无干扰可信模型及可信平台体系结构实现研究
|
摘要
Hyposys系统。是一个分布式的计算机信息系统,由分布很广的若干个网络节点组成,上面运行着多个专用业务软件,这些业务软件运行过程中,生成大量的文件和数据库需要进行严格的访问控制,该系统内部安全程度要求很高,但又不得不连接到互联网,这样,系统成为攻击和渗透的重点对象,因此系统从BIOS、操作系统到终端、服务器,再到网络采用了种种安全措施解决系统的安全问题,即便如此,系统依然面临着来自内部的非法篡改和来自外部病毒木马干扰等一系列重大安全问题。针对这一应用背景,本文主要探讨利用可信计算达到系统运行可信目标,研究保障系统安全运行的可信平台的模型和体系结构。
首先借鉴无干扰安全策略模型,提出了一种适用于可信计算平台系统设计的理论模型----基于进程的无干扰可信模型(NITM),该模型将系统抽象为进程、操作、状态和输出,形式化地定义了进程运行可信,利用逻辑推理方法获得了系统达到运行可信所需满足的三条性质,结果隔离性、单步隔离性和无干扰隔离性,便于将模型映射到实际系统。
依据无干扰可信模型,提出了以可信根为核心支撑的可信平台体系结构,将密码机制融入到计算机体系结构的设计之中,给出可信计算平台体系结构的总体实现框架。基本思路是以密码为基础实现可信功能,以可信功能支撑系统平台的无干扰可信运行,保障系统运行安全。以可信平台控制模块为信任根,实现可信度量根、可信报告根和可信存储根,以这三个信任根为基础实现可信管道,实现应用与TPCM之间的交互,在此基础上,利用密码协议和相关命令形成一个不受其它进程干扰的运算管道,保证经过管道的输出结果预期,由此提出无干扰可信管道的工程模型,并用计算不可区分性证明了无干扰可信管道被干扰的概率可以归结为密码破译,从而将无干扰理论向工程应用推进了一步。然后分章节描述了可信平台体系结构的各个关键部分,包括可信平台密码方案、可信平台控制模块、可信平台基础支撑软件。
本文基本思路是以密码为基础实现可信计算功能,支撑系统可信运行,保障系统安全。以可信平台控制模块为可信根,由信任链扩展形成TCB(Trusted Computing Base),由可信管道实现不同层面TCB无缝连接,使TCB不受其它实体干扰。TCB扩展实质上将系统与安全相关的功能基于可信根实现,从而大大减少了TCB的规模,更便于形式化描述、验证,并且可实现。
本文是笔者参加多项可信计算科研项目基础上完成的,项目包括全国信安标委下达的可信计算标准研究制定任务,国家科技计划2007CB311100、2006AA01Z440等,所述工作以重大应用为背景,研究相应理论模型,提出工程模型,突破多项可信计算平台的关键技术,主要创新点如下:
第一、在理论模型方面提出了系统运行可信的判定条件,用逻辑推理和形式化方法研究系统运行可信,提出了基于进程的无干扰可信模型,该模型建立在严格的逻辑推理基础上,不依赖于安全机制和实现.任何一种符合这个模型的实现,都可以达到系统运行可信的目标。
第二、在工程模型方面提出了无干扰可信管道模型,用形式化方法描述可信管道是非传递无干扰可信模型的实例,并用计算不可区分性证明了可信管道模型被干扰的概率可以归纳为密码破译,达到无干扰要求,该工程模型可以用于可信平台体系结构的设计。
第三、改进了可信平台密码实现方案,提出双证书的平台证书管理方案,简化了平台密钥迁移;提出授权数据复用的授权数据管理方法和统一的授权协议,解决了大量授权数据管理中的同步问题,并用BAN逻辑方法分析了授权协议的安全性。
第四、提出可信平台控制模块(Trusted Platform Control Model,TPCM)设计方案,解决可信根问题。改变了TCG规范中的可信平台模块作为被动设备的思路,将可信平台模块设计为主控设备,实现了TPCM芯片对整个平台的主动控制作用。将可信根全部设计在芯片内部,使其受到强度更高的物理保护。
第五、研究可信平台基础支撑软件设计方案,提出可信监控器(TRM)模型,描述了由三个可信根为基础构成的三个可信管道,利用这些管道完成系统完整性度量、平台证实,外部实体对TPCM访问等功能,使得TCB不被篡改,不受其它实体运行干扰。
Hyposys represents a special distributed network system, which is composed of many network notes who locate in different places in a country. Firstly, a lot of important data, which must be kept secret, is produced by different bossiness software that is running in Hyposys. Secondly, Hyposys is required to connect to external network though its internal security level is very high. Accordingly, Hyposys may face many potential threats from external penetration attacks and internal compromise. To deal with these threats, a lot of security mechanisms have been deployed on BIOS, Operating System, PCs, Servers and network. However, there are still many security incidents such as internal illegal tampering and external interfering by viruses. To meet this security requirement, this paper mainly discusses the Trusted Computing technology and proposes a trusted platform model and architecture to guarantee the S is running under expectations.
Firstly, this paper proposes a theoretical model named non-interference trusted model (NITM) which uses the non-interference security policy model for reference and is suitable for designing trusted computing platform. This model abstracts the system as: process, action, state and output, and gives the formal definition of the trusted of process. Through analysis of this model, three important characters for trusted running are acquired by reasoning method, which are Output Consistency, Local Consistency, Single-step Consistency. These characters can help to conveniently map the model to actual system and valid whether the practice is trusted or not.
Based on NITM, this paper proposes trusted platform architecture and practical framework which is established on the root of trust. The basic idea is to support trusted functions by cryptography and support system trusted running without interference by trusted functions. Trusted Platform Control Model (TPCM), acting as the root of trust, achieves three important roots RTM, RTS and RTR to support a trusted tunnel for communication between applications and TPCM. Furthermore, the engineering model of trusted tunnel is proposed, the composing of which is discussed, and whose definition is described by formal method. The proposition that the trusted tunnel is an instance of intransitive no interference trusted model is proved, and the probability of the interference trusted tunnel subjecting to interference can be come down to cryptogram decryption, which is proved by computing undistinguished, thereby, the theory of no interference is advanced to engineering furthermore. The main parts of trusted platform architecture is described in this paper, including the cryptogram scheme of trusted platform, Trusted Platform Control Module, Trusted Platform Base Support Software and Trusted Platform Trusted Chain, the compatibility is discussed in the final of the paper.
The basic idea of this paper is to taking trusted computing functions as the core to guarantee system trusted running and security. TPCM acts as the root of trust, extending the trust chain to form TCB. TCB in different layers can achieve seamless connection by using trusted pipeline, which makes TCB independence from other entities. The extension of TCB realized the security function of system based on trusted root, which greatly reduced the scale of TCB, easy to describe, validate by formal method, and can be implemented.
This paper is based on a lot of trusted computing research projects that the author has participated in, including researching and setting trusted computing standards which is assigned by Information Security Standard Committee, 973 technology plan 2007CB311100, and 863 general project 2006AA01Z44 etc. The above-mentioned works take the important application as background, corresponding theoretical model is researched, engineering model is bring forward, a number of key technologies of trusted computing platform is breakthrough, the major innovation is as follows:
Firstly, in theoretical model aspect, No Interference Trusted Model based on process is proposed, the determine conditions of the trust of system operation is advanced, the trust of system operation is researched by logic reasoning and formal methods. The model is based on strict logic reasoning, independence of security mechanisms and implements. Any implement in line with the model can achieve the purpose of system operation trust.
