网络存储安全协议研究
|
摘要
随着社会信息化程度的不断提高,各种数据以难以置信的速度急剧膨胀。网络的飞速发展推动了存储模式向以数据和网络为中心的网络存储模式快速发展。数据是用户的宝贵资源,数据的重要性决定了数据安全的重要性。网络存储安全是指在网络存储中,确保在传输过程中的数据和保存在存储设备上的数据的保密性、完整性、可用性、不可抵赖性以及整个网络存储系统的可靠的性能。
大规模高性能的海量存储系统对网络存储安全提出了新的挑战,尤其是近年来可信计算技术的产生,对网络存储安全又提出了新的要求。本文结合可证明安全与可信计算的思想,对网络存储协议进行了研究,主要成果有:
1.在网络存储系统中,服务器对用户的访问控制以及二者与存储设备间的数据安全传输是网络存储安全的基本要求。NASD存储系统的安全机制已经不能很好地满足现在的安全需求,针对这一情况,提出了一种高效的可信网络存储协议,协议只需两轮交互就实现了服务器与用户间的身份认证和密钥协商,同时在协议的第一轮交互中实现了对客户端平台身份的认证和平台完整性校验,改进了原来系统服务器遭受攻击易导致整个系统瘫痪的缺点,提高了系统的可靠性和协议的执行效率,在此基础上建立了用户与智能磁盘间的安全信道;利用CK模型证明了协议是SK安全的,用户与磁盘间的信道是安全信道,提高了系统数据的保密性、完整性和不可抵赖性。
2.针对OSD和SAN在构建海量存储系统方面的缺点,基于公钥基础设施PKI构建了一个网络存储系统,由CA标识和维护用户身份,由不同的服务器对用户进行身份认证与访问授权,改进了原系统不易大规模扩展和服务器的瓶颈缺点;给出了实现系统关键的网络存储协议,并利用CK模型对其进行了安全性分析。结果表明新系统具有高带宽、低延时、易扩展、规模大、安全性高、低成本的特点,是一个适合海量存储的系统。
3.融合异构网络存储系统是构建海量存储系统比较经济实用的方法,同时也带来了一些新的安全问题。基于NASD融合SAN为一种适合海量存储的安全网络存储系统SNS,满足高带宽、大规模、易扩展的海量存储需要。系统使用基于身份的分布式安全存储架构对多域存储系统进行融合,并给出了网络存储系统的相关协议,协议由可信接入认证协议和安全信道协议两部分组成。利用CK模型给出了协议的安全性分析,结果表明协议是SK安全的,所建立的信道是安全信道。因此,如果参与融合的每个域是安全的,那么新的网络存储系统也是安全的。
With the advance of informationization level, a variety of data expand at anincredible rate. The rapid development of network promotes the rapid development ofstorage prototype in the direction of data-centric and network-centric. Data is valuableresources for users, so the importance of data decides the importance of data security.The network storage security means that ensuring data confidentiality, integrity,availability and non-repudiation in the storage equipment or during the transmission,and ensuring the reliability of the entire network storage system.
The large-scale and high performance of mass storage system presents newchallenges to the network storage security. With the arising of trusted computingtechnology, new needs is raised for network storage security. With the thoughts oftrusted computing and provable security, we study the security of network storageprotocol. The main contributions are as follows:
1. The access control and secure data transmission among the servers, the disks andthe user are the basic security requirements for network storage. The current NASDcould not satisfy the security requirements for network storage system. Then, a provablysecure trusted protocol for NASD was proposed. The protocol achieves authentication,key agreement and secure channel within two rounds among the server, the disks andthe user. At the same time, the protocol could realize the platform authentication andplatform integrity verification in the first round of protocol interaction, which improvesthe efficiency of the protocol, and prevent the server from malicious attacks effectively.Finally, the analysis results show that the protocol is SK-secure in CK model, whichachieves data confidentiality, integrity and non-repudiation.
2. The OSD and SAN have their own disadvantage in the construction of massstorage system. Then, a network storage system based on the Public Key Infrastructurewas proposed. The user is identified and maintained by the CA. Such system will realizeauthentication and issue capabilities in different servers, which can improve theexpansibility and the bottleneck of the server for the original system. At the same time,a secure storage network protocol for the new system was proposed and analyzed byusing CK model. The results show that the new system has high bandwidth, low latency,expansibility, large-scale, high security and low cost, which is suitable for mass storagesystem.
3. Merging a variety of network storage systems is an economical and practicalmethod, but it also brings some new security issues. Then, a scheme for merging SAN and NASD into a new network storage system was proposed. Such system has highbandwidth, expansibility, large-scale, which is suitable for mass storage system. Thestorage system of multi-domain is merged by the distributed security storagearchitecture based on the identity. At the same time, a secure trusted storage networkprotocol for the new system was proposed. Such protocol is composed of twosub-network protocols, trusted access protocol and secure channel protocol. Finally, theCK model is used to analyze the security of the protocol. The results show that the newnetwork storage system will be secure if SAN and NASD are secure.
