foster I., Zhao Y., Raicu I., et al. Cloud computing and grid computing360-degreecompared[A]. Proc. of Grid Computing Environments Workshop[C]. Piscataway: IEEEComputer Society,2008
[2]冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):7183
[3] Amazon Inc. Amazon web services customer agreement [EB/OL].http://aws.amazon.com/agreement/#7,2009.10.1
[4] Ristenpart T., Tromer E., Shacham H., et al. Hey, you, get off of my cloud: Exploringinformation leakage in third-party compute clouds[A]. Proc. of the ACM Conference onComputer and Communications Security[C]. New York: ACM Press,2009:199-212
[5] Youseff L., Butrico M., Da Silva D.. Toward a unified ontology of cloud computing[A].Proc. of Grid Computing Environments Workshop[C]. Piscataway: IEEE ComputerSociety,2008
[6] Wikipedia. Cloud computing[EB/OL]. http://en.wikipedia.org/wiki/Cloud_computing,2011
[7] Mather T., Kumaraswamy S., Latif S.. Cloud Security and Privacy[M]. USA: O’ReillyMedia,2009
[8] Popovi K., Hocenski Z.. Cloud computing security issues and challenges[A]. Proc. ofthe33rd International Convention on Information and Communication Technology,Electronics and Microelectronics[C]. New York: IEEE Inc.,2010:344-349
[9] Catteddu D., Hogben G. Cloud computing: Benefits, risks and recommendations forinformation security[R]. Europe: European Network and Information Security Agency(ENISA),2009
[10]Brunette G., Mogull R.. Security guidance for critical areas of focus in cloud computingv2.1[R]. Cloud Security Alliance (CSA),2009
[11]Hubbard D., Sutton M.. Top threats to cloud computing v1.0[R]. Cloud Security Alliance(CSA),2010
[12]Curry S., Darbyshire J., Fisher D.W., et al. Infrastructure security: Getting to the bottomof compliance in the cloud [R]. USA: RSA Security Brief,2010
[13]黄瑛,石文昌.云基础设施安全性研究综述[J].计算机科学,2011,38(7):24-30
[14]房晶,吴昊,白松林.云计算的虚拟化安全问题[J].电信科学,2012,28(4):135-140
[15]杨健,汪海航,王剑,等.云计算安全问题研究综述[J].小型微型计算机系统,2012,33(3):472-478
[16]Secunia. Secunia Advisory SA37081[EB/OL]. http://secunia.com/advisories/37081/,2009
[17]Secunia. Secunia Advisory SA36389[EB/OL]. http://secunia.com/advisories/36389/,2009
[18]Tavis O.. An empirical study into the security exposure to hosts of hostile virtualizedenvironments[R]. USA: Google,2010
[19]Kortchinsky, Kostya.[EB/OL]. http://www.immunityinc.com/documentation/cloudburst-vista.html,2011
[20]King S.T., Chen P.M., Wang Yi-Min, et al. Sub Virt: Implementing malware with virtualmachines[A]. Proc. of the2006IEEE Symposium on Security and Privacy[C].Piscataway: IEEE Computer Society,2006:314-327
[21]Brandic I., Dustdar S., Anstett T., et al. Compliant Cloud Computing (C3): Architectureand language support for user-driven compliance management in clouds[A]. Proc. of the3rd IEEE International Conference on Cloud Computing[C]. Piscataway: IEEEComputer Society,2010:244-251
[22]Kandukuri B.R., Ramakrishna P.V., Rakshit A.. Cloud security issues[A]. Proc. of the2009IEEE International Conference on Services Computing[C]. Piscataway: IEEEComputer Society,2009:517-520
[23]De Chaves S.A., Westphall C.B., Lamin F.R.. SLA perspective in security managementfor cloud computing[A]. Proc. of the6th International Conference on Networking andServices[C]. Piscataway: IEEE Computer Society,2010:212-217
[24]Gentry C.. A fully homorphic encryption scheme[D]. California: Stanford University,2009
[25]Sadeghi A.R., Schneider T., Winandy M.. Token-based cloud computing: Secureoutsourcing of data and arbitrary computations with lower latency[A]. LNCS6101: Proc.of the3rd International Conference on Trust and Trustworthy Computing[G]. Heidelberg:Springer-Verlag,2010:417-429
[26]Jensen M., Sch ge S., Schwenk J.. Towards an anonymous access control andaccountability scheme for cloud computing[A]. Proc. of the3rd International Conferenceon Cloud Computing[C]. Piscataway: IEEE Computer Society,2010:540-541
[27]Itani W., Kayssi A., Chehab A.. Privacy as a service: Privacy-aware data storage andprocessing in cloud computing architectures [A]. Proc. of the8th IEEE InternationalSymposium on Dependable, Autonomic and Secure Computing[C]. Piscataway: IEEEComputer Society,2009:711-716
[28]Echeverria V., Liebrock L.M., Shin D.. Permission management system: Permission as aservice in cloud computing[A]. Proc. of the34th Annual IEEE International ComputerSoftware and Applications Conference Workshops[C]. Piscataway: IEEE ComputerSociety,2010:371-375
[29]Kirch J.. Virtual machine security guidelines[R]. The Center for Internet Security,2007
[30]Seitz L., Pierson J., Brunie L.. Key management for encrypted data storage in distributedsystems[A]. Proc. of the2th IEEE International Security in Storage Workshop[C].Piscataway: IEEE Computer Society,2003:20-31
[31]Huang Jian-Zhong, Xie Chang-Sheng, Cai Bin. Research and implement of an encryptedfile system used to NAS[A]. Proc. of the2th IEEE International Security in StorageWorkshop[C]. Piscataway: IEEE Computer Society,2003:73
[32]Roy I., Setty S.T.V., Kilzer A., et al. Airavat: Security and privacy for MapReduce[A].Proc. of the7th USENIX Symposium on Networked Systems Design andImplementation[C]. Berkeley: USENIX Association,2010:297-312
[33]Mowbray M., Pearson S.. A client-based privacy manager for cloud computing[A]. Proc.of the4th International ICST Conference on Communication System Software andMiddleware[C]. New York: ACM,2009:5
[34]Pearson S., Shen Y., Mowbray M.. A privacy manager for cloud computing[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G]. Heidelberg:Springer-Verlag,2009:90-106
[35]Muntés-Mulero V., Nin J.. Privacy and anonymization for very large datasets[A]. Proc. ofthe18th ACM International Conference on Information and Knowledge Management[C].NewYork: ACM Press,2009:2117-2118
[36]Raykova M., Vo B., Bellovin S.M., et al. Secure anonymous database search[A]. Proc. ofthe2009ACM Workshop on Cloud Computing Security, Co-Located with the16th ACMComputer and Communications Security Conference[C]. New York: ACM,2009:115-126
[37]Juels A., Kaliski Jr B.S.. PORs: Proofs of retrievability for large files[A]. Proc. of the14th ACM Conference on Computer and Communications Security[C]. New York: ACM,2007:584597
[38]Ateniese G., Burns R., Curtmola R., et al. Provable data possession at untrusted stores[A].Proc. of the14th ACM Conference on Computer and Communications Security[C]. NewYork: ACM,2007:598-609
[39]Ateniese G., Pietro R.D., Mancini L.V., et al. Scalable and efficient provable datapossession[A]. Proc. of the4th International Conference on Security and Privacy inCommunication Networks[C]. New York: ACM,2008
[40]Shacham H., Waters B.. Compact proofs of retrievability[A]. LNCS5350: Proc. of the14th International Conference on the Theory and Application of Cryptology andInformation Security[G]. Heidelberg: Springer-Verlag,2008:90-107