Secondly, in engineering model aspect, No Interference Trusted Pipeline Model, trusted pipeline is described as instance of intransitive no interference trusted model by formal methods, and the proposition that the model cannot be interfered by other entities is proved by computing undistinguished, towards the design of trusted computing platform architecture.
Thirdly, trusted computing platform cryptogram model is proposed, the cryptogram implement scheme is improved, double-certificate management solution is advanced, platform key migration scheme is simplified; a new authorization protocol is presented whose security is analyzed by BAN logic method.
Fourthly, the design scheme of Trusted Platform Control Model (TPCM) is proposed, the problem of trusted root has been solved, the traditional thought that trusted platform module is considered as passive device has been changed, trusted platform module is designed as an active device, the active control of TPCM chip to the whole platform has been achieved. All of the trusted roots are imbed into the chip, which is subjected higher physical protection.
Finally, Trusted Basic Support Software design scheme is researched, Trusted Reference monitor (TRM) Model is proposed, the three cryptogram pipelines constituted by the three trusted roots is described. TCB is extended from hardware to system, until the key components of application by using the extension of trusted chain. All TCB communicate with each other through the "trusted pipe" which constituted by three trusted roots of Trusted Platform Module, the function such as system integrity measurement, platform attestation and external entities access to TPCM etc. are achieved by using of the pipelines, which can make TCB not to be tampered and interfered by other entities.
首先借鉴无干扰安全策略模型,提出了一种适用于可信计算平台系统设计的理论模型----基于进程的无干扰可信模型(NITM),该模型将系统抽象为进程、操作、状态和输出,形式化地定义了进程运行可信,利用逻辑推理方法获得了系统达到运行可信所需满足的三条性质,结果隔离性、单步隔离性和无干扰隔离性,便于将模型映射到实际系统。
依据无干扰可信模型,提出了以可信根为核心支撑的可信平台体系结构,将密码机制融入到计算机体系结构的设计之中,给出可信计算平台体系结构的总体实现框架。基本思路是以密码为基础实现可信功能,以可信功能支撑系统平台的无干扰可信运行,保障系统运行安全。以可信平台控制模块为信任根,实现可信度量根、可信报告根和可信存储根,以这三个信任根为基础实现可信管道,实现应用与TPCM之间的交互,在此基础上,利用密码协议和相关命令形成一个不受其它进程干扰的运算管道,保证经过管道的输出结果预期,由此提出无干扰可信管道的工程模型,并用计算不可区分性证明了无干扰可信管道被干扰的概率可以归结为密码破译,从而将无干扰理论向工程应用推进了一步。然后分章节描述了可信平台体系结构的各个关键部分,包括可信平台密码方案、可信平台控制模块、可信平台基础支撑软件。
本文基本思路是以密码为基础实现可信计算功能,支撑系统可信运行,保障系统安全。以可信平台控制模块为可信根,由信任链扩展形成TCB(Trusted Computing Base),由可信管道实现不同层面TCB无缝连接,使TCB不受其它实体干扰。TCB扩展实质上将系统与安全相关的功能基于可信根实现,从而大大减少了TCB的规模,更便于形式化描述、验证,并且可实现。
本文是笔者参加多项可信计算科研项目基础上完成的,项目包括全国信安标委下达的可信计算标准研究制定任务,国家科技计划2007CB311100、2006AA01Z440等,所述工作以重大应用为背景,研究相应理论模型,提出工程模型,突破多项可信计算平台的关键技术,主要创新点如下:
第一、在理论模型方面提出了系统运行可信的判定条件,用逻辑推理和形式化方法研究系统运行可信,提出了基于进程的无干扰可信模型,该模型建立在严格的逻辑推理基础上,不依赖于安全机制和实现.任何一种符合这个模型的实现,都可以达到系统运行可信的目标。
第二、在工程模型方面提出了无干扰可信管道模型,用形式化方法描述可信管道是非传递无干扰可信模型的实例,并用计算不可区分性证明了可信管道模型被干扰的概率可以归纳为密码破译,达到无干扰要求,该工程模型可以用于可信平台体系结构的设计。
第三、改进了可信平台密码实现方案,提出双证书的平台证书管理方案,简化了平台密钥迁移;提出授权数据复用的授权数据管理方法和统一的授权协议,解决了大量授权数据管理中的同步问题,并用BAN逻辑方法分析了授权协议的安全性。
第四、提出可信平台控制模块(Trusted Platform Control Model,TPCM)设计方案,解决可信根问题。改变了TCG规范中的可信平台模块作为被动设备的思路,将可信平台模块设计为主控设备,实现了TPCM芯片对整个平台的主动控制作用。将可信根全部设计在芯片内部,使其受到强度更高的物理保护。
第五、研究可信平台基础支撑软件设计方案,提出可信监控器(TRM)模型,描述了由三个可信根为基础构成的三个可信管道,利用这些管道完成系统完整性度量、平台证实,外部实体对TPCM访问等功能,使得TCB不被篡改,不受其它实体运行干扰。
Hyposys represents a special distributed network system, which is composed of many network notes who locate in different places in a country. Firstly, a lot of important data, which must be kept secret, is produced by different bossiness software that is running in Hyposys. Secondly, Hyposys is required to connect to external network though its internal security level is very high. Accordingly, Hyposys may face many potential threats from external penetration attacks and internal compromise. To deal with these threats, a lot of security mechanisms have been deployed on BIOS, Operating System, PCs, Servers and network. However, there are still many security incidents such as internal illegal tampering and external interfering by viruses. To meet this security requirement, this paper mainly discusses the Trusted Computing technology and proposes a trusted platform model and architecture to guarantee the S is running under expectations.
Firstly, this paper proposes a theoretical model named non-interference trusted model (NITM) which uses the non-interference security policy model for reference and is suitable for designing trusted computing platform. This model abstracts the system as: process, action, state and output, and gives the formal definition of the trusted of process. Through analysis of this model, three important characters for trusted running are acquired by reasoning method, which are Output Consistency, Local Consistency, Single-step Consistency. These characters can help to conveniently map the model to actual system and valid whether the practice is trusted or not.
Based on NITM, this paper proposes trusted platform architecture and practical framework which is established on the root of trust. The basic idea is to support trusted functions by cryptography and support system trusted running without interference by trusted functions. Trusted Platform Control Model (TPCM), acting as the root of trust, achieves three important roots RTM, RTS and RTR to support a trusted tunnel for communication between applications and TPCM. Furthermore, the engineering model of trusted tunnel is proposed, the composing of which is discussed, and whose definition is described by formal method. The proposition that the trusted tunnel is an instance of intransitive no interference trusted model is proved, and the probability of the interference trusted tunnel subjecting to interference can be come down to cryptogram decryption, which is proved by computing undistinguished, thereby, the theory of no interference is advanced to engineering furthermore. The main parts of trusted platform architecture is described in this paper, including the cryptogram scheme of trusted platform, Trusted Platform Control Module, Trusted Platform Base Support Software and Trusted Platform Trusted Chain, the compatibility is discussed in the final of the paper.