大规模高性能的海量存储系统对网络存储安全提出了新的挑战,尤其是近年来可信计算技术的产生,对网络存储安全又提出了新的要求。本文结合可证明安全与可信计算的思想,对网络存储协议进行了研究,主要成果有:
1.在网络存储系统中,服务器对用户的访问控制以及二者与存储设备间的数据安全传输是网络存储安全的基本要求。NASD存储系统的安全机制已经不能很好地满足现在的安全需求,针对这一情况,提出了一种高效的可信网络存储协议,协议只需两轮交互就实现了服务器与用户间的身份认证和密钥协商,同时在协议的第一轮交互中实现了对客户端平台身份的认证和平台完整性校验,改进了原来系统服务器遭受攻击易导致整个系统瘫痪的缺点,提高了系统的可靠性和协议的执行效率,在此基础上建立了用户与智能磁盘间的安全信道;利用CK模型证明了协议是SK安全的,用户与磁盘间的信道是安全信道,提高了系统数据的保密性、完整性和不可抵赖性。
2.针对OSD和SAN在构建海量存储系统方面的缺点,基于公钥基础设施PKI构建了一个网络存储系统,由CA标识和维护用户身份,由不同的服务器对用户进行身份认证与访问授权,改进了原系统不易大规模扩展和服务器的瓶颈缺点;给出了实现系统关键的网络存储协议,并利用CK模型对其进行了安全性分析。结果表明新系统具有高带宽、低延时、易扩展、规模大、安全性高、低成本的特点,是一个适合海量存储的系统。
3.融合异构网络存储系统是构建海量存储系统比较经济实用的方法,同时也带来了一些新的安全问题。基于NASD融合SAN为一种适合海量存储的安全网络存储系统SNS,满足高带宽、大规模、易扩展的海量存储需要。系统使用基于身份的分布式安全存储架构对多域存储系统进行融合,并给出了网络存储系统的相关协议,协议由可信接入认证协议和安全信道协议两部分组成。利用CK模型给出了协议的安全性分析,结果表明协议是SK安全的,所建立的信道是安全信道。因此,如果参与融合的每个域是安全的,那么新的网络存储系统也是安全的。
With the advance of informationization level, a variety of data expand at anincredible rate. The rapid development of network promotes the rapid development ofstorage prototype in the direction of data-centric and network-centric. Data is valuableresources for users, so the importance of data decides the importance of data security.The network storage security means that ensuring data confidentiality, integrity,availability and non-repudiation in the storage equipment or during the transmission,and ensuring the reliability of the entire network storage system.
The large-scale and high performance of mass storage system presents newchallenges to the network storage security. With the arising of trusted computingtechnology, new needs is raised for network storage security. With the thoughts oftrusted computing and provable security, we study the security of network storageprotocol. The main contributions are as follows:
1. The access control and secure data transmission among the servers, the disks andthe user are the basic security requirements for network storage. The current NASDcould not satisfy the security requirements for network storage system. Then, a provablysecure trusted protocol for NASD was proposed. The protocol achieves authentication,key agreement and secure channel within two rounds among the server, the disks andthe user. At the same time, the protocol could realize the platform authentication andplatform integrity verification in the first round of protocol interaction, which improvesthe efficiency of the protocol, and prevent the server from malicious attacks effectively.Finally, the analysis results show that the protocol is SK-secure in CK model, whichachieves data confidentiality, integrity and non-repudiation.
2. The OSD and SAN have their own disadvantage in the construction of massstorage system. Then, a network storage system based on the Public Key Infrastructurewas proposed. The user is identified and maintained by the CA. Such system will realizeauthentication and issue capabilities in different servers, which can improve theexpansibility and the bottleneck of the server for the original system. At the same time,a secure storage network protocol for the new system was proposed and analyzed byusing CK model. The results show that the new system has high bandwidth, low latency,expansibility, large-scale, high security and low cost, which is suitable for mass storagesystem.
3. Merging a variety of network storage systems is an economical and practicalmethod, but it also brings some new security issues. Then, a scheme for merging SAN and NASD into a new network storage system was proposed. Such system has highbandwidth, expansibility, large-scale, which is suitable for mass storage system. Thestorage system of multi-domain is merged by the distributed security storagearchitecture based on the identity. At the same time, a secure trusted storage networkprotocol for the new system was proposed. Such protocol is composed of twosub-network protocols, trusted access protocol and secure channel protocol. Finally, theCK model is used to analyze the security of the protocol. The results show that the newnetwork storage system will be secure if SAN and NASD are secure.
引文
1. Jim Gray, What Next? A Few Remaining Problems in Information Technology,1998.http://research.microsoft.com/~gray/talks/Gray_Turing_FCRC.pdf
2. Qin Xin, et al., Reliability Mechanisms for Very Large Storage Systems, The20th IEEE/11TH NASA Goddard conference on Mass Storage Systems and Technologies. San Diego,CA, April,2003.146~156
3. Atul Adya, et al. FARSITE: Federated, Available, and Reliable Storage for an IncompletelyTrusted Environment.5th Symposium on Operating Systems Design and Implementation(OSDI2002). Boston, MA, December2002.
4. A. Rowstron, P. Druschel, Storage management and caching in PAST, a large-scale, persistentpeer-to-peer storage utility, Proc. of ACM SOSP. Alberta, Canada, October2001.188~201
5.舒继武,薛巍,付长冬,网络存储系统与技术的现状与发展趋势,中国计算机学会通讯,http://www.ccf.org.cn
6. InfiniBand Trade Association, InfiniBand Architecture Specification, Release1.0. October
2000. http://www.infinibandta.org/specs.