[41]Bowers K.D., Juels A., Oprea A.. Proofs of retrievability: Theory and implementation[A].Proc. of the2009ACM Workshop on Cloud Computing Security, Co-located with the16th ACM Computer and Communications Security Conference[C]. New York: ACM,2009:43-53
[42]Zeng Ke. Publicly verifiable remote data integrity[A]. LNCS5308: Proc. of the10thInternational Conference on Information and Communications Security[G]. Heidelberg:Springer-Verlag,2008:419-434
[43]Wang Qian, Wang Cong, Li Jin, et al. Enabling public verifiability and data dynamics forstorage security in cloud computing[A]. LNCS5789: Proc. of the14th EuropeanSymposium on Research in Computer Security[G]. Heidelberg: Springer-Verlag,2009:355-370
[44]Schwarz T.S.J., Miller E.L. Store, forget, and check: Using algebraic signatures to checkremotely administered storage[A]. Proc. of the26th IEEE International Conference onDistributed Computing Systems[C]. Piscataway: IEEE Computer Society,2006.12-12
[45]Carter J.L., Wegman M.N.. Universal classes of hash functions[J]. Journal of Computerand System Sciences,1979,18(2):143-154
[46]Wegman M.N., Carter J.L. New classes and applications of hash functions[A]. Proc. ofthe Annual Symposium on Foundations of Computer Science[C]. New York: IEEE Inc.,1979:175-182
[47]Yun A., Shi Chun-Hui, Kim Y.. On protecting integrity and confidentiality ofcryptographic file system for outsourced storage[A]. Proc. of the2009ACM Workshopon Cloud Computing Security, Co-Located with the16th ACM Computer andCommunications Security Conference[C]. New York: ACM,2009:6775
[48]Li Hong-Wei, Dai Yuan-Shun, Tian Ling, et al. Identity-based authentication for cloudcomputing[A]. LNCS5931: Proc. of the1st International Conference on CloudComputing[G], Heidelberg: Springer-Verlag,2009:157-166
[49]Yan Liang, Rong Chun-Ming, Zhao Gan-Sen. Strengthen cloud computing security withfederal identity management using hierarchical identity-based cryptography[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G], Heidelberg:Springer-Verlag,2009:167-177
[50]Crampton J., Martin K., Wild P.. On key assignment for hierarchical access control[A].Proc. of the19th IEEE Computer Security Foundations Workshop[C]. Piscataway: IEEEComputer Society,2006:98-111
[51]Damiani E., De Vimercati S., Foresti S., et al. An experimental evaluation of multi-keystrategies for data outsourcing[A]. IFIP232: Proc. of the IFIP TC-1122nd InternationalInformation Security Conference[G]. Heidelberg: Springer-Verlag,2007.385396
[52]Wang Wei-Chao, Li Zhi-Wei, Owens R., et al. Secure and efficient access to outsourceddata[A]. Proc. of the2009ACM Workshop on Cloud Computing Security, Co-Locatedwith the16th ACM Computer and Communications Security Conference[C]. New York:ACM,2009:55-65
[53]Goyal V., Pandey O., Sahai A., et al. Attribute-based encryption for fine-grained accesscontrol of encrypted data[A]. Proc. of the13th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2006:89-98
[54]Yu Shu-Cheng, Wang Cong, Ren Kui, et al. Achieving secure, scalable, and fine-graineddata access control in cloud computing[A]. Proc. of the29th IEEE Conference onInformation Communications[C]. Piscataway: IEEE Computer Society,2010:534-542
[55]Malek B., Miri A.. Combining attribute-based and access systems[A]. Proc. of the12thIEEE International Conference on Computational Science and Engineering:2009IEEEInternational Conference on Privacy, Security, Risk, and Trust[C]. Piscataway: IEEEComputer Society,2009:305312
[56]Ostrovsky R., Sahai A., Waters B.. Attribute-based encryption with non-monotonic accessstructures[A]. Proc. of the14th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2007.195-203
[57]Bethencourt J., Sahai A., Waters B.. Ciphertext-policy attribute-based encryption[A].Proc. of the2007IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,2007:321-334
[58]Roy S., Chuah M.. Secure data retrieval based on ciphertext policy attribute-basedencryption (CP-ABE) system for the DTNs[R]. Technical Report,2009
[59]Ibraimi L., Petkovic M., Nikova S., et al. Ciphertext-policy attribute-based thresholddecryption with flexible delegation and revocation of user attributes[R]. Centre forTelematics and Information Technology, University of Twente,2009
[60]Hu Luo-Kai, Ying Shi, Jia Xiang-Yang, et al. Towards an approach of semantic accesscontrol for cloud computing[C]. LNCS5931: Proc. of the1st International Conferenceon Cloud Computing[G], Heidelberg: Springer-Verlag,2009:145-156
[61]Bonatti P., De Capitani di Vimercati S, Samarati P.. An algebra for composing accesscontrol policies[J]. ACM Transactions on Information and System Security (TISSEC),2002,5(1):1-35
[62]Wijesekera D., Jajodia S.. A propositional policy algebra for access control[J]. ACMTransactions on Information and System Security (TISSEC),2003,6(2):286-325
[63]Agarwal S., Sprick B.. Access control for semantic web services[A]. Proc. of the IEEEInternational Conference on Web Services[C]. IEEE,2004:770-773
[64]Shafiq B., Joshi J.B.D., Bertino E., et al. Secure interoperation in a multidomainenvironment employing RBAC policies[J]. IEEE Transactions on Knowledge and DataEngineering,2005,17(11):1557-1577
[65]Sailer R., Valdez E., Jaeger T., et al. sHyper: Secure Hypervisor Approach to TrustedVirtualized Systems[R]. Yorktown Heights, NewYork: IBM Thomas J. Watson ResearchCenter,2005
[66]Murray D.G., Milos G., Hand S.. Improving Xen security through disaggregation[A]. Proc.of the4th International Conference on Virtual Execution Environments[C]. New York:ACM,2008:151-160
[67]Azab A.M., Ning P., et al. HyperSentry: enabling stealthy in-context measurement ofhypervisor integrity[A]. Proc. of the17th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2010:38-49
[68]Seshadri A., Luk M., Qu Ning, et al. SecVisor: A tiny hypervisor to provide lifetimekernel code integrity for commodity OSes[A]. Proc. of the21th ACM SIGOPSSymposium on Operating Systems Principles[C]. New York: ACM,2007:335-350
[69]Wang Zhi, Jiang Xu-Xian, Cui Wei-Dong, et al. Countering kernel rootkits withlightweight hook protection[A]. Proc. of the16th ACM Conference Computer andCommunications Security[C]. New York: ACM,2009:545-554
[70]Raj H., Nathuji R., Singh A., et al. Resource management for isolation enhanced cloudservices[A]. Proc. of the2009ACM Workshop on Cloud Computing Security,Co-Located with the16th ACM Computer and Communications Security Conference[C].New York: ACM,2009:77-84
[71]Garfinkel T., Rosenblum M.. A virtual machine introspection based architecture forintrusion detection[A]. Proc. of the10th Annual Network and Distributed SystemsSecurity Symposium[C]. The Internet Society,2003:191-206
[72]Payne B.D, Carbone M., Sharif M., et al. Lares: An architecture for secure activemonitoring using virtualization[A]. Proc. of the2008IEEE Symposiumon on Securityand Privacy[C]. New York: IEEE Inc.,2008:233-247
[73]Sharif M.I., Lee W., Cui Wei-Dong, et al. Secure in-VM monitoring using hardwarevirtualizaiton[A]. Proc. of the16th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2009:477-487