The basic idea of this paper is to taking trusted computing functions as the core to guarantee system trusted running and security. TPCM acts as the root of trust, extending the trust chain to form TCB. TCB in different layers can achieve seamless connection by using trusted pipeline, which makes TCB independence from other entities. The extension of TCB realized the security function of system based on trusted root, which greatly reduced the scale of TCB, easy to describe, validate by formal method, and can be implemented.
This paper is based on a lot of trusted computing research projects that the author has participated in, including researching and setting trusted computing standards which is assigned by Information Security Standard Committee, 973 technology plan 2007CB311100, and 863 general project 2006AA01Z44 etc. The above-mentioned works take the important application as background, corresponding theoretical model is researched, engineering model is bring forward, a number of key technologies of trusted computing platform is breakthrough, the major innovation is as follows:
Firstly, in theoretical model aspect, No Interference Trusted Model based on process is proposed, the determine conditions of the trust of system operation is advanced, the trust of system operation is researched by logic reasoning and formal methods. The model is based on strict logic reasoning, independence of security mechanisms and implements. Any implement in line with the model can achieve the purpose of system operation trust.
Secondly, in engineering model aspect, No Interference Trusted Pipeline Model, trusted pipeline is described as instance of intransitive no interference trusted model by formal methods, and the proposition that the model cannot be interfered by other entities is proved by computing undistinguished, towards the design of trusted computing platform architecture.
Thirdly, trusted computing platform cryptogram model is proposed, the cryptogram implement scheme is improved, double-certificate management solution is advanced, platform key migration scheme is simplified; a new authorization protocol is presented whose security is analyzed by BAN logic method.
Fourthly, the design scheme of Trusted Platform Control Model (TPCM) is proposed, the problem of trusted root has been solved, the traditional thought that trusted platform module is considered as passive device has been changed, trusted platform module is designed as an active device, the active control of TPCM chip to the whole platform has been achieved. All of the trusted roots are imbed into the chip, which is subjected higher physical protection.
Finally, Trusted Basic Support Software design scheme is researched, Trusted Reference monitor (TRM) Model is proposed, the three cryptogram pipelines constituted by the three trusted roots is described. TCB is extended from hardware to system, until the key components of application by using the extension of trusted chain. All TCB communicate with each other through the "trusted pipe" which constituted by three trusted roots of Trusted Platform Module, the function such as system integrity measurement, platform attestation and external entities access to TPCM etc. are achieved by using of the pipelines, which can make TCB not to be tampered and interfered by other entities.
引文
[1]沈昌祥,张焕国,冯登国,曹珍富,黄继武.信息安全综述[J],中国科学E辑:信息科学,2007Vol.37 No.2 pp.129-150
[2]张焕国,罗捷,金刚等,可信计算研究进展,武汉大学学报(理学版)[J],Vol.52,No.5,2006.
[3]沈昌祥,坚持自主创新,加速发展可信计算,计算机安全[J],2006.6.pp
[4]Trusted Computing Group.TCG Specification Architecture Overview[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/groups/TCG_1_2_Architecture_Overview.pdf.
[5]Trusted Computing Group.TPM specification version 1.2.Part 1 Design Principles[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part1_rev94.zip.
[6]Trusted Computing Group.TPM specification version 1.2.Part 2 TPM Structures[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part2_rev94.zip.
[7]Trusted Computing Group.TPM specification version 1.2.Part 3 TPM Commands[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part3_rev94.zip.
[8]Trusted Computing Group.TCG Software Stack Specification Version 1.2 Levell ErrataA[EB/OL].[2007-07-03].https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf.
[9]Trusted Computing Group.TCG PC Client Specific,Implementation Specification For Conventional BIOS[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/PCClient.
[10]邓华东,生物识别将取代“密码” 专家质疑“可信计算”,参考消息-北京参考,http://www.bjcankao.com/numbershow.asp?articleid=11881,2006.
[11]Ahmad-Reza Sadeghi,Marcel Selhorst,Christian St¨uble,Marcel Winandy,TCG Inside?AN ore on TPM Specification Compliance,1st Benelux Workshop on Information and System Security.Belgium,2006.
[12]Anti TCPA Website:http://www.petitiononline.com/antitcpa/petition.html.
[13]Trusted Computing Group.TCG Credential Profiles Specification Version 1.0 Revision 0.981 for TPM Family 1.2;Level 2.January 2006.
[14]Trusted Computing Group.Interoperability Specification for Backup and Migration Services Specification Version:1.0 Final Revision 1.0 for TPM Family 1.1b,Level 1.June,2005.
[15]J.Rushby.Noninterference,transitivity,and channel-control security policies.Technical Report,CSL-92-02,Menlo Park:Stanford Research Institute,1992.
[16]Department of Defense.Trusted Computer System Evaluation Criteria.Department of Defense Standard,CSC-STD-001-83,1983.
[17]Kent S.Protecting Externally Supplied Software in Small Computers.PhD thesis,MIT Laboratory for Computer Science,1980.
[18]White S R,Comerford L D.ABYSS:a Trusted Architecture for Software Protection.IEEE Transactions on Software Engineering,1990,vol.16(6):619-629.
[19]White S,Weingart S H,et al.Introduction to the Citadel Architecture:Security in Physically Exposed Environments.Technical Report RC16672,IBM Watson Research Center,1991.
[20]IBM PCI Cryptographic Coprocessor.http://www-03.ibm.com/security/cryptocards/pcicc/overview.shtml,20090414.
[21]IBM Coprocessor First to Earn Highest Security Validation.http://www-03.ibm.com/press/us/en/pressrelease/2347.wss,20090414.
[22]Smith S W,Palmer E R,et al.Using a High-performance,Programmable Secure Coprocessor.In Proceedings of the 2nd International Conference on Financial Cryptography,Anguilla,British West Indies,LNCS 1465,Springer-Verlag,1998:73-89.
[23]Smith S W,Austel V.Trusting Trusted Hardware:Towards a FormalModel for Programmable Secure Coprocessors.In Proceedings of the 3rd USENIX Workshop on Electronic Commerce,1998.
[24]Smith S W.Outbound Authentication for Programmable Secure Coprocessors.7th European Symposium on Research in Computer Security,Zurich Switzerland,LNCS 2502,Springer-Verlag,2002:72-89.
[25](美)Sean W.Smith著.冯登国等译.Trusted Computing Platforms:Design and Applications.(可信计算平台:设计与应用)北京:清华大学出版社,2006.10.
[26]Sean W.Smith.Trusted Computing Platforms:Design andApplications.Springer Science + Business Media,Inc.,2005.
[27]Joan G.Dyer,Mark Lindemann,Ronald Perez et al.Building the IBM 4758 Secure Coprocessor.Computer:57 - 66,October 2001.http://www.cs.dartmouth.edu/~sws/pubs/comp01.pdf.20080414.
[28]David Lie etc,Architectural support for copy and tamper resistant software,ACM SIGPLAN Notices,Volume 35,Issue 11,2002.11,pp168 - 177.
[29]David Lie,C.Thekkath,M.Mitchell et al.Architecture Support of Copy and Tamper Resistant Software.Proceedings of the 9th International Conference on Architecture Support for Programming Languages and Operating System - ASPLOS-Ⅸ,2000:168 - 177.