7. DAFS Collaborative. Direct Access File System Protocol. Version1.0. September2001.http://www.dafscollaborative.org.
8. Storage White Paper. High-Performance Storage Virtualization Architecture.http://www.storeage.com
9. Paul Stanton. Securing Data in Storage: A Review of Current Research. eprint arXiv:cs.Os/0409034,2004:32-46
10. M. Blaze. A cryptographic file system for unix. in Proceedings of the first ACM Conferenceon Computer and Communications Security. ACM Press, November1993. pp.9–15
11. M. Blaze. Key Management in an Encrypting File System. in Proceedings of the Summer1994USENIX Conference. Boston, MA, June1994
12. G. Cattaneo, L. Catuogno, A. D. Sorbo and P. Persiano. The Design and Implementation of aTransparent Cryptographic Filesystem for UNIX. In Proceedings of the Freenix Track:USENIX Annual Technical Conference,2001. pp.199-212.
13. D. Mazieres, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key managementfrom file system security. in Proceedings of the17th ACM Symposium on Operating SystemsPrinciples (SOSP ‘99), pp.124–139.
14. H. Gobioff. Security for a High Performance Commodity Storage Subsystem. PhD thesis,Carnegie Mellon University,1999.
15. E. Miller, D. Long, W. Freeman and B. Reed. Strong Security for Network-Attached Storage.In Proceedings of the FAST2002Conference on FIle and Storage Technologies, January2002.
16. K. Fu. Group sharing and random access in cryptographic storage file systems. Master’s thesis,Massachusetts Institute of Technology,1999.
17. K. Fu, M. F. Kaashoek, and D. Mazieres. Fast and secure distributed read-only file system.Computer Systems,2002.20(1):1–24.
18. E. Reidel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage systemsecurity. in Conference on File and Storage Technologies (FAST), Jan.2002.
19. V. Kher, Y. Kim. Securing distributed storage: Challenges, techniques, and systems [C].StorageSS'05, ACM,2005:9–25.
20.姜奇.异构无线网络匿名漫游研究.西安电子科技大学博士学位论文,2011.
21.毛文波著,王继林等译.现代密码学理论与实践.北京:电子工业出版社,2004.
22.刘建伟.无线个人通信网中的保密与认证协议研究.西安电子科技大学博士学位论文,2005.
23.张薇.信息存储系统可生存性理论与关键技术研究.西安电子科技大学博士学位论文,2008.
24. D. Dolev, A. Yao, On the Security of Public Key Protocols. IEEE Transactions on InformationTheory,1983,29(2):198-208.
25.卿斯汉.安全协议的设计与逻辑分析.软件学报,2003,14(7), pp.1300-1309.
26. Abadi M., Needham R.. Prudent Engineering Practice for Cryptographic Protocols. IEEETransactions on Software Engineering,1996,22(1): pp.6-15.
27. Boyd C, Mathuria A, Protocols for Authentication and Key Establishment, Springer,2003.
28.李兴华.无线网络中认证及密钥协商协议的研究.西安电子科技大学博士学位论文,2006.
29.张帆.无线网络安全协议的形式化分析方法.西安电子科技大学博士学位论文,2007.
30. Needham R M, Schroeder M D. Using Encryption for Authentication in Large Networks ofComputers. Communications of the ACM,1978,21(12): pp.993-999.
31. Lowe G.. Breaking and Fixing the Needham-Schroeder Public-key Protocol Using CSP andFDR. In Proceedings of TACAS, LNCS1055, Springer-Verlag,1996,147-166.
32. Abadi M. Explicit Communication Revisited: Two New Attacks on Authentication Protocols.IEEE Transactions on Software Engineering,1997,23(3):185-186.
33. Lowe G. Breaking and Fixing the Needham-Schroeder Public-key Protocol Using FDR.Software-Concepts and Tools,1996,17(3): pp.93-102.
34. Abdalla, M., Bresson E., Chevassut O., et al., Password-based group key exchange in aconstant number of rounds. Public Key Cryptography-Pkc2006, Proceedings,2006.3958:pp.427-442.
35. Bao, F., Security Analysis of a Password Authenticated Key Exchange Protocol. In6thInformation Security Conference-ISC'03,2003. LNCS2851: pp.208-217.
36. Bao, F., Colluding attacks to a payment protocol and two signature exchange schemes.Advances in Cryptology-Asiacrypt2004, Proceedings,2004.3329: pp.417-429.
37. Basin, D. A., M dersheim S. and Vigano L., An On-the-Fly Model-Checker for SecurityProtocol Analysis. In8th European Symposium on Research in Computer Security-ESORICS'03,2003. LNCS2808: pp.253-270.
38. Boyd, C. and Choo K.-K. R., Security of Two-Party Identity-Based Key Agreement. In FirstInternational Conference on Cryptology in Malaysia-Mycryp'05,2005. LNCS3715: pp.229-243.
39. Burmester, M., Cryptanalysis of the Chang-Wu-Chen Key Distribution System. In Advancesin Cryptology-Eurocrypt '93,1993. LNCS2656: pp.440-442.
40. Cheng, Z. and Comley R., Attacks on An ISO/IEC11770-2Key Establishment Protocol.International Journal of Network Security2006.3(2): pp.238-243.
41. Choo, K.-K. R., Revisiting Lee, Kim,&Yoo Authenticated Key Agreement Protocol.International Journal of Network Security,2006.2(1): pp.64-68.
42. Choo, K. K. R., Boyd C. and Hitchcock Y., errors in computational complexity proofs forprotocols. Advances in Cryptology Asiacrypt'05,2005.3788: pp.624-643.
43. Choo, K. K. R., Boyd C. and Hitchcock Y., The importance of proofs of security for keyestablishment protocols-Formal analysis of Jan-Chen, Yang-Shen-Shieh,Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols. Computer Communications,2006.29(15): pp.2788-2797.
44. Lowe, G., Breaking and fixing the Needham-Schroeder public-key protocol using FDR.Software-Concepts and Tools,1996.17(3): pp.93-102.