[74]Liu Qian, Weng Chuliang, Li Minglu, et al. An in-VM measuring framework forincreasing virtual machine security in clouds[J]. IEEE Security&Privacy,2010,8(6):56-62
[75]Reimer D., Thomas A., Ammous G., et al. Opening black boxes: Using semanticinformation to combat virtual machine image sprawl[A]. Proc. of the4th InternationalConference on Virtual Execution Environments[C]. New York: ACM,2008:111-120
[76]Wei Jin-Peng, Zhang Xiao-Lan, Ammons G., et al. Managing security of virtual machineimages in a cloud environment[A]. Proc. of the2009ACM Workshop on CloudComputing Security, Co-Located with the16th ACM Computer and CommunicationsSecurity Conference[C]. New York: ACM,2009:91-96
[77]Pfaff B., Garfinkel T., Rosenblum M.. Virtualization aware file systems: Getting beyondthe limitations of virtual disks[A]. Proc. of the3rd Symposium on Networked SystemsDesign&Implementation[C]. Berkeley: USENIX Association,2006:353-366
[78]Santos N., Gummadi K.P., Rodrigues R.. Towards trusted cloud computing[A]. Proc. ofthe2009Workshop on Hot Topics in Cloud Computing[C]. Berkeley: USENIXAssociation,2009:3
[79]Mao Wen-Bo. Also talking about the cloud[EB/OL].http://blog.csdn.net/wenbomao/archive/2009/03/03/3952761.aspx,2009
[80]Barham P., Dragovic B., Fraser K., et al. Xen and the art of virtualization[A]. Proc. of the19th ACM Symposium on Operating Systems Principles[C]. New York: ACM,2003:164-177
[81]Wiki Community. PV on HVM[EB/OL]. http://wiki.xen.org/wiki/PV_on_HVM,2012
[82]Common Criteria Project Sponsoring Organisation. Common criteria for informationtechnology security evaluation. ISO/IEC International Standard15408version2.1[S].Genevese: Common Criteria Project Sponsoring Organisation,1999
[83]Avizienis A., Laprie J.C., Randell B., et al. Basic concepts and taxonomy of dependableand secure computing[J]. IEEE Transactions on Dependable and Secure Computing,2004,1(1):11-33
[84]T.C.P.Alliance. TCPA design philosophies and concepts (version1.0)[EB/OL].https://www.trustedcomputinggroup.org,2001.01
[85]Trusted Computing Group. TPM main specification (1.2Edition)[EB/OL].http://www.trustedcomputinggroup.org,2005.10
[86]Nurmi D., Wolski R., Grzegorczyk C., et al. The eucalyptus open-sourcecloud-computing system[A]. Proc. of the9th IEEE/ACM International Symposium onCluster Computing and the Grid[C]. Piscataway: IEEE Computer Society,2009:124-131
[87]沈晴霓,杜虹,卿斯汉.虚拟可信平台层次化安全体系结构设计[J].北京工业大学学报,2010,36(5):605-610
[88]孟璟.基于Xen的可信虚拟机系统体系结构设计与若干关键技术研究[D].解放军信息工程大学,2008
[89]Berger S., Cáceres R., Goldman K.A., et al. vTPM: Virtualizing the trusted platformmodule[A]. Proc. of the15th USENIX Security Symposium[C]. Berkeley: USENIXAssociation,2006:305-320
[90]Selhorst M., Stüble C.. TrustedGRUB web site[EB/OL].http://projects.sirrix.com/trac/trustedgrub,2009.12
[91]GRUB-IMA[EB/OL]. http://sourceforge.jp/projects/openpts/wiki/GRUB-IMA
[92]Kauer B.. Authenticated booting for L4[EB/OL].http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf,2004
[93]Marchesini J., Smith S., Wild O., et al. Experimenting with TCPA/TCG hardware, or:How I learned to stop worrying and love the bear, Computer Science Technical ReportTR2003-476[R]. Dartmouth College,2003.12
[94]Microsoft. Secure startup-Full volume encryption: Technical overview[EB/OL].http://www.microsoft.com/whdc/system/platform/pcdesign/secure-start_tech.mspx,2005.4
[95]Arbaugh, W.A., Farber, D.J., Smith J.M.. A secure and reliable bootstrap architecture[A].Proc. of the1997IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,1997.5:65-71
[96]Sailer R., Zhang X., Jaeger T., et al. Design and Implementation of a TCG-based IntegrityMeasurement Architecture[A]. Proc. of the13th USENIX Security Symposium[C].Berkeley: USENIX Association,2004:223-238
[97]England P., Lampson B., Manferdelli J., et al. A trusted open platform[J]. Computer,2003,36(7):55-62
[98]Chang X., Xing B., Liu J., et al. LWRM: A lightweight response mechanism for TCGTOCTOU attack[A]. Proc. of the28th International Conference on PerformanceComputing and Communications[C]. Piscataway: IEEE Computer Society,2009:200-207
[99]Shi E., Perrig A., Van Doorn L.. Bind: A fine-grained attestation service for securedistributed systems[A]. Proc. of the2005IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2005:154-168
[100] Kauer B.. OSLO: Improving the security of trusted computing[A]. Proc. of the16thUSENIX security symposium[C]. Berkeley: USENIX Association,2007:6-10
[101] Trusted Boot web site[CP/OL]. http://sourceforge.net/projects/tboot/
[102] McCune J.M., Parno B.J., Perrig A., et al. Flicker: An execution infrastructure forTCB minimization[C].Proc.of the3rd ACM SIGOPS Symposium on Operating SystemsReview. New York: ACM,2008:315-328
[103] McCune J.M., Li Y., Qu N., et al. TrustVisor: Efficient TCB reduction andattestation[A]. Proc. of the2010IEEE Symposium on Security and Privacy[C]. NewYork: IEEE Inc.,2010:143-158
[104] Jaeger T., Sailer R., Shankar U.. PRIMA: policy-reduced integrity measurementarchitecture[A]. Proc. of the11th ACM symposium on Access control models andtechnologies[C]. New York: ACM,2006:19-28
[105] Loscocco P.A., Wilson P.W., Pendergrass J.A., et al. Linux kernel integritymeasurement using contextual inspection[A]. Proc. of the2007ACM workshop onScalable trusted computing[C]. New York:ACM,2007:21-29
[106] Thober M., Pendergrass J.A., McDonell C.D.. Improving coherency of runtimeintegrity measurement[A]. Proc. of the3rd ACM workshop on Scalable trustedcomputing[C]. New York:ACM,2008:51-60
[107] Davi L., Sadeghi A.R., Winandy M.. Dynamic integrity measurement and attestation:towards defense against return-oriented programming attacks[A]. Proc. of the2009ACMworkshop on Scalable trusted computing[C]. New York:ACM,2009:49-54
[108] Kil C., Sezer E.C., Azab A.M., et al. Remote attestation to dynamic system properties:Towards providing complete system integrity evidence[A]. Proc. of the2009IEEE/IFIPInternational Conference on Dependable Systems&Networks[C]. Piscataway: IEEEComputer Society,2009:115-124
[109] Datta A., Franklin J., Garg D., et al. A logic of secure systems and its application totrusted computing[A]. Proc. of the2009IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2009:221-236
[110]沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166
[111]张兴,黄强,沈昌祥.一种基于无干扰模型的信任链传递分析方法[J].计算机学报,2010,33(1):74-81
[112]赵佳,沈昌祥,刘吉强,等.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980
[113]张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型[J].通信学报,2009,30(3):6-11
[114]李晓勇,韩臻,沈昌祥. Windows环境下信任链传递及其性能分析[J].计算机研究与发展,2007,44(11):1889-1895
[115] Peng Guo-Jun, Pan Xuan-Chen, Fu Jian-Ming, et al. Static extracting method ofsoftware intended behavior based on API functions invoking[J]. Wuhan UniversityJournal of Natural Sciences,2008,13(5):615-620