[30]E Suh,D.Clarker,B.Gassend,M.van Dijk,S.Devadas.AEGIS:Architecture for Tampe-Evidentand Tampe-Resistant,Processing.Proceedings of the 17th International Conference on Supercomputing,2003:160 - 171.http://csg.csail.mit.edu/pubs/memos/Memo-461/memo-461.pdf,20080330
[31]N.Stam.Inside Intel' s Secretive 'LaGrande' Project.http://www.extremetech.com/,September 2003.
[32]Intel,Trusted Execution Technology Architectural Overview,http://www.intel.com/technology/security/downloads/arch-overview.pdf,20070801.
[33]Microsoft.Microsoft Palladium:A Business Overview,August 2002.URL:http://www.microsoft.com/presspass/features/2002/ju102/0724palladiumwp.asp.June 23,2003.
[34]Microsoft.Microsoft Next-Generation Secure Computing Base-Technical FAQ.February,2003.URL:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/N GSCB.asp(May 30,2003).
[35]Microsoft,Industry Testing of Windows Vista Release Candidate 1 Begins.Press release.http://www.microsoft.com/presspass/press/2006/sep06/09-05WindowsVistaIndustryPR.ms px.20080301.
[36]Microsoft,The full list of Software Assurance benefits,including Vista features specific to Enterprise,http://www.microsoft.com/licensing/software-assurance/vista.aspx.20080301.
[37]Trusted Computing Group TCG,http://www.Trustedcomputinggroup.org/.
[38]ARM,TrustZone Technology Overview.http://www.arm.com/products/esd/trustzone_home,html
[39]Tiago Alves,Don Felton.TrustZone:Integrated Hardware and Software Security Enabling Trusted Computing in Embedded Systems.July 2004.http://www.arm.com/pdfs/TZ%20Whitepaper,pdf,20070331
[40]T.Halfhill.ARM Dons Armor:TrustZone Security Extensions Strengthen ARMv6Architecture.Microprocessor Report 8/25/03-01,August 2003.
[41]Atmel Trusted Platform Module,AT97SC3201 Summary.http://www.atmel.com/dyn/resources/prod_documents/2015s.pdf.20070330.
[42]Broadcom BCM5751M Product Brief,Integrated TPM functionality.http://www.broadcom.com/collateral/pb/5751M-PB02-R.pdf.20070330.
[43]Infineon TPM 1.2,SLB9635TT1.2,the Trusted Platform Module Solution.http://www.infineon.com/upload/Document/tpml.2_hardware-pb.pdf,20070320.
[44]National Semiconductor,Product Brief,Feb.2002,Revision 1.0,PC21100(SafeKeeper),LPC-Based TCPA-Compliant Security Controller.http://www.ortodoxism.ro/datasheets/nationalsemiconductor/PC21100.pdf.20073030.
[45]ST,ST19WP18 Trusted Platform Module(TPM) Data Brief.http://www.esic.cn/icpdf/st/ST19WP18.pdf,20070330.
[46]瑞达信息安全股份有限公司.http://www.jetsec.com.cn/,20070328.
[47]武汉大学.http://www.whu.edu.cn/,20070328.
[48]Lenovo联想研究院,安全芯片技术.http://www.lenovo2008.com/academe/product/product_6.html.20070330.
[49]兆日科技,Sinosun TPM(SSX35).http://www.sinosun.com.cn/eng/product/product113.asp.20070330
[50]长城计算机集团.http://www.greatwa11.com.cn/products/cpxx.asp,20070331.
[51]INSPUR 浪潮.http://www.langchao.com/products/channel_pc/safety_2956_3.shtml,20070330.
[52]清华同方脑.http://www.tongfangpc.com/product/comercialpc/chaoxiangg/66800.html.20070330.
[53]方正科技,http://www.foundertech.com/tabid/129/InfoID/47/Default.aspx.20070330.
[54]中兴集成电路.http://www.zteic.com/cn/index.asp.20070331.
[55]天融倌.可信网络架构TNA(Trusted Network Architecture).http://www.topsec.com.cn/index2.asp.20070330.
[56]J.A.Goguen,J.Meseguer.Security policies and security models.In:Proc.of the 1982IEEE Symposium on Security and Privacy.IEEE Computer Society Press,pages 11-20,April 1982.
[57]J.McLean.Security models and information flow.In:Proc.of 1990 IEEE Symposium on Research in Security and Privacy.IEEE Press,pages 177-186,1990.
[58]C.O'Halloran.A calculus of information flow.In:Proc.of First European Symposium on Research in Computer Security(SORICS 1990).Pages 147-159,1990.
[59]D.Sutherland.A model of information.In:Proc.of the ninth NationaI Computer Security Conference,pages 175-183,1986.
[60]J.T.Wittbold,D.M.5ohnson.Information flow in non-deterministic systems.In:Proc.of the 1990 IEEE Symposium on Research on Security and Privacy,pages 144-161,1990.
[61]V.Haldar,D.Chandra,and M.Franz.Semantic remote attestation:A virtual machine directed approach to trusted computing.In USENIX Virtual Machine Research and Technology Symposium,May 2004.also Technical Report No.03-20,School of Information and Computer Science,University of California,Irvine;October 2003.
[62]A.-R.Sadeghi and C St¨uble,Property-based attestation for computing platforms:Caring about properties,not mechanisms,In The 2004 New Security Paradigms Workshop,Virginia Beach,VA,USA,Sept.2004.
[63]J.Rushby.Noninterference,transitivity,and channel-control security policies.Technical Report,CSL-92-02,Menlo Park:Stanford Research Institute,1992
[64]J.A.Goguen,J.Meseguer.Security policies and security models.Proc.of the 1982IEEE Symposium on Security and Privacy,IEEE Computer Society Press,11-20,Apr 1982.
[65]J.McLean.Security models and information flow.In:Proc.of 1990 IEEE Symposium on Research in Security and Privacy[C].IEEE Press,pages 177-186,1990.
[66]W.R.Bevier and W.D.Young,A state-based approach to noninterference,in Proceedings of the Computer Security Formulations Workshop Ⅶ.IEEE Computer Society,1994.
[67]Daryl McCullough,Noninterference and the Composability of security properties.In Proceedings of the 1988 Symposium on Security and Privacy.IEEE,April 1988.
[68]R.Focardi,R.Gorrieri.Classification of security properties(Part Ⅰ:Information Flow).In:Foundations of Security Analysis and Design,LNCS,Vol.2171, Springer-Verlag,2001.
[69]H.Mantel.Possibilistic Definitions of Security-An Assembly Kit.in Proceedings of 13th Computer Security FoundationsWorkshop(CSFW'00),July 2000,Cambridge,England.
[70]P.Y.A.Ryan,S.A.Schneider.Process algebra andnon-interference.Journal of Computer Security,9(1,2):pages 75-103,2001.
[71]Z.Steve.Challenges for Information-flow Security.Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence (PLID' 04),2004.
[72]Trusted Information Systems,Inc.Trusted Mach System Mathematical Model.Technical Report TIS TMACH Edoc-0017-96B,pages 1-100,1996.
[73]Trusted Information Systems,Inc.Trusted Mach System Architecture.Technical Report TIS TMACH Idoc-0001-97A,pages 1-62,1997.
[74]J.Liedke.L4 Reference Manual.GMD/IBM Watson Technical Report.1996.