45. Mitchell, C. and Yeun C. Y., Fixing a Problem in the Helsinki Protocol. ACM OperatingSystems Review,1998.32(4): pp.21-24.
46. Myasnikov, A. G., Shpilrain V. and Ushakov A., A Practical Attack on a Braid Group BasedCryptographic Protocol. In Advances in Cryptology-Crypto'05,2005. LNCS3621: pp.86-96.
47. Zhang, M., Breaking an Improved Password Authenticated Key Exchange Protocol forImbalanced Wireless Networks. IEEE Communications Letters,2005.9(3): pp.276-278.
48.曹春杰.可证明安全的认证及密钥交换协议设计与分析.西安电子科技大学博士论文,2008.
49.王亚弟,束妮娜,韩继红等.密码协议形式化分析.北京:机械工业出版社,2006.
50. Burrows M, Abadi M, Needham R. A Logic of Authentication. ACM Transactions onComputer Systems.1990,8(1):18-36.
51. Paulson L C. The Inductive Approach to Verifying Cryptographic Protocols. Journal ofComputer Security,1998,6(1):85-128.
52. Fabrega F.J.T., Herzog J.C., Guttman J.D.. Strand spaces: why is a security protocol correct. InIEEE Symposium on Security and Privacy,1998:160-171.
53. Schneider S. Verifying authentication protocols in CSP. IEEE Transactions on SoftwareEngineering,1998,24(9):741-758.
54. Mart A., Andrew D.G.. A Calculus for Cryptographic Protocols: the SPI calculus. InProceedings of the4th ACM Conference on Computer and Communications Security. ACM,1997,36-47.
55. Goldwasser S., Micali S.. Probabilisitic Encryption. Journal of Computer and System Sciences,1984,28(3): pp.270-299.
56. Fiat A., Shamir A.. How to Prove Yourself: Practical Solutions to Identification and SignatureProblems. Advances in Cryptology-Crypto '86,1987: pp.186-194.
57. Bellare M., Rogaway P.. Entity Authentication and Key Distribution. Advances inCryptography-CRYPTO'93,1994: pp.232-249.
58. Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis ofauthentication and key exchange protocols. In: Proceedings of the30th ACM Symposium onTheory of Computing, ACM,1998,419-428.
59. Shoup V.. On Formal Models for Secure Key Exchange (Version4)(Technical Report No. RZ3120(#93166)). IBM Research, Zurich,1999.
60. Canetti R., Krawczyk H.. Analysis of Key-exchange Protocols and Their Use for BuildingSecure Channels. Advances in Cryptology-EUROCRYPT’01,2001: pp.453-474.
61. Canetti R.. Universally Composable Security: A New Paradigm for Cryptographic Protocols.In Proceedings of the42nd IEEE Symposium on Foundations of Computer Science,2001,136-145.
62. Canetti R., Krawczyk H.. Universally Composable Notions of Key Exchange and Securechannels. Advances in Cryptology–EUROCRYPT’02,2002,337-351.
63. R. Canetti, S. Halevi, J. Katz et al. Universally Composable Password Based Key Exchange,Advances in Cryptology-EUROCRYPTO’05, LNCS3494, Springer-Verlag,2005: pp.404-421.
64. M. Bellare, P. Rogaway. Provably Secure Session Key Distribution: the Three Party Case. InProceedings of the27th ACM Symposium on the Theory of Computing,1995: pp.57-66.
65. Koblitz N., Menezes A.. Another Look at "Provable Security"(Technical Report CORR2004-20). Centre for Applied Cryptographic Research, University of Waterloo, Canada,2004.
66.林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. LIN C, PENG X H.Research on trustworthy networks (in Chinese)[J]. Chinese Journal of Computers,2005,28(5):751-758.
67. PEARSON S. Trusted computing: strengths, weaknesses and further opportunities forenhancing privacy[A]. Eds iTrust’2005, LNCS3477[C]. Berlin: Springer-Verlag,2005.305-320.
68.张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518. ZHANG H G, LUO J, JIN G, et al. Development of trusted computing research[J].Wuhan University Journal of Natural Sciences.2006,11(6):1407-1413.
69.沈昌祥,张焕国,冯登国等.信息安全综述.中国科学E辑[J].2007,37(2):129-150SHENC X, ZHANG H G, FENG D G, et al. Survey of information security[J]. Science in ChinaSeries F,2007,50(3):273-298.
70. Stephen Mason. Trusted computing and forensic investigations. Digital Investigation.2005,2,189-192.
71. Vijay Varadharajan. Trustworthy Computing. X. Zhou et al.(Eds.): WISE2004, LNCS3306,pp.13-16,2004.
72. Ravi Sandhu, Kumar Ranganathan, and Xinwen Zhang. Secure Information Sharing Enabledby Trusted Computing and PEI Model. Proc. of ASIACCS06, Mar., Taipei, Taiwan,2006.
73. John S. Erickson. Fair Use, DRM, and Trusted Computing. Communications of The ACM,2003,46(4):34-39.
74. Zheng Yan. A Conceptual Architecture of a Trusted Mobile Environment. Proceedings of theSecond International Workshop on Security, Privacy and Trust in Pervasive and UbiquitousComputing (SecPerU'06)
75. Shane Balfe and Liqun Chen. Pervasive Trusted Computing. Proceedings of the SecondInternational Workshop on Security, Privacy and Trust in Pervasive and UbiquitousComputing (SecPerU'06),2006.