[116] Peng Guo-Jun, Pan Xuan-Chen, Zhang Huan-Guo, et al. Dynamic trustinessauthentication framework based on software’s behavior integrity[A]. Proc. of the9thInternational Conference for Young Computer Scientists[C]. Piscataway: IEEE ComputerSociety,2008:2283-2288
[117]张焕国,严飞,傅建明,等.可信计算平台测评理论与关键技术研究[J].中国科学:信息科学,2010,40(2):167-188
[118]徐明迪,张焕国,赵恒,等.可信计算平台信任链安全性分析[J].计算机学报,2010,33(7):1165-1176
[119]刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879
[120] Ryan P.Y.A., Schneider S.A.. Process algebra and non-interference[J]. Journal ofComputer Security,2001,9(1):75-103
[121]张相锋,孙玉芳. Biba模型中严格完整性政策的动态实施.计算机研究与发展.2005,42(5):746-754
[122]石文昌,梁洪亮,孙玉芳.主体当前敏感标记动态确定方案研究.电子学报,2001,29(8):1046-1049
[123]黄勇,陈小平,陈文智,等.支持动态调节的保密性和完整性统一模型.浙江大学学报(工学版),2009,43(8):1377-382
[124]邢彬.虚拟域可信链的设计与实现[D].北京交通大学,2009
[125]刘谦.面向云计算的虚拟机系统安全研究[D].上海交通大学,2012
[126] Zhang Xing,Zhang Xiao-Fei,Shen Chang-Xiang. A new authorization protocol fortrusted computing[A]. Proc. of1st International Symposium on Data,Privacy andE-Commerce[C]. Piscataway: IEEE Computer Society,2007:185-190
[127]刘皖,谭明,陈兴蜀.TPM的两个主要密码授权协议的安全性分析与改进[J].计算机科学,2008,35(3):271-273
[128]梁敏,常朝稳.虚拟化环境中TPM对象访问授权协议分析与改进[J].小型微型计算机系统,2012,33(7):1450-1456
[129] Sadeghi A.R., Stuble C.. Property-based attestation for computing platforms: Caringabout properties, not mechanisms[A]. Proc. of the2004Workshop on New SecurityParadigms[C]. New York: ACM,2004:67-77
[130] Rivest R.L., Shamir A., Tauman Y.. How to leak a secret[A]. LNCS2248: AsiaCrypt2001[G]. Heidelberg: Springer-Verlag,2001:552-565
[131] Feng Deng-Guo, Qin Yu. A property-based attestation protocol for TCM[J]. Sciencein China: Series F Information Sciences,2010,53(3):454-464
[132] Brickell E., Camenisch J., Chen Li-Qun. Direct anonymous attestation[EB/OL].http://eprini.iacr.org/2004/205,2004.10
[133]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报,2009.7,32(7):1304-1310
[134] Chen Li-Qun, L hr H., Manulis M., et al. Property-based attestation without a trustedthird party[A]. Proc. of the11th International Conference on Information Security[C].Heidelberg: Springer-Verlag,2008:31-46
[135] Brickell E., Chen Li-Qun, Li Jiang-Tao. A new direct anonymous attestation schemefrom bilinear maps[A]. LNCS4968:Trusted Computing-Challenges and Applications[G].Heidelberg: Springer-Verlag,2008:166-178
[136] Chen Li-Qun, Page D., Smart N.P. On the design and implementation of an efficientDAA scheme[A]. Proc. of the9th IFIP Conference on Smart Card Research andAdvanced Application[C]. Heidelberg: Springer-Verlag,2010:223-237
[137] Brickell E., Li Jiang-Tao. A pairing-based DAA scheme further reducing TPMresources[A]. Proc. of the3rd International Conference on Trust and TrustworthyComputing[C]. Heidelberg: Springer-Verlag,2010:181-195
[138] Chen Li-Qun. A DAA scheme requiring less TPM resources[A]. Proc. of the5thInternational Conference on Information Security and Cryptology[C]. Heidelberg:Springer-Verlag,2011:350-365
[139] Haldar V., Chandra D., Franz M.. Semantic remote attestation: A virtual machinedirected approach to trusted computing[A]. Proc. of the3rd virtual machine research andtechnology symposium[C]. Berkeley: USENIX Association,2004:29-41
[140]徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制[J].软件学报,2011.2,22(2):330-352
[141] Kühn U., Selhorst M., Stüble C.. Realizing property-based attestation and sealingwith commonly available hard-and software[A]. Proc. of the2007ACM workshop onScalable Trusted Computing[C]. New York: ACM,2007:50-57
[142]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1641
[143] Wang Wen-Qiang, Chen Shao-Zhen. An Efficient Attribute-Based Ring SignatureScheme[A]. Proc of the2009International Forum on Computer Science-Technology andApplications[C]. Piscataway: IEEE Computer Society,2009:147-150
[144]罗东俊,张军.一种基于属性环签名的高效匿名证明协议[J].计算机应用研究,2012,29(9):3470-3474
[145] Hu Lei. Compression of Tate pairings on elliptic curves[J]. Journal ofSoftware,2007,18(7):17991805
[146] Lynn B.. On the implementation of pairing-based cryptosystems[D]. Stanford:Stanford University,2007
[147] Lynn B.. The pairing-based cryptography library [EB/OL].http://crypto.stanford.edu/pbc/times.html,2006
[148] Berger S., Kenneth, Sailer R.. vTPM: virtualizing the trusted platformmodule[EB/OL]. http://www.citeseer.ist.psu.edu,2007
[149] Sampath R., Goel D.. RATING: Rigorous assessment of trust in identitymanagement[A]. Proc. of the1st International Conference on Availability, Reliability andSecurity[C]. Piscataway: IEEE Computer Society,2006:10-19
[150] Choi D., Jin S.H., Yoon H.. Trust management for user-centric identity managementon the internet[A]. Proc. of the2007IEEE International Symposium on ConsumerElectronics[C]. Piscataway: IEEE Computer Society,2007:1-4
[151] J sang A., Fabre J., Hay B., et al. Trust requirements in identity management[A].Proc. of the2005Australasian Workshop on Grid Computing and E-Research-Volume44[C]. Australian Computer Society, Inc.,2005:99-108
[152] Mizuno S., Yamada K., Takahashi K.. Authentication using multiple communicationchannels[A]. Proc. of the2005workshop on Digital Identity Management[C]. New York:ACM Press,2005:54-62
[153] J sang A., Zomai M.A., Suriadi S.. Usability and privacy in identity managementarchitectures[A]. Proc. of the5th Australasian Symposium on ACSW Frontiers-Volume68[C]. Australian Computer Society, Inc.,2007:143-152
[154] Madsen P., Koga Y., Takahashi K.. Federated identity management for protectingusers from ID theft[A]. Proc. of the2005Workshop on Digital Identity Management[C].New York: ACM,2005:77-83
[155] Bhargav-Spantzel A., Squicciarini A.C., Bertino E.. Establishing and protectingdigital identity in federation systems[J]. Journal of Computer Security,2006,14(3):269-300
[156] Goodrich M.T., Tamassia R., Yao D.. Notarized federated ID management andauthentication[J]. Journal of Computer Security,2008,16(4):399-418
[157] Hughes J., Cantor S., Hodges J., et al. Profiles for the OASIS Security AssertionMarkup Language (SAML) V2.0[R]. OASIS Stantard,2005
[158] Lockhart H., Andersen S., Bohren J., et al. Web services federation language(WS-Federation) Version1.1[R]. Web Services Security Specification,2006
[159] Hodges J., Watson T.. Liberty Architecture Overview[R]. Liberty Alliance Project,2003
[160] Recordon D., Reed D.. OpenID2.0: a platform for user-centric identitymanagement[A]. Proc. of the2nd ACM Workshop on Digital Identity Management[C].New York: ACM,2006:11-16
[161] van Delft B., Oostdijk M.. A security analysis of OpenID[A].IFIP343: Policies andResearch in Identity Management[G]. Heidelberg: Springer-Verlag,2010:73-84
[162] William S.. Cryptography and Network Security: Principles and Practices (ThirdEdition)[M].北京:电子工业出版社,2004
[163]罗东俊.一种面向Web Services的安全中间件[J].哈尔滨工业大学学报,2009,41(9):218-221
[164]姚瑶,王兴伟.基于一致性哈希的Web跨域认证优化方案[J].东北师大学报:自然科学版,2013(2):55-60