[75]M.Hohmuth.The Fiasco kernel,requirements definition.Technical Report ISSN 1430-211X,Dresden University Technology,Dept.Computer Science.December 1998.
[76]J.Liedke.On μ-kernel Construction.In Proceedings of Symposium on Operating System Principles(SOSP),1995.
[77]Birgit Pfitzmann,James Riordan,Christian Stuble,Michael Waidner,Arnd Weber.The PERSEUS System Architecture.IBM Technical Report NO.93381,IBM Research Division,Zurich,2001.
[78]Ahmad-Reza Sadeghi,Christian Stuble.Taming Trusted Computing by Operating System Design.Proceedings of the 4th International Workshop on Information Security Applications(WISA),Korea,2003.
[79]EMSCB,http://www.emscb.com/content/pages/49241.htm,20080405.
[80]T.Jaeger,J.Liedtke,and N.Islam.Operating system protection for fine-grained programs.In Proceedings of the 7th USENIX Security Symposium,pages 143-156,January 1998.
[81]T.Jaeger,K.Elphinstone,J.Liedke,V.Panteleenko,and Y.Park.Flexible Access Control Using IPC Redirection.IEEE,HotOS,3,1999.
[82]T.Jaeger,N.Islam,R.Anand,A.Prakash,and J.Liedtke.Flexible control of downloaded executable content.Technical Report RC 20886,IPM T.J.Watson Research Center,1997.
[83]黄强.基于可信计算的终端安全体系结构研究[D],海军工程大学,武汉.2007.HUANG Q.Secure Architecture of Terminal Based on Trusted Computing[D].Naval University of Engineering,Wuhan,2007.
[84]赵佳.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980.ZHAO J.A noninterference-based trusted chain model[J].Journal of Computer Research and Development,2008,45(6):974-980.
[85]International Standard ISO /IEC 15408[S].2001.
[86]JAEGER T,SAILER R,SHANKAR U.PRIMA:policy-reduced integrity measurement architecture[A].Proceedings of the 11th ACM Symposium on Access Control Models and Technologies(SACMAT 2006)[C].2006.
[87]R.Schell,T.F.Tao,and M.Heckman.Desingning the GEMSOS security kernel for security and performance.In 8th National Computer Security Conference,pages 108-119,Gaithersburg,MD,30 September-3 October 1985.DoD Computer Security Center and National Bureau of Standards.
[88]T.F.Lunt,P.G.Neumann,D.Denning,R.R.Schell,M.Heckman,and W.R.Shockley.Secure distributed data views-vol.1:Security policy and policy interpretation for a class Al multilevel secure.Technical Report SRI-CSL-88-8,SRI International,Menlo Park,CA,August 1988.
[89]P.A.Karger,V.Austel,and D.Toll.A new mandatory security policy combining secrecy and integrity.RC 21717,IBM Research Division,T.J.Watson Research Center,Yorktown Heights,NY,15 March 2000.URL:http://domino.watson.ibm.com/library/CyberDig.nsf/home.
[90]Henna Pietil ainen,Elliptic curve cryptography on smart cards,Master's thesis,2000.
[91]SEC 1:Elliptic Curve Cryptography,Version 1.7,Standards for Efficient Cryptography Group,2006,http://www.secg.org/index.php?action=secg.docs_draft.
[92]MILLER VS.Uses of ellip tic curves in cryp tography.WILLIAMS HC,Advances in Cryptology -CRYPTOp85[C].Springer Verlag,1986.417-426.
[93]KOBLITZ N.Ellip tic curve cryp tosystems[J].Mathematics of Computation,1987,48:203-209
[94]ANSI X9.62-1998:Public Key Cryptography for the Financial Services Industry:the Elliptic Curve Digital Signature Algorithm(ECDSA).American Bankers Association,1999.
[95]ANSI X9.63-199x:Public Key Cryptography for the Financial Services Industry:Key Agreement and Key Transport Using Elliptic Curve Cryptography.American Bankers Association,October,1999.Working Draft.
[96]IEEE P1363.Standard Specifications for Public-Key Cryptography.Institute of Electrical and Electronics Engineers,2000.
[97]Blake,Gadiel Seroussi,and Nigel Smart.Elliptic Curves in Cryptography,volume 265of London Mathematical Society Lecture Note Series.Cambridge University Press,1999.
[98]Jerry Krasner,Using Elliptic Curve Cryptography(ECC) for Enhanced Embedded Security,2004.
[99]FIPS PUB 186-3 Digital Signature Standard(DSS),March 2006.
[100]Nils Gura,Arun Patel,Arvinderpal Wander,Hans Eberle,Sheueling Chang Shantz,Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs,Sun Microsystems White Paper,Aug 2004.
[101]L.Bassham,R.Housley,andW.Polk.Representation of public keys and digital signatures in Internet X.509 public key infrastructure certificates.Internet Engineering Task Force,PKIX working group.InternetDraft.July,2000.Available from:http://www.ietf.org/
[102]Danilo B.,Lorenzo C.and Andrea L.Replay attack in TCG specification and solution//In 21th annual computer security application conference[C].Tucson,AZ,USA,2005.
[103]肖政,李景霞,刘小杰等.一种可信网络接入认证模型和改进的OSAP协议设计与研究[J].计算机科学.2006,Vol33:56-60.
[104]Mario Strasser,Heiko Stamer.TPM emulator projects[EB/OL].[2007-8-8].http://developer.berlios.de/projects/tpm-emulator/.2007.8.2.
[105]Ryan Catherman,Seiji Munetoh,Taiga Nakamura,TrouSerS - An open-source TCG Software Stack implementation[EB/OL].[2007-8-8].http://sourceforge.net/projects/trousers/.2007.8.2.
[106]Sirrix AG.TSS Study-Introduction and Analysis of the Open Source TCG Software Stack TrouSerS and Tools in its Environment[EB/OL].[2007].http://www.bsi.bund.de/literat/studien/TSS/TSS-Study_en.pdf.2008-1-2
[107]TURAYA[EB/OL],http://www.emscb.com/content/pages/turaya.htm.2007-6-2.
[108]David S,Mimi Z.A Trusted Linux C1ient(TLC)[EB/OL].IBM research 2005.http://www.acsaadmin.org/2004/workshop/David-Safford.pdf.2006-08-10.
[109]Hendrik Tews,Formal Methods in the Robin project:Specification and verification of the Nova microhypervisor,http://www.cs.ru.nl/~tews/cv07/tews-robin.pdf.June 22,2007.
[110]Ravi Sandhu,Xinwen Zhang,Kumar Ranganathan,Michael J.Covington.,"Client-Side Access Control Enforcement Using Trusted Computing and PEI Models," J.High Speed Networks,vol.15,no.3,2006,pp229-245
[111]Ravi S,Xinwen Z.Peer-to-Peer Access Control Architecture Using Trusted Computing Technology.http://profsandhu.com/confrnc/sacmat/2005-tc.pdf,2005.
[112]Lenin Singaravelu,Calton Pu,Hermann Hartig,and Christian Helmuth,Reducing TCB complexity for security-sensitive applications:three case studies,ACM SIGOPS Operating Systems Review,Volume 40,Issue 4(October 2006),Pages:161-174.