76.杨力.无线网络可信认证技术研究.博士学位论文.西安电子科技大学,2010.
77.张立强.可信网络连接的一些理论与关键技术研究.博士学位论文,武汉大学,2008.
78.周明天,谭良.可信计算及其进展.电子科技大学学报.2006,35(4):686-697.
79. Nishimuar K, Ishiikawa S, Hirota K, et al. ISO/IEC15408. DBSJ Letters,4(3):13-16,2005.
80.闵应骅.可信系统与网络.计算机工程与科学.2001,23(5):21-23.
81. Trusted Computing Group. TCG Specification Architecture Overview, Revision1.4,https://www.trustedcomputinggroup.org.2007,10.
82. Matt Bishop.计算机安全学——安全的艺术与科学。北京:电子工业出版社,2005
83. Trusted Computing Group. TCG Specification Architecture Overview. Version1.2,https://www.trustedcomputinggroup.org.2004,06.
84. Trusted Computing Group. TPM Main Pan2TPM structures,https://www.trustedcomputinggroup.org.2003,10.
85. Trusted Computing Group. TCG software stack specification version1.2,https://www.trustedcomputinggroup.org.2006,01.
86. Trusted Computing Group. TCG genetic server specification,https://www.trustedcomputinggroup.org.2005,05.
87. Trusted Computing Group. TCG Trusted Network Connect TNC Architecture forInteroperability Specification Version1.2, http://www.trustedcomputinggroup.org.2007,08.
88. Trusted Computing Group. TCG mobile trusted module specification,https://www.trustedcomputinggroup.org.2007,06.
89. Y. Tin, C. Boyd, and J. Gonzalez. Provably secure key exchange: An engineering approach,2003.
90. Yiu Shing Terry Tin,Harikrishna.Vasanta,ColinBoyd, and Juan Manuel Gonzalez Nieto.Protocols with security Proofs for mobile applications.
91.陈火旺,王戟,董威.高可信软件工程技术.电子学报,2003,31(12):1933-1938.
92.林闯,任丰原.可控可信可扩展的新一代互联网.软件学报,2004,15(12):1815-1821.
93.赵佳.可信认证关键技术研究.博士学位论文,北京交通大学,2008,05.
94.李晓勇.可信分布式计算环境的关键技术研究.博士学位论文,北京交通大学,2008,05.
95.张俊伟.密码协议的可组合安全.博士学位论文,西安电子科技大学,2010,04.
96.马卓.无线网络可信接入理论及应用研究.博士学位论文,西安电子科技大学,2010,04.
97.郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案.计算机学报,2006,29(8):1255-1264.
98. Ge, H. and Tate, S.R. A Direct Anonymous Attestation Scheme for Embedded Devices. In:Okamoto, T., Wang, X.(eds.) PKC2007. LNCS, vol.4450, Springer, Heidelberg (2007).
99. Neumann P.G., Principled assuredly trustworthy composable architectures,http://www.csl.sri.com/neumann/chats4.html
100. Ellison R.J., Moore A.P.,Trustworthy refinement through intrusion-aware design(TRIAD):Anoverview, Proceedings of the3rd Annual High Confidence Software and Systems Conference,2003, http://www.cert.org/archive/pdf/triad.pdf
101. Liu Jing-sen, Dai Guan-zhong, and Li Yu. A TPM Authentication Scheme for Mobile IP,International Conference on Computational Intelligence and Security Workshops (CISW2007), pp.721-724,2007.
102. David Clark, Karen Sollins, John Wroclawski, NewArch Project:Future-Generation InternetArchitecture, http://www.isi.edu/newarch/iDOCS/final.finalreport.pdf
103. Halevi S, Karger P A, Naor D. Enforcing confinement in distributed storage and acryptographic model for access control.[EB/OL].[2010-5-11]. http://eprint.iacr.org/2005/169.
104.韩德志,余顺争,谢长生.融合NAS和SAN的存储网络设计与实现[J].电子学报,2006,(11):2012-2017.
105. V. Kher, Y. Kim. Securing distributed storage: Challenges, techniques, and systems [C].StorageSS'05, ACM,2005:9–25.
106. E. Riedel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage systemsecurity [C]. FAST, Monterey, CA, January2002:15-30.
107. Gibson G A, Nagle D F, Courtright W, et al. NASD scalable storage systems[C]//Proceedingsof the USENIX’99Extreme Linux Workshop, Monterey, CA,USA: USENIX Press,1999:121-130.
108. Blanchet B, Chaudhuri A. Automated formal analysis of a protocol for secure file sharing onuntrusted storage. IEEE Symposium on Security and Privacy, Oakland, CA, May2008:417-431.
109. Deepak Garg. Proof Theory for Authorization Logic and its Application to a Practical FileSystem [D], CMU,2009.
110. B. Blanchet. Automatic verification of correspondences for security protocols [J]. Journal ofComputer Security17(4).2009:363–434
111. A. Chaudhuri. On secure distributed implementations of dynamic access control [R].UCSC-CRL-08-01, University of California at Santa Cruz,2008.
112. Siani Pearson, Trusted Computing: Strengths, Weaknesses and Further Opportunities forEnhancing Privacy, P. Herrmann et al.,(Eds.): iTrust2005, LNCS3477, pp.305-320,2005.
113. Brian Berger, Trusted Computing Group History, Information Security Technical Report,2005,10,59-62.
114. Trusted Computing Group. TPM Main Specifications-Part1Design Principles, Version1.2,http://www.trustedcomputinggroup.org.2007,12.