[165] Adams C., Lloyd S.. Understanding PKI: concepts, standards, and deploymentconsiderations[M]. Addison-Wesley Professional,2003
[2]冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):7183
[3] Amazon Inc. Amazon web services customer agreement [EB/OL].http://aws.amazon.com/agreement/#7,2009.10.1
[4] Ristenpart T., Tromer E., Shacham H., et al. Hey, you, get off of my cloud: Exploringinformation leakage in third-party compute clouds[A]. Proc. of the ACM Conference onComputer and Communications Security[C]. New York: ACM Press,2009:199-212
[5] Youseff L., Butrico M., Da Silva D.. Toward a unified ontology of cloud computing[A].Proc. of Grid Computing Environments Workshop[C]. Piscataway: IEEE ComputerSociety,2008
[6] Wikipedia. Cloud computing[EB/OL]. http://en.wikipedia.org/wiki/Cloud_computing,2011
[7] Mather T., Kumaraswamy S., Latif S.. Cloud Security and Privacy[M]. USA: O’ReillyMedia,2009
[8] Popovi K., Hocenski Z.. Cloud computing security issues and challenges[A]. Proc. ofthe33rd International Convention on Information and Communication Technology,Electronics and Microelectronics[C]. New York: IEEE Inc.,2010:344-349
[9] Catteddu D., Hogben G. Cloud computing: Benefits, risks and recommendations forinformation security[R]. Europe: European Network and Information Security Agency(ENISA),2009
[10]Brunette G., Mogull R.. Security guidance for critical areas of focus in cloud computingv2.1[R]. Cloud Security Alliance (CSA),2009
[11]Hubbard D., Sutton M.. Top threats to cloud computing v1.0[R]. Cloud Security Alliance(CSA),2010
[12]Curry S., Darbyshire J., Fisher D.W., et al. Infrastructure security: Getting to the bottomof compliance in the cloud [R]. USA: RSA Security Brief,2010
[13]黄瑛,石文昌.云基础设施安全性研究综述[J].计算机科学,2011,38(7):24-30
[14]房晶,吴昊,白松林.云计算的虚拟化安全问题[J].电信科学,2012,28(4):135-140
[15]杨健,汪海航,王剑,等.云计算安全问题研究综述[J].小型微型计算机系统,2012,33(3):472-478
[16]Secunia. Secunia Advisory SA37081[EB/OL]. http://secunia.com/advisories/37081/,2009
[17]Secunia. Secunia Advisory SA36389[EB/OL]. http://secunia.com/advisories/36389/,2009
[18]Tavis O.. An empirical study into the security exposure to hosts of hostile virtualizedenvironments[R]. USA: Google,2010
[19]Kortchinsky, Kostya.[EB/OL]. http://www.immunityinc.com/documentation/cloudburst-vista.html,2011
[20]King S.T., Chen P.M., Wang Yi-Min, et al. Sub Virt: Implementing malware with virtualmachines[A]. Proc. of the2006IEEE Symposium on Security and Privacy[C].Piscataway: IEEE Computer Society,2006:314-327
[21]Brandic I., Dustdar S., Anstett T., et al. Compliant Cloud Computing (C3): Architectureand language support for user-driven compliance management in clouds[A]. Proc. of the3rd IEEE International Conference on Cloud Computing[C]. Piscataway: IEEEComputer Society,2010:244-251
[22]Kandukuri B.R., Ramakrishna P.V., Rakshit A.. Cloud security issues[A]. Proc. of the2009IEEE International Conference on Services Computing[C]. Piscataway: IEEEComputer Society,2009:517-520
[23]De Chaves S.A., Westphall C.B., Lamin F.R.. SLA perspective in security managementfor cloud computing[A]. Proc. of the6th International Conference on Networking andServices[C]. Piscataway: IEEE Computer Society,2010:212-217
[24]Gentry C.. A fully homorphic encryption scheme[D]. California: Stanford University,2009
[25]Sadeghi A.R., Schneider T., Winandy M.. Token-based cloud computing: Secureoutsourcing of data and arbitrary computations with lower latency[A]. LNCS6101: Proc.of the3rd International Conference on Trust and Trustworthy Computing[G]. Heidelberg:Springer-Verlag,2010:417-429
[26]Jensen M., Sch ge S., Schwenk J.. Towards an anonymous access control andaccountability scheme for cloud computing[A]. Proc. of the3rd International Conferenceon Cloud Computing[C]. Piscataway: IEEE Computer Society,2010:540-541
[27]Itani W., Kayssi A., Chehab A.. Privacy as a service: Privacy-aware data storage andprocessing in cloud computing architectures [A]. Proc. of the8th IEEE InternationalSymposium on Dependable, Autonomic and Secure Computing[C]. Piscataway: IEEEComputer Society,2009:711-716
[28]Echeverria V., Liebrock L.M., Shin D.. Permission management system: Permission as aservice in cloud computing[A]. Proc. of the34th Annual IEEE International ComputerSoftware and Applications Conference Workshops[C]. Piscataway: IEEE ComputerSociety,2010:371-375
[29]Kirch J.. Virtual machine security guidelines[R]. The Center for Internet Security,2007
[30]Seitz L., Pierson J., Brunie L.. Key management for encrypted data storage in distributedsystems[A]. Proc. of the2th IEEE International Security in Storage Workshop[C].Piscataway: IEEE Computer Society,2003:20-31
[31]Huang Jian-Zhong, Xie Chang-Sheng, Cai Bin. Research and implement of an encryptedfile system used to NAS[A]. Proc. of the2th IEEE International Security in StorageWorkshop[C]. Piscataway: IEEE Computer Society,2003:73
[32]Roy I., Setty S.T.V., Kilzer A., et al. Airavat: Security and privacy for MapReduce[A].Proc. of the7th USENIX Symposium on Networked Systems Design andImplementation[C]. Berkeley: USENIX Association,2010:297-312
[33]Mowbray M., Pearson S.. A client-based privacy manager for cloud computing[A]. Proc.of the4th International ICST Conference on Communication System Software andMiddleware[C]. New York: ACM,2009:5
[34]Pearson S., Shen Y., Mowbray M.. A privacy manager for cloud computing[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G]. Heidelberg:Springer-Verlag,2009:90-106
[35]Muntés-Mulero V., Nin J.. Privacy and anonymization for very large datasets[A]. Proc. ofthe18th ACM International Conference on Information and Knowledge Management[C].NewYork: ACM Press,2009:2117-2118
[36]Raykova M., Vo B., Bellovin S.M., et al. Secure anonymous database search[A]. Proc. ofthe2009ACM Workshop on Cloud Computing Security, Co-Located with the16th ACMComputer and Communications Security Conference[C]. New York: ACM,2009:115-126
[37]Juels A., Kaliski Jr B.S.. PORs: Proofs of retrievability for large files[A]. Proc. of the14th ACM Conference on Computer and Communications Security[C]. New York: ACM,2007:584597
[38]Ateniese G., Burns R., Curtmola R., et al. Provable data possession at untrusted stores[A].Proc. of the14th ACM Conference on Computer and Communications Security[C]. NewYork: ACM,2007:598-609
[39]Ateniese G., Pietro R.D., Mancini L.V., et al. Scalable and efficient provable datapossession[A]. Proc. of the4th International Conference on Security and Privacy inCommunication Networks[C]. New York: ACM,2008
[40]Shacham H., Waters B.. Compact proofs of retrievability[A]. LNCS5350: Proc. of the14th International Conference on the Theory and Application of Cryptology andInformation Security[G]. Heidelberg: Springer-Verlag,2008:90-107
[41]Bowers K.D., Juels A., Oprea A.. Proofs of retrievability: Theory and implementation[A].Proc. of the2009ACM Workshop on Cloud Computing Security, Co-located with the16th ACM Computer and Communications Security Conference[C]. New York: ACM,2009:43-53