[113]Xing Zhang Ming Zhou Jun-Xi Zhuang Jian Li,Implementation of ECC-Based Trusted Platform Module[C].Machine Learning and Cybernetics,2007 Hong Kong International Conference on Volume 4,Issue,19-22 Aug.2007 Page(s):2168-2173
[114]Xing Zhang,Xiaofei Zhang,Changxiang Shen.A New Authorization Protocol for Trusted Computing[C].1st International Conference on Security Data,Privacy,and E-commerce,2007,November 1-3 2007:185-190.
[115]Xing Zhang,Lu Zhu,Sheng Yu,Improvement upon Architecture of TCG Credentials[C].//Proceedings of the seventh International Conference on Machine Learning and Cybernetics,2008.Kunming:IEEE Computer Society,2008,7(7):3673-3678.
[116]张兴,沈昌祥.一种新的可信平台控制模块设计方案[J].武汉大学学报:信息科学版,2008.Vol.33 No.10:1011-1014.
[117]张兴,张晓菲,刘毅等.一种新的授权数据管理方案[J].武汉大学学报(理学版),2007,53(5):518-522.
[118]张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型.通信学报.2009.3
[119]Xing Zhang,Chen Li,Rui-Hua Li,Dynamic Behavior Measurement based on Interactive Markov Chain[C].// International Conference on Networks Security,Wireless Communications and Trusted Computing(NSWCTC 2009),25-26 April,2009,Wuhan,Hubei,China.
[2]张焕国,罗捷,金刚等,可信计算研究进展,武汉大学学报(理学版)[J],Vol.52,No.5,2006.
[3]沈昌祥,坚持自主创新,加速发展可信计算,计算机安全[J],2006.6.pp
[4]Trusted Computing Group.TCG Specification Architecture Overview[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/groups/TCG_1_2_Architecture_Overview.pdf.
[5]Trusted Computing Group.TPM specification version 1.2.Part 1 Design Principles[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part1_rev94.zip.
[6]Trusted Computing Group.TPM specification version 1.2.Part 2 TPM Structures[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part2_rev94.zip.
[7]Trusted Computing Group.TPM specification version 1.2.Part 3 TPM Commands[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/TPM/Main_Part3_rev94.zip.
[8]Trusted Computing Group.TCG Software Stack Specification Version 1.2 Levell ErrataA[EB/OL].[2007-07-03].https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf.
[9]Trusted Computing Group.TCG PC Client Specific,Implementation Specification For Conventional BIOS[EB/OL].[2007-8-8].https://www.trustedcomputinggroup.org/specs/PCClient.
[10]邓华东,生物识别将取代“密码” 专家质疑“可信计算”,参考消息-北京参考,http://www.bjcankao.com/numbershow.asp?articleid=11881,2006.
[11]Ahmad-Reza Sadeghi,Marcel Selhorst,Christian St¨uble,Marcel Winandy,TCG Inside?AN ore on TPM Specification Compliance,1st Benelux Workshop on Information and System Security.Belgium,2006.
[12]Anti TCPA Website:http://www.petitiononline.com/antitcpa/petition.html.
[13]Trusted Computing Group.TCG Credential Profiles Specification Version 1.0 Revision 0.981 for TPM Family 1.2;Level 2.January 2006.
[14]Trusted Computing Group.Interoperability Specification for Backup and Migration Services Specification Version:1.0 Final Revision 1.0 for TPM Family 1.1b,Level 1.June,2005.
[15]J.Rushby.Noninterference,transitivity,and channel-control security policies.Technical Report,CSL-92-02,Menlo Park:Stanford Research Institute,1992.
[16]Department of Defense.Trusted Computer System Evaluation Criteria.Department of Defense Standard,CSC-STD-001-83,1983.
[17]Kent S.Protecting Externally Supplied Software in Small Computers.PhD thesis,MIT Laboratory for Computer Science,1980.
[18]White S R,Comerford L D.ABYSS:a Trusted Architecture for Software Protection.IEEE Transactions on Software Engineering,1990,vol.16(6):619-629.
[19]White S,Weingart S H,et al.Introduction to the Citadel Architecture:Security in Physically Exposed Environments.Technical Report RC16672,IBM Watson Research Center,1991.
[20]IBM PCI Cryptographic Coprocessor.http://www-03.ibm.com/security/cryptocards/pcicc/overview.shtml,20090414.
[21]IBM Coprocessor First to Earn Highest Security Validation.http://www-03.ibm.com/press/us/en/pressrelease/2347.wss,20090414.
[22]Smith S W,Palmer E R,et al.Using a High-performance,Programmable Secure Coprocessor.In Proceedings of the 2nd International Conference on Financial Cryptography,Anguilla,British West Indies,LNCS 1465,Springer-Verlag,1998:73-89.
[23]Smith S W,Austel V.Trusting Trusted Hardware:Towards a FormalModel for Programmable Secure Coprocessors.In Proceedings of the 3rd USENIX Workshop on Electronic Commerce,1998.
[24]Smith S W.Outbound Authentication for Programmable Secure Coprocessors.7th European Symposium on Research in Computer Security,Zurich Switzerland,LNCS 2502,Springer-Verlag,2002:72-89.
[25](美)Sean W.Smith著.冯登国等译.Trusted Computing Platforms:Design and Applications.(可信计算平台:设计与应用)北京:清华大学出版社,2006.10.
[26]Sean W.Smith.Trusted Computing Platforms:Design andApplications.Springer Science + Business Media,Inc.,2005.
[27]Joan G.Dyer,Mark Lindemann,Ronald Perez et al.Building the IBM 4758 Secure Coprocessor.Computer:57 - 66,October 2001.http://www.cs.dartmouth.edu/~sws/pubs/comp01.pdf.20080414.
[28]David Lie etc,Architectural support for copy and tamper resistant software,ACM SIGPLAN Notices,Volume 35,Issue 11,2002.11,pp168 - 177.
[29]David Lie,C.Thekkath,M.Mitchell et al.Architecture Support of Copy and Tamper Resistant Software.Proceedings of the 9th International Conference on Architecture Support for Programming Languages and Operating System - ASPLOS-Ⅸ,2000:168 - 177.
[30]E Suh,D.Clarker,B.Gassend,M.van Dijk,S.Devadas.AEGIS:Architecture for Tampe-Evidentand Tampe-Resistant,Processing.Proceedings of the 17th International Conference on Supercomputing,2003:160 - 171.http://csg.csail.mit.edu/pubs/memos/Memo-461/memo-461.pdf,20080330
[31]N.Stam.Inside Intel' s Secretive 'LaGrande' Project.http://www.extremetech.com/,September 2003.
[32]Intel,Trusted Execution Technology Architectural Overview,http://www.intel.com/technology/security/downloads/arch-overview.pdf,20070801.
[33]Microsoft.Microsoft Palladium:A Business Overview,August 2002.URL:http://www.microsoft.com/presspass/features/2002/ju102/0724palladiumwp.asp.June 23,2003.
[34]Microsoft.Microsoft Next-Generation Secure Computing Base-Technical FAQ.February,2003.URL:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/N GSCB.asp(May 30,2003).
[35]Microsoft,Industry Testing of Windows Vista Release Candidate 1 Begins.Press release.http://www.microsoft.com/presspass/press/2006/sep06/09-05WindowsVistaIndustryPR.ms px.20080301.
[36]Microsoft,The full list of Software Assurance benefits,including Vista features specific to Enterprise,http://www.microsoft.com/licensing/software-assurance/vista.aspx.20080301.