115.张曼静,桂文明,苏涤生, et al.从终端到网络的可信计算技术.信息技术快报,2006,4(2):20-31.
116. Trusted Computing Group. Trusted Computing Platform Alliance (TCPA) Main Specification,Version1.1a. Republished as Trusted Computing Group (TCG) Main Specification, Version
1.1b, http://www.trustedcomputinggroup.org,2001,10.
117. Brickell E, Camenisch J, and Chen L Q. Direct anonymous at-testation. Proceedings of the11th ACM Conference on Computer and Communications Security. New York, NY, USA,2004, pp132-145.
118. Sadeghi A and Stuble C. Property based Attestation for Computing Platforms: Caring AboutProperties, Not Mechanisms. Proceedings of New Security ParadigmsWorkshop. New York,2004, pp67-77.
119.秦宇,冯登国.基于组件属性的远程证明.软件学报,2009,20(6):1625-1641.
120. Haldar. Semantic Remote Attestation. Irvine: University of California,2006.
121. Seshadri A, Perrig A, and Doorn L. SWATT: SoftWare-based ATTestation for EmbeddedDevices. Proceedings of2004IEEE Symposium on Security and Privacy. Washington DC:IEEE Computer Society,2004:272-282.
122. Zhang H, and Wang F. A Behavior-Based Remote Trust Attestation Model. WuhanUniversityJournal of Natural Sciences,2006,11(6):1819-1822.
123. Gibson, G. A., Nagle, D. F., Amiri, K., et al. A Cost-effective, High-bandwidth StorageArchitecture. In: Proceedings of the8th Conference on Architectural Support forProgramming Languages and Operating Systems. ACM. November1998.92~103
124. Canetti R, Krawczyk H. Security analysis of IKE’s signature-based key-exchange protocol[C]∥Proceedings of CRYPTO’02, LNCS2442. Berlin: Springer-Verlag,2002:143-161.
125. Gobioff, H., Gibson, G. A. and Tygar, D. Security for Network Attached Storage Devices.CMU SCS Technical Report CMU-CS-97-185,1997
126.杨超.无线网络协议的形式化分析与设计.西安电子科技大学博士论文,2008.
127.马一力,傅湘林,韩晓明,许鲁.存储与计算的分离[J].世界电信,2004,(08):24-32.
128. Blanchet B, Chaudhuri A. Automated formal analysis of a protocol for secure file sharing onuntrusted storage. IEEE Symposium on Security and Privacy, Oakland, CA, May2008:417-431.
129. Deepak Garg. Proof Theory for Authorization Logic and its Application to a Practical FileSystem [D], CMU,2009.
130. B. Blanchet. Automatic verification of correspondences for security protocols [J]. Journal ofComputer Security17(4).2009:363–434
131. A. Chaudhuri. On secure distributed implementations of dynamic access control [R].UCSC-CRL-08-01, University of California at Santa Cruz,2008.
132. P. M. Chen, E. K. Lee, G. A. Gibson et al. RAID: High-Performance, Reliable SecondaryStorage. ACM Computing Surveys,1994,26(2):145~185
133. R. H. Katz, G. A. Gibson and D. A. Patterson. Disk System Architectures for highPerformance Computing. IEEE,1989,77(12):1842~1858
134.张江陵,冯丹.海量信息存储.北京:科学出版社,2003
135.刘群.基于可扩展对象的海量存储系统研究.华中科技大学博士论文,2006.
136. X. Molero, F. Silla, V. Santonja, et al. On the Interconnection Topology for Storage AreaNetworks. In: Proceedings of15th Parallel and Distributed Processing Symposium.2001.1648~1656
137. P. Wang, R. E. Gilligan, Green, et al. IP SAN-From iSCSI to IP-Addressable Ethernet Disks.In: Proceedings of the20th IEEE/11th NASA Goddard Conference on Mass Storage Systemsand Technologies. April7-10,2003.189~193
138. A. Singh, S. Gopisetty, L. Duyanovich, et al. Security vs Performance: Tradeoffs using a TrustFramework. In: Proceedings of the22nd IEEE/13th NASA Goddard Conference on MassStorage Systems and Technologies. April11-14,2005.270~277
139. PanasasIne.ObjectStorageAiehiteeture.WhitePaper. http://www.Panasas.eoln/objecthased--]rngnt.htinl
140. MikeMesnier, R.Ganger, ErikRiedel.Objeet-BasedStorage, IEEEConununicationsMagazine, August2003.84-90
141. Riedel, E. and Gibson, G. A. Understanding Customer Dissatisfaction with UnderutilizedDistributed File Servers. In: Proceedings of the5th NASA Goddard Space Flight CenterConference on Mass Storage Systems and Technologies, September1996.1-18
142. Gibson, G. A., Nagle, D. F., Amiri, K., Chang, et al. File Server Scaling withNetwork-Attached Secure Disks. In: Proceedings of the ACM International Conference onMeasurement and Modeling of Computer Systems,1997.272~284
2. Qin Xin, et al., Reliability Mechanisms for Very Large Storage Systems, The20th IEEE/11TH NASA Goddard conference on Mass Storage Systems and Technologies. San Diego,CA, April,2003.146~156
3. Atul Adya, et al. FARSITE: Federated, Available, and Reliable Storage for an IncompletelyTrusted Environment.5th Symposium on Operating Systems Design and Implementation(OSDI2002). Boston, MA, December2002.