[42]Zeng Ke. Publicly verifiable remote data integrity[A]. LNCS5308: Proc. of the10thInternational Conference on Information and Communications Security[G]. Heidelberg:Springer-Verlag,2008:419-434
[43]Wang Qian, Wang Cong, Li Jin, et al. Enabling public verifiability and data dynamics forstorage security in cloud computing[A]. LNCS5789: Proc. of the14th EuropeanSymposium on Research in Computer Security[G]. Heidelberg: Springer-Verlag,2009:355-370
[44]Schwarz T.S.J., Miller E.L. Store, forget, and check: Using algebraic signatures to checkremotely administered storage[A]. Proc. of the26th IEEE International Conference onDistributed Computing Systems[C]. Piscataway: IEEE Computer Society,2006.12-12
[45]Carter J.L., Wegman M.N.. Universal classes of hash functions[J]. Journal of Computerand System Sciences,1979,18(2):143-154
[46]Wegman M.N., Carter J.L. New classes and applications of hash functions[A]. Proc. ofthe Annual Symposium on Foundations of Computer Science[C]. New York: IEEE Inc.,1979:175-182
[47]Yun A., Shi Chun-Hui, Kim Y.. On protecting integrity and confidentiality ofcryptographic file system for outsourced storage[A]. Proc. of the2009ACM Workshopon Cloud Computing Security, Co-Located with the16th ACM Computer andCommunications Security Conference[C]. New York: ACM,2009:6775
[48]Li Hong-Wei, Dai Yuan-Shun, Tian Ling, et al. Identity-based authentication for cloudcomputing[A]. LNCS5931: Proc. of the1st International Conference on CloudComputing[G], Heidelberg: Springer-Verlag,2009:157-166
[49]Yan Liang, Rong Chun-Ming, Zhao Gan-Sen. Strengthen cloud computing security withfederal identity management using hierarchical identity-based cryptography[A]. LNCS5931: Proc. of the1st International Conference on Cloud Computing[G], Heidelberg:Springer-Verlag,2009:167-177
[50]Crampton J., Martin K., Wild P.. On key assignment for hierarchical access control[A].Proc. of the19th IEEE Computer Security Foundations Workshop[C]. Piscataway: IEEEComputer Society,2006:98-111
[51]Damiani E., De Vimercati S., Foresti S., et al. An experimental evaluation of multi-keystrategies for data outsourcing[A]. IFIP232: Proc. of the IFIP TC-1122nd InternationalInformation Security Conference[G]. Heidelberg: Springer-Verlag,2007.385396
[52]Wang Wei-Chao, Li Zhi-Wei, Owens R., et al. Secure and efficient access to outsourceddata[A]. Proc. of the2009ACM Workshop on Cloud Computing Security, Co-Locatedwith the16th ACM Computer and Communications Security Conference[C]. New York:ACM,2009:55-65
[53]Goyal V., Pandey O., Sahai A., et al. Attribute-based encryption for fine-grained accesscontrol of encrypted data[A]. Proc. of the13th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2006:89-98
[54]Yu Shu-Cheng, Wang Cong, Ren Kui, et al. Achieving secure, scalable, and fine-graineddata access control in cloud computing[A]. Proc. of the29th IEEE Conference onInformation Communications[C]. Piscataway: IEEE Computer Society,2010:534-542
[55]Malek B., Miri A.. Combining attribute-based and access systems[A]. Proc. of the12thIEEE International Conference on Computational Science and Engineering:2009IEEEInternational Conference on Privacy, Security, Risk, and Trust[C]. Piscataway: IEEEComputer Society,2009:305312
[56]Ostrovsky R., Sahai A., Waters B.. Attribute-based encryption with non-monotonic accessstructures[A]. Proc. of the14th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2007.195-203
[57]Bethencourt J., Sahai A., Waters B.. Ciphertext-policy attribute-based encryption[A].Proc. of the2007IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,2007:321-334
[58]Roy S., Chuah M.. Secure data retrieval based on ciphertext policy attribute-basedencryption (CP-ABE) system for the DTNs[R]. Technical Report,2009
[59]Ibraimi L., Petkovic M., Nikova S., et al. Ciphertext-policy attribute-based thresholddecryption with flexible delegation and revocation of user attributes[R]. Centre forTelematics and Information Technology, University of Twente,2009
[60]Hu Luo-Kai, Ying Shi, Jia Xiang-Yang, et al. Towards an approach of semantic accesscontrol for cloud computing[C]. LNCS5931: Proc. of the1st International Conferenceon Cloud Computing[G], Heidelberg: Springer-Verlag,2009:145-156
[61]Bonatti P., De Capitani di Vimercati S, Samarati P.. An algebra for composing accesscontrol policies[J]. ACM Transactions on Information and System Security (TISSEC),2002,5(1):1-35
[62]Wijesekera D., Jajodia S.. A propositional policy algebra for access control[J]. ACMTransactions on Information and System Security (TISSEC),2003,6(2):286-325
[63]Agarwal S., Sprick B.. Access control for semantic web services[A]. Proc. of the IEEEInternational Conference on Web Services[C]. IEEE,2004:770-773
[64]Shafiq B., Joshi J.B.D., Bertino E., et al. Secure interoperation in a multidomainenvironment employing RBAC policies[J]. IEEE Transactions on Knowledge and DataEngineering,2005,17(11):1557-1577
[65]Sailer R., Valdez E., Jaeger T., et al. sHyper: Secure Hypervisor Approach to TrustedVirtualized Systems[R]. Yorktown Heights, NewYork: IBM Thomas J. Watson ResearchCenter,2005
[66]Murray D.G., Milos G., Hand S.. Improving Xen security through disaggregation[A]. Proc.of the4th International Conference on Virtual Execution Environments[C]. New York:ACM,2008:151-160
[67]Azab A.M., Ning P., et al. HyperSentry: enabling stealthy in-context measurement ofhypervisor integrity[A]. Proc. of the17th ACM Conference on Computer andCommunications Security[C]. New York: ACM,2010:38-49
[68]Seshadri A., Luk M., Qu Ning, et al. SecVisor: A tiny hypervisor to provide lifetimekernel code integrity for commodity OSes[A]. Proc. of the21th ACM SIGOPSSymposium on Operating Systems Principles[C]. New York: ACM,2007:335-350
[69]Wang Zhi, Jiang Xu-Xian, Cui Wei-Dong, et al. Countering kernel rootkits withlightweight hook protection[A]. Proc. of the16th ACM Conference Computer andCommunications Security[C]. New York: ACM,2009:545-554
[70]Raj H., Nathuji R., Singh A., et al. Resource management for isolation enhanced cloudservices[A]. Proc. of the2009ACM Workshop on Cloud Computing Security,Co-Located with the16th ACM Computer and Communications Security Conference[C].New York: ACM,2009:77-84
[71]Garfinkel T., Rosenblum M.. A virtual machine introspection based architecture forintrusion detection[A]. Proc. of the10th Annual Network and Distributed SystemsSecurity Symposium[C]. The Internet Society,2003:191-206
[72]Payne B.D, Carbone M., Sharif M., et al. Lares: An architecture for secure activemonitoring using virtualization[A]. Proc. of the2008IEEE Symposiumon on Securityand Privacy[C]. New York: IEEE Inc.,2008:233-247
[73]Sharif M.I., Lee W., Cui Wei-Dong, et al. Secure in-VM monitoring using hardwarevirtualizaiton[A]. Proc. of the16th ACM Conference on Computer and CommunicationsSecurity[C]. New York: ACM,2009:477-487