[37]Trusted Computing Group TCG,http://www.Trustedcomputinggroup.org/.
[38]ARM,TrustZone Technology Overview.http://www.arm.com/products/esd/trustzone_home,html
[39]Tiago Alves,Don Felton.TrustZone:Integrated Hardware and Software Security Enabling Trusted Computing in Embedded Systems.July 2004.http://www.arm.com/pdfs/TZ%20Whitepaper,pdf,20070331
[40]T.Halfhill.ARM Dons Armor:TrustZone Security Extensions Strengthen ARMv6Architecture.Microprocessor Report 8/25/03-01,August 2003.
[41]Atmel Trusted Platform Module,AT97SC3201 Summary.http://www.atmel.com/dyn/resources/prod_documents/2015s.pdf.20070330.
[42]Broadcom BCM5751M Product Brief,Integrated TPM functionality.http://www.broadcom.com/collateral/pb/5751M-PB02-R.pdf.20070330.
[43]Infineon TPM 1.2,SLB9635TT1.2,the Trusted Platform Module Solution.http://www.infineon.com/upload/Document/tpml.2_hardware-pb.pdf,20070320.
[44]National Semiconductor,Product Brief,Feb.2002,Revision 1.0,PC21100(SafeKeeper),LPC-Based TCPA-Compliant Security Controller.http://www.ortodoxism.ro/datasheets/nationalsemiconductor/PC21100.pdf.20073030.
[45]ST,ST19WP18 Trusted Platform Module(TPM) Data Brief.http://www.esic.cn/icpdf/st/ST19WP18.pdf,20070330.
[46]瑞达信息安全股份有限公司.http://www.jetsec.com.cn/,20070328.
[47]武汉大学.http://www.whu.edu.cn/,20070328.
[48]Lenovo联想研究院,安全芯片技术.http://www.lenovo2008.com/academe/product/product_6.html.20070330.
[49]兆日科技,Sinosun TPM(SSX35).http://www.sinosun.com.cn/eng/product/product113.asp.20070330
[50]长城计算机集团.http://www.greatwa11.com.cn/products/cpxx.asp,20070331.
[51]INSPUR 浪潮.http://www.langchao.com/products/channel_pc/safety_2956_3.shtml,20070330.
[52]清华同方脑.http://www.tongfangpc.com/product/comercialpc/chaoxiangg/66800.html.20070330.
[53]方正科技,http://www.foundertech.com/tabid/129/InfoID/47/Default.aspx.20070330.
[54]中兴集成电路.http://www.zteic.com/cn/index.asp.20070331.
[55]天融倌.可信网络架构TNA(Trusted Network Architecture).http://www.topsec.com.cn/index2.asp.20070330.
[56]J.A.Goguen,J.Meseguer.Security policies and security models.In:Proc.of the 1982IEEE Symposium on Security and Privacy.IEEE Computer Society Press,pages 11-20,April 1982.
[57]J.McLean.Security models and information flow.In:Proc.of 1990 IEEE Symposium on Research in Security and Privacy.IEEE Press,pages 177-186,1990.
[58]C.O'Halloran.A calculus of information flow.In:Proc.of First European Symposium on Research in Computer Security(SORICS 1990).Pages 147-159,1990.
[59]D.Sutherland.A model of information.In:Proc.of the ninth NationaI Computer Security Conference,pages 175-183,1986.
[60]J.T.Wittbold,D.M.5ohnson.Information flow in non-deterministic systems.In:Proc.of the 1990 IEEE Symposium on Research on Security and Privacy,pages 144-161,1990.
[61]V.Haldar,D.Chandra,and M.Franz.Semantic remote attestation:A virtual machine directed approach to trusted computing.In USENIX Virtual Machine Research and Technology Symposium,May 2004.also Technical Report No.03-20,School of Information and Computer Science,University of California,Irvine;October 2003.
[62]A.-R.Sadeghi and C St¨uble,Property-based attestation for computing platforms:Caring about properties,not mechanisms,In The 2004 New Security Paradigms Workshop,Virginia Beach,VA,USA,Sept.2004.
[63]J.Rushby.Noninterference,transitivity,and channel-control security policies.Technical Report,CSL-92-02,Menlo Park:Stanford Research Institute,1992
[64]J.A.Goguen,J.Meseguer.Security policies and security models.Proc.of the 1982IEEE Symposium on Security and Privacy,IEEE Computer Society Press,11-20,Apr 1982.
[65]J.McLean.Security models and information flow.In:Proc.of 1990 IEEE Symposium on Research in Security and Privacy[C].IEEE Press,pages 177-186,1990.
[66]W.R.Bevier and W.D.Young,A state-based approach to noninterference,in Proceedings of the Computer Security Formulations Workshop Ⅶ.IEEE Computer Society,1994.
[67]Daryl McCullough,Noninterference and the Composability of security properties.In Proceedings of the 1988 Symposium on Security and Privacy.IEEE,April 1988.
[68]R.Focardi,R.Gorrieri.Classification of security properties(Part Ⅰ:Information Flow).In:Foundations of Security Analysis and Design,LNCS,Vol.2171, Springer-Verlag,2001.
[69]H.Mantel.Possibilistic Definitions of Security-An Assembly Kit.in Proceedings of 13th Computer Security FoundationsWorkshop(CSFW'00),July 2000,Cambridge,England.
[70]P.Y.A.Ryan,S.A.Schneider.Process algebra andnon-interference.Journal of Computer Security,9(1,2):pages 75-103,2001.
[71]Z.Steve.Challenges for Information-flow Security.Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence (PLID' 04),2004.
[72]Trusted Information Systems,Inc.Trusted Mach System Mathematical Model.Technical Report TIS TMACH Edoc-0017-96B,pages 1-100,1996.
[73]Trusted Information Systems,Inc.Trusted Mach System Architecture.Technical Report TIS TMACH Idoc-0001-97A,pages 1-62,1997.
[74]J.Liedke.L4 Reference Manual.GMD/IBM Watson Technical Report.1996.
[75]M.Hohmuth.The Fiasco kernel,requirements definition.Technical Report ISSN 1430-211X,Dresden University Technology,Dept.Computer Science.December 1998.
[76]J.Liedke.On μ-kernel Construction.In Proceedings of Symposium on Operating System Principles(SOSP),1995.
[77]Birgit Pfitzmann,James Riordan,Christian Stuble,Michael Waidner,Arnd Weber.The PERSEUS System Architecture.IBM Technical Report NO.93381,IBM Research Division,Zurich,2001.
[78]Ahmad-Reza Sadeghi,Christian Stuble.Taming Trusted Computing by Operating System Design.Proceedings of the 4th International Workshop on Information Security Applications(WISA),Korea,2003.
[79]EMSCB,http://www.emscb.com/content/pages/49241.htm,20080405.
[80]T.Jaeger,J.Liedtke,and N.Islam.Operating system protection for fine-grained programs.In Proceedings of the 7th USENIX Security Symposium,pages 143-156,January 1998.
[81]T.Jaeger,K.Elphinstone,J.Liedke,V.Panteleenko,and Y.Park.Flexible Access Control Using IPC Redirection.IEEE,HotOS,3,1999.
[82]T.Jaeger,N.Islam,R.Anand,A.Prakash,and J.Liedtke.Flexible control of downloaded executable content.Technical Report RC 20886,IPM T.J.Watson Research Center,1997.