4. A. Rowstron, P. Druschel, Storage management and caching in PAST, a large-scale, persistentpeer-to-peer storage utility, Proc. of ACM SOSP. Alberta, Canada, October2001.188~201
5.舒继武,薛巍,付长冬,网络存储系统与技术的现状与发展趋势,中国计算机学会通讯,http://www.ccf.org.cn
6. InfiniBand Trade Association, InfiniBand Architecture Specification, Release1.0. October
2000. http://www.infinibandta.org/specs.
7. DAFS Collaborative. Direct Access File System Protocol. Version1.0. September2001.http://www.dafscollaborative.org.
8. Storage White Paper. High-Performance Storage Virtualization Architecture.http://www.storeage.com
9. Paul Stanton. Securing Data in Storage: A Review of Current Research. eprint arXiv:cs.Os/0409034,2004:32-46
10. M. Blaze. A cryptographic file system for unix. in Proceedings of the first ACM Conferenceon Computer and Communications Security. ACM Press, November1993. pp.9–15
11. M. Blaze. Key Management in an Encrypting File System. in Proceedings of the Summer1994USENIX Conference. Boston, MA, June1994
12. G. Cattaneo, L. Catuogno, A. D. Sorbo and P. Persiano. The Design and Implementation of aTransparent Cryptographic Filesystem for UNIX. In Proceedings of the Freenix Track:USENIX Annual Technical Conference,2001. pp.199-212.
13. D. Mazieres, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key managementfrom file system security. in Proceedings of the17th ACM Symposium on Operating SystemsPrinciples (SOSP ‘99), pp.124–139.
14. H. Gobioff. Security for a High Performance Commodity Storage Subsystem. PhD thesis,Carnegie Mellon University,1999.
15. E. Miller, D. Long, W. Freeman and B. Reed. Strong Security for Network-Attached Storage.In Proceedings of the FAST2002Conference on FIle and Storage Technologies, January2002.
16. K. Fu. Group sharing and random access in cryptographic storage file systems. Master’s thesis,Massachusetts Institute of Technology,1999.
17. K. Fu, M. F. Kaashoek, and D. Mazieres. Fast and secure distributed read-only file system.Computer Systems,2002.20(1):1–24.
18. E. Reidel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage systemsecurity. in Conference on File and Storage Technologies (FAST), Jan.2002.
19. V. Kher, Y. Kim. Securing distributed storage: Challenges, techniques, and systems [C].StorageSS'05, ACM,2005:9–25.
20.姜奇.异构无线网络匿名漫游研究.西安电子科技大学博士学位论文,2011.
21.毛文波著,王继林等译.现代密码学理论与实践.北京:电子工业出版社,2004.
22.刘建伟.无线个人通信网中的保密与认证协议研究.西安电子科技大学博士学位论文,2005.
23.张薇.信息存储系统可生存性理论与关键技术研究.西安电子科技大学博士学位论文,2008.
24. D. Dolev, A. Yao, On the Security of Public Key Protocols. IEEE Transactions on InformationTheory,1983,29(2):198-208.
25.卿斯汉.安全协议的设计与逻辑分析.软件学报,2003,14(7), pp.1300-1309.
26. Abadi M., Needham R.. Prudent Engineering Practice for Cryptographic Protocols. IEEETransactions on Software Engineering,1996,22(1): pp.6-15.
27. Boyd C, Mathuria A, Protocols for Authentication and Key Establishment, Springer,2003.
28.李兴华.无线网络中认证及密钥协商协议的研究.西安电子科技大学博士学位论文,2006.
29.张帆.无线网络安全协议的形式化分析方法.西安电子科技大学博士学位论文,2007.
30. Needham R M, Schroeder M D. Using Encryption for Authentication in Large Networks ofComputers. Communications of the ACM,1978,21(12): pp.993-999.
31. Lowe G.. Breaking and Fixing the Needham-Schroeder Public-key Protocol Using CSP andFDR. In Proceedings of TACAS, LNCS1055, Springer-Verlag,1996,147-166.
32. Abadi M. Explicit Communication Revisited: Two New Attacks on Authentication Protocols.IEEE Transactions on Software Engineering,1997,23(3):185-186.
33. Lowe G. Breaking and Fixing the Needham-Schroeder Public-key Protocol Using FDR.Software-Concepts and Tools,1996,17(3): pp.93-102.
34. Abdalla, M., Bresson E., Chevassut O., et al., Password-based group key exchange in aconstant number of rounds. Public Key Cryptography-Pkc2006, Proceedings,2006.3958:pp.427-442.
35. Bao, F., Security Analysis of a Password Authenticated Key Exchange Protocol. In6thInformation Security Conference-ISC'03,2003. LNCS2851: pp.208-217.
36. Bao, F., Colluding attacks to a payment protocol and two signature exchange schemes.Advances in Cryptology-Asiacrypt2004, Proceedings,2004.3329: pp.417-429.
37. Basin, D. A., M dersheim S. and Vigano L., An On-the-Fly Model-Checker for SecurityProtocol Analysis. In8th European Symposium on Research in Computer Security-ESORICS'03,2003. LNCS2808: pp.253-270.
38. Boyd, C. and Choo K.-K. R., Security of Two-Party Identity-Based Key Agreement. In FirstInternational Conference on Cryptology in Malaysia-Mycryp'05,2005. LNCS3715: pp.229-243.
39. Burmester, M., Cryptanalysis of the Chang-Wu-Chen Key Distribution System. In Advancesin Cryptology-Eurocrypt '93,1993. LNCS2656: pp.440-442.
40. Cheng, Z. and Comley R., Attacks on An ISO/IEC11770-2Key Establishment Protocol.International Journal of Network Security2006.3(2): pp.238-243.