[74]Liu Qian, Weng Chuliang, Li Minglu, et al. An in-VM measuring framework forincreasing virtual machine security in clouds[J]. IEEE Security&Privacy,2010,8(6):56-62
[75]Reimer D., Thomas A., Ammous G., et al. Opening black boxes: Using semanticinformation to combat virtual machine image sprawl[A]. Proc. of the4th InternationalConference on Virtual Execution Environments[C]. New York: ACM,2008:111-120
[76]Wei Jin-Peng, Zhang Xiao-Lan, Ammons G., et al. Managing security of virtual machineimages in a cloud environment[A]. Proc. of the2009ACM Workshop on CloudComputing Security, Co-Located with the16th ACM Computer and CommunicationsSecurity Conference[C]. New York: ACM,2009:91-96
[77]Pfaff B., Garfinkel T., Rosenblum M.. Virtualization aware file systems: Getting beyondthe limitations of virtual disks[A]. Proc. of the3rd Symposium on Networked SystemsDesign&Implementation[C]. Berkeley: USENIX Association,2006:353-366
[78]Santos N., Gummadi K.P., Rodrigues R.. Towards trusted cloud computing[A]. Proc. ofthe2009Workshop on Hot Topics in Cloud Computing[C]. Berkeley: USENIXAssociation,2009:3
[79]Mao Wen-Bo. Also talking about the cloud[EB/OL].http://blog.csdn.net/wenbomao/archive/2009/03/03/3952761.aspx,2009
[80]Barham P., Dragovic B., Fraser K., et al. Xen and the art of virtualization[A]. Proc. of the19th ACM Symposium on Operating Systems Principles[C]. New York: ACM,2003:164-177
[81]Wiki Community. PV on HVM[EB/OL]. http://wiki.xen.org/wiki/PV_on_HVM,2012
[82]Common Criteria Project Sponsoring Organisation. Common criteria for informationtechnology security evaluation. ISO/IEC International Standard15408version2.1[S].Genevese: Common Criteria Project Sponsoring Organisation,1999
[83]Avizienis A., Laprie J.C., Randell B., et al. Basic concepts and taxonomy of dependableand secure computing[J]. IEEE Transactions on Dependable and Secure Computing,2004,1(1):11-33
[84]T.C.P.Alliance. TCPA design philosophies and concepts (version1.0)[EB/OL].https://www.trustedcomputinggroup.org,2001.01
[85]Trusted Computing Group. TPM main specification (1.2Edition)[EB/OL].http://www.trustedcomputinggroup.org,2005.10
[86]Nurmi D., Wolski R., Grzegorczyk C., et al. The eucalyptus open-sourcecloud-computing system[A]. Proc. of the9th IEEE/ACM International Symposium onCluster Computing and the Grid[C]. Piscataway: IEEE Computer Society,2009:124-131
[87]沈晴霓,杜虹,卿斯汉.虚拟可信平台层次化安全体系结构设计[J].北京工业大学学报,2010,36(5):605-610
[88]孟璟.基于Xen的可信虚拟机系统体系结构设计与若干关键技术研究[D].解放军信息工程大学,2008
[89]Berger S., Cáceres R., Goldman K.A., et al. vTPM: Virtualizing the trusted platformmodule[A]. Proc. of the15th USENIX Security Symposium[C]. Berkeley: USENIXAssociation,2006:305-320
[90]Selhorst M., Stüble C.. TrustedGRUB web site[EB/OL].http://projects.sirrix.com/trac/trustedgrub,2009.12
[91]GRUB-IMA[EB/OL]. http://sourceforge.jp/projects/openpts/wiki/GRUB-IMA
[92]Kauer B.. Authenticated booting for L4[EB/OL].http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf,2004
[93]Marchesini J., Smith S., Wild O., et al. Experimenting with TCPA/TCG hardware, or:How I learned to stop worrying and love the bear, Computer Science Technical ReportTR2003-476[R]. Dartmouth College,2003.12
[94]Microsoft. Secure startup-Full volume encryption: Technical overview[EB/OL].http://www.microsoft.com/whdc/system/platform/pcdesign/secure-start_tech.mspx,2005.4
[95]Arbaugh, W.A., Farber, D.J., Smith J.M.. A secure and reliable bootstrap architecture[A].Proc. of the1997IEEE Symposium on Security and Privacy[C]. New York: IEEE Inc.,1997.5:65-71
[96]Sailer R., Zhang X., Jaeger T., et al. Design and Implementation of a TCG-based IntegrityMeasurement Architecture[A]. Proc. of the13th USENIX Security Symposium[C].Berkeley: USENIX Association,2004:223-238
[97]England P., Lampson B., Manferdelli J., et al. A trusted open platform[J]. Computer,2003,36(7):55-62
[98]Chang X., Xing B., Liu J., et al. LWRM: A lightweight response mechanism for TCGTOCTOU attack[A]. Proc. of the28th International Conference on PerformanceComputing and Communications[C]. Piscataway: IEEE Computer Society,2009:200-207
[99]Shi E., Perrig A., Van Doorn L.. Bind: A fine-grained attestation service for securedistributed systems[A]. Proc. of the2005IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2005:154-168
[100] Kauer B.. OSLO: Improving the security of trusted computing[A]. Proc. of the16thUSENIX security symposium[C]. Berkeley: USENIX Association,2007:6-10
[101] Trusted Boot web site[CP/OL]. http://sourceforge.net/projects/tboot/
[102] McCune J.M., Parno B.J., Perrig A., et al. Flicker: An execution infrastructure forTCB minimization[C].Proc.of the3rd ACM SIGOPS Symposium on Operating SystemsReview. New York: ACM,2008:315-328
[103] McCune J.M., Li Y., Qu N., et al. TrustVisor: Efficient TCB reduction andattestation[A]. Proc. of the2010IEEE Symposium on Security and Privacy[C]. NewYork: IEEE Inc.,2010:143-158
[104] Jaeger T., Sailer R., Shankar U.. PRIMA: policy-reduced integrity measurementarchitecture[A]. Proc. of the11th ACM symposium on Access control models andtechnologies[C]. New York: ACM,2006:19-28
[105] Loscocco P.A., Wilson P.W., Pendergrass J.A., et al. Linux kernel integritymeasurement using contextual inspection[A]. Proc. of the2007ACM workshop onScalable trusted computing[C]. New York:ACM,2007:21-29
[106] Thober M., Pendergrass J.A., McDonell C.D.. Improving coherency of runtimeintegrity measurement[A]. Proc. of the3rd ACM workshop on Scalable trustedcomputing[C]. New York:ACM,2008:51-60
[107] Davi L., Sadeghi A.R., Winandy M.. Dynamic integrity measurement and attestation:towards defense against return-oriented programming attacks[A]. Proc. of the2009ACMworkshop on Scalable trusted computing[C]. New York:ACM,2009:49-54
[108] Kil C., Sezer E.C., Azab A.M., et al. Remote attestation to dynamic system properties:Towards providing complete system integrity evidence[A]. Proc. of the2009IEEE/IFIPInternational Conference on Dependable Systems&Networks[C]. Piscataway: IEEEComputer Society,2009:115-124
[109] Datta A., Franklin J., Garg D., et al. A logic of secure systems and its application totrusted computing[A]. Proc. of the2009IEEE Symposium on Security and Privacy[C].New York: IEEE Inc.,2009:221-236
[110]沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166
[111]张兴,黄强,沈昌祥.一种基于无干扰模型的信任链传递分析方法[J].计算机学报,2010,33(1):74-81
[112]赵佳,沈昌祥,刘吉强,等.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980
[113]张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型[J].通信学报,2009,30(3):6-11
[114]李晓勇,韩臻,沈昌祥. Windows环境下信任链传递及其性能分析[J].计算机研究与发展,2007,44(11):1889-1895
[115] Peng Guo-Jun, Pan Xuan-Chen, Fu Jian-Ming, et al. Static extracting method ofsoftware intended behavior based on API functions invoking[J]. Wuhan UniversityJournal of Natural Sciences,2008,13(5):615-620