[83]黄强.基于可信计算的终端安全体系结构研究[D],海军工程大学,武汉.2007.HUANG Q.Secure Architecture of Terminal Based on Trusted Computing[D].Naval University of Engineering,Wuhan,2007.
[84]赵佳.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980.ZHAO J.A noninterference-based trusted chain model[J].Journal of Computer Research and Development,2008,45(6):974-980.
[85]International Standard ISO /IEC 15408[S].2001.
[86]JAEGER T,SAILER R,SHANKAR U.PRIMA:policy-reduced integrity measurement architecture[A].Proceedings of the 11th ACM Symposium on Access Control Models and Technologies(SACMAT 2006)[C].2006.
[87]R.Schell,T.F.Tao,and M.Heckman.Desingning the GEMSOS security kernel for security and performance.In 8th National Computer Security Conference,pages 108-119,Gaithersburg,MD,30 September-3 October 1985.DoD Computer Security Center and National Bureau of Standards.
[88]T.F.Lunt,P.G.Neumann,D.Denning,R.R.Schell,M.Heckman,and W.R.Shockley.Secure distributed data views-vol.1:Security policy and policy interpretation for a class Al multilevel secure.Technical Report SRI-CSL-88-8,SRI International,Menlo Park,CA,August 1988.
[89]P.A.Karger,V.Austel,and D.Toll.A new mandatory security policy combining secrecy and integrity.RC 21717,IBM Research Division,T.J.Watson Research Center,Yorktown Heights,NY,15 March 2000.URL:http://domino.watson.ibm.com/library/CyberDig.nsf/home.
[90]Henna Pietil ainen,Elliptic curve cryptography on smart cards,Master's thesis,2000.
[91]SEC 1:Elliptic Curve Cryptography,Version 1.7,Standards for Efficient Cryptography Group,2006,http://www.secg.org/index.php?action=secg.docs_draft.
[92]MILLER VS.Uses of ellip tic curves in cryp tography.WILLIAMS HC,Advances in Cryptology -CRYPTOp85[C].Springer Verlag,1986.417-426.
[93]KOBLITZ N.Ellip tic curve cryp tosystems[J].Mathematics of Computation,1987,48:203-209
[94]ANSI X9.62-1998:Public Key Cryptography for the Financial Services Industry:the Elliptic Curve Digital Signature Algorithm(ECDSA).American Bankers Association,1999.
[95]ANSI X9.63-199x:Public Key Cryptography for the Financial Services Industry:Key Agreement and Key Transport Using Elliptic Curve Cryptography.American Bankers Association,October,1999.Working Draft.
[96]IEEE P1363.Standard Specifications for Public-Key Cryptography.Institute of Electrical and Electronics Engineers,2000.
[97]Blake,Gadiel Seroussi,and Nigel Smart.Elliptic Curves in Cryptography,volume 265of London Mathematical Society Lecture Note Series.Cambridge University Press,1999.
[98]Jerry Krasner,Using Elliptic Curve Cryptography(ECC) for Enhanced Embedded Security,2004.
[99]FIPS PUB 186-3 Digital Signature Standard(DSS),March 2006.
[100]Nils Gura,Arun Patel,Arvinderpal Wander,Hans Eberle,Sheueling Chang Shantz,Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs,Sun Microsystems White Paper,Aug 2004.
[101]L.Bassham,R.Housley,andW.Polk.Representation of public keys and digital signatures in Internet X.509 public key infrastructure certificates.Internet Engineering Task Force,PKIX working group.InternetDraft.July,2000.Available from:http://www.ietf.org/
[102]Danilo B.,Lorenzo C.and Andrea L.Replay attack in TCG specification and solution//In 21th annual computer security application conference[C].Tucson,AZ,USA,2005.
[103]肖政,李景霞,刘小杰等.一种可信网络接入认证模型和改进的OSAP协议设计与研究[J].计算机科学.2006,Vol33:56-60.
[104]Mario Strasser,Heiko Stamer.TPM emulator projects[EB/OL].[2007-8-8].http://developer.berlios.de/projects/tpm-emulator/.2007.8.2.
[105]Ryan Catherman,Seiji Munetoh,Taiga Nakamura,TrouSerS - An open-source TCG Software Stack implementation[EB/OL].[2007-8-8].http://sourceforge.net/projects/trousers/.2007.8.2.
[106]Sirrix AG.TSS Study-Introduction and Analysis of the Open Source TCG Software Stack TrouSerS and Tools in its Environment[EB/OL].[2007].http://www.bsi.bund.de/literat/studien/TSS/TSS-Study_en.pdf.2008-1-2
[107]TURAYA[EB/OL],http://www.emscb.com/content/pages/turaya.htm.2007-6-2.
[108]David S,Mimi Z.A Trusted Linux C1ient(TLC)[EB/OL].IBM research 2005.http://www.acsaadmin.org/2004/workshop/David-Safford.pdf.2006-08-10.
[109]Hendrik Tews,Formal Methods in the Robin project:Specification and verification of the Nova microhypervisor,http://www.cs.ru.nl/~tews/cv07/tews-robin.pdf.June 22,2007.
[110]Ravi Sandhu,Xinwen Zhang,Kumar Ranganathan,Michael J.Covington.,"Client-Side Access Control Enforcement Using Trusted Computing and PEI Models," J.High Speed Networks,vol.15,no.3,2006,pp229-245
[111]Ravi S,Xinwen Z.Peer-to-Peer Access Control Architecture Using Trusted Computing Technology.http://profsandhu.com/confrnc/sacmat/2005-tc.pdf,2005.
[112]Lenin Singaravelu,Calton Pu,Hermann Hartig,and Christian Helmuth,Reducing TCB complexity for security-sensitive applications:three case studies,ACM SIGOPS Operating Systems Review,Volume 40,Issue 4(October 2006),Pages:161-174.
[113]Xing Zhang Ming Zhou Jun-Xi Zhuang Jian Li,Implementation of ECC-Based Trusted Platform Module[C].Machine Learning and Cybernetics,2007 Hong Kong International Conference on Volume 4,Issue,19-22 Aug.2007 Page(s):2168-2173
[114]Xing Zhang,Xiaofei Zhang,Changxiang Shen.A New Authorization Protocol for Trusted Computing[C].1st International Conference on Security Data,Privacy,and E-commerce,2007,November 1-3 2007:185-190.
[115]Xing Zhang,Lu Zhu,Sheng Yu,Improvement upon Architecture of TCG Credentials[C].//Proceedings of the seventh International Conference on Machine Learning and Cybernetics,2008.Kunming:IEEE Computer Society,2008,7(7):3673-3678.
[116]张兴,沈昌祥.一种新的可信平台控制模块设计方案[J].武汉大学学报:信息科学版,2008.Vol.33 No.10:1011-1014.
[117]张兴,张晓菲,刘毅等.一种新的授权数据管理方案[J].武汉大学学报(理学版),2007,53(5):518-522.
[118]张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型.通信学报.2009.3
[119]Xing Zhang,Chen Li,Rui-Hua Li,Dynamic Behavior Measurement based on Interactive Markov Chain[C].// International Conference on Networks Security,Wireless Communications and Trusted Computing(NSWCTC 2009),25-26 April,2009,Wuhan,Hubei,China.