[116] Peng Guo-Jun, Pan Xuan-Chen, Zhang Huan-Guo, et al. Dynamic trustinessauthentication framework based on software’s behavior integrity[A]. Proc. of the9thInternational Conference for Young Computer Scientists[C]. Piscataway: IEEE ComputerSociety,2008:2283-2288
[117]张焕国,严飞,傅建明,等.可信计算平台测评理论与关键技术研究[J].中国科学:信息科学,2010,40(2):167-188
[118]徐明迪,张焕国,赵恒,等.可信计算平台信任链安全性分析[J].计算机学报,2010,33(7):1165-1176
[119]刘孜文,冯登国.基于可信计算的动态完整性度量架构[J].电子与信息学报,2010,32(4):875-879
[120] Ryan P.Y.A., Schneider S.A.. Process algebra and non-interference[J]. Journal ofComputer Security,2001,9(1):75-103
[121]张相锋,孙玉芳. Biba模型中严格完整性政策的动态实施.计算机研究与发展.2005,42(5):746-754
[122]石文昌,梁洪亮,孙玉芳.主体当前敏感标记动态确定方案研究.电子学报,2001,29(8):1046-1049
[123]黄勇,陈小平,陈文智,等.支持动态调节的保密性和完整性统一模型.浙江大学学报(工学版),2009,43(8):1377-382
[124]邢彬.虚拟域可信链的设计与实现[D].北京交通大学,2009
[125]刘谦.面向云计算的虚拟机系统安全研究[D].上海交通大学,2012
[126] Zhang Xing,Zhang Xiao-Fei,Shen Chang-Xiang. A new authorization protocol fortrusted computing[A]. Proc. of1st International Symposium on Data,Privacy andE-Commerce[C]. Piscataway: IEEE Computer Society,2007:185-190
[127]刘皖,谭明,陈兴蜀.TPM的两个主要密码授权协议的安全性分析与改进[J].计算机科学,2008,35(3):271-273
[128]梁敏,常朝稳.虚拟化环境中TPM对象访问授权协议分析与改进[J].小型微型计算机系统,2012,33(7):1450-1456
[129] Sadeghi A.R., Stuble C.. Property-based attestation for computing platforms: Caringabout properties, not mechanisms[A]. Proc. of the2004Workshop on New SecurityParadigms[C]. New York: ACM,2004:67-77
[130] Rivest R.L., Shamir A., Tauman Y.. How to leak a secret[A]. LNCS2248: AsiaCrypt2001[G]. Heidelberg: Springer-Verlag,2001:552-565
[131] Feng Deng-Guo, Qin Yu. A property-based attestation protocol for TCM[J]. Sciencein China: Series F Information Sciences,2010,53(3):454-464
[132] Brickell E., Camenisch J., Chen Li-Qun. Direct anonymous attestation[EB/OL].http://eprini.iacr.org/2004/205,2004.10
[133]刘吉强,赵佳,赵勇.可信计算中远程自动匿名证明的研究[J].计算机学报,2009.7,32(7):1304-1310
[134] Chen Li-Qun, L hr H., Manulis M., et al. Property-based attestation without a trustedthird party[A]. Proc. of the11th International Conference on Information Security[C].Heidelberg: Springer-Verlag,2008:31-46
[135] Brickell E., Chen Li-Qun, Li Jiang-Tao. A new direct anonymous attestation schemefrom bilinear maps[A]. LNCS4968:Trusted Computing-Challenges and Applications[G].Heidelberg: Springer-Verlag,2008:166-178
[136] Chen Li-Qun, Page D., Smart N.P. On the design and implementation of an efficientDAA scheme[A]. Proc. of the9th IFIP Conference on Smart Card Research andAdvanced Application[C]. Heidelberg: Springer-Verlag,2010:223-237
[137] Brickell E., Li Jiang-Tao. A pairing-based DAA scheme further reducing TPMresources[A]. Proc. of the3rd International Conference on Trust and TrustworthyComputing[C]. Heidelberg: Springer-Verlag,2010:181-195
[138] Chen Li-Qun. A DAA scheme requiring less TPM resources[A]. Proc. of the5thInternational Conference on Information Security and Cryptology[C]. Heidelberg:Springer-Verlag,2011:350-365
[139] Haldar V., Chandra D., Franz M.. Semantic remote attestation: A virtual machinedirected approach to trusted computing[A]. Proc. of the3rd virtual machine research andtechnology symposium[C]. Berkeley: USENIX Association,2004:29-41
[140]徐梓耀,贺也平,邓灵莉.一种保护隐私的高效远程验证机制[J].软件学报,2011.2,22(2):330-352
[141] Kühn U., Selhorst M., Stüble C.. Realizing property-based attestation and sealingwith commonly available hard-and software[A]. Proc. of the2007ACM workshop onScalable Trusted Computing[C]. New York: ACM,2007:50-57
[142]秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1641
[143] Wang Wen-Qiang, Chen Shao-Zhen. An Efficient Attribute-Based Ring SignatureScheme[A]. Proc of the2009International Forum on Computer Science-Technology andApplications[C]. Piscataway: IEEE Computer Society,2009:147-150
[144]罗东俊,张军.一种基于属性环签名的高效匿名证明协议[J].计算机应用研究,2012,29(9):3470-3474
[145] Hu Lei. Compression of Tate pairings on elliptic curves[J]. Journal ofSoftware,2007,18(7):17991805
[146] Lynn B.. On the implementation of pairing-based cryptosystems[D]. Stanford:Stanford University,2007
[147] Lynn B.. The pairing-based cryptography library [EB/OL].http://crypto.stanford.edu/pbc/times.html,2006
[148] Berger S., Kenneth, Sailer R.. vTPM: virtualizing the trusted platformmodule[EB/OL]. http://www.citeseer.ist.psu.edu,2007
[149] Sampath R., Goel D.. RATING: Rigorous assessment of trust in identitymanagement[A]. Proc. of the1st International Conference on Availability, Reliability andSecurity[C]. Piscataway: IEEE Computer Society,2006:10-19
[150] Choi D., Jin S.H., Yoon H.. Trust management for user-centric identity managementon the internet[A]. Proc. of the2007IEEE International Symposium on ConsumerElectronics[C]. Piscataway: IEEE Computer Society,2007:1-4
[151] J sang A., Fabre J., Hay B., et al. Trust requirements in identity management[A].Proc. of the2005Australasian Workshop on Grid Computing and E-Research-Volume44[C]. Australian Computer Society, Inc.,2005:99-108
[152] Mizuno S., Yamada K., Takahashi K.. Authentication using multiple communicationchannels[A]. Proc. of the2005workshop on Digital Identity Management[C]. New York:ACM Press,2005:54-62
[153] J sang A., Zomai M.A., Suriadi S.. Usability and privacy in identity managementarchitectures[A]. Proc. of the5th Australasian Symposium on ACSW Frontiers-Volume68[C]. Australian Computer Society, Inc.,2007:143-152
[154] Madsen P., Koga Y., Takahashi K.. Federated identity management for protectingusers from ID theft[A]. Proc. of the2005Workshop on Digital Identity Management[C].New York: ACM,2005:77-83
[155] Bhargav-Spantzel A., Squicciarini A.C., Bertino E.. Establishing and protectingdigital identity in federation systems[J]. Journal of Computer Security,2006,14(3):269-300
[156] Goodrich M.T., Tamassia R., Yao D.. Notarized federated ID management andauthentication[J]. Journal of Computer Security,2008,16(4):399-418
[157] Hughes J., Cantor S., Hodges J., et al. Profiles for the OASIS Security AssertionMarkup Language (SAML) V2.0[R]. OASIS Stantard,2005
[158] Lockhart H., Andersen S., Bohren J., et al. Web services federation language(WS-Federation) Version1.1[R]. Web Services Security Specification,2006
[159] Hodges J., Watson T.. Liberty Architecture Overview[R]. Liberty Alliance Project,2003
[160] Recordon D., Reed D.. OpenID2.0: a platform for user-centric identitymanagement[A]. Proc. of the2nd ACM Workshop on Digital Identity Management[C].New York: ACM,2006:11-16
[161] van Delft B., Oostdijk M.. A security analysis of OpenID[A].IFIP343: Policies andResearch in Identity Management[G]. Heidelberg: Springer-Verlag,2010:73-84
[162] William S.. Cryptography and Network Security: Principles and Practices (ThirdEdition)[M].北京:电子工业出版社,2004
[163]罗东俊.一种面向Web Services的安全中间件[J].哈尔滨工业大学学报,2009,41(9):218-221
[164]姚瑶,王兴伟.基于一致性哈希的Web跨域认证优化方案[J].东北师大学报:自然科学版,2013(2):55-60
[165] Adams C., Lloyd S.. Understanding PKI: concepts, standards, and deploymentconsiderations[M]. Addison-Wesley Professional,2003