41. Choo, K.-K. R., Revisiting Lee, Kim,&Yoo Authenticated Key Agreement Protocol.International Journal of Network Security,2006.2(1): pp.64-68.
42. Choo, K. K. R., Boyd C. and Hitchcock Y., errors in computational complexity proofs forprotocols. Advances in Cryptology Asiacrypt'05,2005.3788: pp.624-643.
43. Choo, K. K. R., Boyd C. and Hitchcock Y., The importance of proofs of security for keyestablishment protocols-Formal analysis of Jan-Chen, Yang-Shen-Shieh,Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols. Computer Communications,2006.29(15): pp.2788-2797.
44. Lowe, G., Breaking and fixing the Needham-Schroeder public-key protocol using FDR.Software-Concepts and Tools,1996.17(3): pp.93-102.
45. Mitchell, C. and Yeun C. Y., Fixing a Problem in the Helsinki Protocol. ACM OperatingSystems Review,1998.32(4): pp.21-24.
46. Myasnikov, A. G., Shpilrain V. and Ushakov A., A Practical Attack on a Braid Group BasedCryptographic Protocol. In Advances in Cryptology-Crypto'05,2005. LNCS3621: pp.86-96.
47. Zhang, M., Breaking an Improved Password Authenticated Key Exchange Protocol forImbalanced Wireless Networks. IEEE Communications Letters,2005.9(3): pp.276-278.
48.曹春杰.可证明安全的认证及密钥交换协议设计与分析.西安电子科技大学博士论文,2008.
49.王亚弟,束妮娜,韩继红等.密码协议形式化分析.北京:机械工业出版社,2006.
50. Burrows M, Abadi M, Needham R. A Logic of Authentication. ACM Transactions onComputer Systems.1990,8(1):18-36.
51. Paulson L C. The Inductive Approach to Verifying Cryptographic Protocols. Journal ofComputer Security,1998,6(1):85-128.
52. Fabrega F.J.T., Herzog J.C., Guttman J.D.. Strand spaces: why is a security protocol correct. InIEEE Symposium on Security and Privacy,1998:160-171.
53. Schneider S. Verifying authentication protocols in CSP. IEEE Transactions on SoftwareEngineering,1998,24(9):741-758.
54. Mart A., Andrew D.G.. A Calculus for Cryptographic Protocols: the SPI calculus. InProceedings of the4th ACM Conference on Computer and Communications Security. ACM,1997,36-47.
55. Goldwasser S., Micali S.. Probabilisitic Encryption. Journal of Computer and System Sciences,1984,28(3): pp.270-299.
56. Fiat A., Shamir A.. How to Prove Yourself: Practical Solutions to Identification and SignatureProblems. Advances in Cryptology-Crypto '86,1987: pp.186-194.
57. Bellare M., Rogaway P.. Entity Authentication and Key Distribution. Advances inCryptography-CRYPTO'93,1994: pp.232-249.
58. Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis ofauthentication and key exchange protocols. In: Proceedings of the30th ACM Symposium onTheory of Computing, ACM,1998,419-428.
59. Shoup V.. On Formal Models for Secure Key Exchange (Version4)(Technical Report No. RZ3120(#93166)). IBM Research, Zurich,1999.
60. Canetti R., Krawczyk H.. Analysis of Key-exchange Protocols and Their Use for BuildingSecure Channels. Advances in Cryptology-EUROCRYPT’01,2001: pp.453-474.
61. Canetti R.. Universally Composable Security: A New Paradigm for Cryptographic Protocols.In Proceedings of the42nd IEEE Symposium on Foundations of Computer Science,2001,136-145.
62. Canetti R., Krawczyk H.. Universally Composable Notions of Key Exchange and Securechannels. Advances in Cryptology–EUROCRYPT’02,2002,337-351.
63. R. Canetti, S. Halevi, J. Katz et al. Universally Composable Password Based Key Exchange,Advances in Cryptology-EUROCRYPTO’05, LNCS3494, Springer-Verlag,2005: pp.404-421.
64. M. Bellare, P. Rogaway. Provably Secure Session Key Distribution: the Three Party Case. InProceedings of the27th ACM Symposium on the Theory of Computing,1995: pp.57-66.
65. Koblitz N., Menezes A.. Another Look at "Provable Security"(Technical Report CORR2004-20). Centre for Applied Cryptographic Research, University of Waterloo, Canada,2004.
66.林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. LIN C, PENG X H.Research on trustworthy networks (in Chinese)[J]. Chinese Journal of Computers,2005,28(5):751-758.
67. PEARSON S. Trusted computing: strengths, weaknesses and further opportunities forenhancing privacy[A]. Eds iTrust’2005, LNCS3477[C]. Berlin: Springer-Verlag,2005.305-320.
68.张焕国,罗捷,金刚等.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518. ZHANG H G, LUO J, JIN G, et al. Development of trusted computing research[J].Wuhan University Journal of Natural Sciences.2006,11(6):1407-1413.
69.沈昌祥,张焕国,冯登国等.信息安全综述.中国科学E辑[J].2007,37(2):129-150SHENC X, ZHANG H G, FENG D G, et al. Survey of information security[J]. Science in ChinaSeries F,2007,50(3):273-298.
70. Stephen Mason. Trusted computing and forensic investigations. Digital Investigation.2005,2,189-192.
71. Vijay Varadharajan. Trustworthy Computing. X. Zhou et al.(Eds.): WISE2004, LNCS3306,pp.13-16,2004.
72. Ravi Sandhu, Kumar Ranganathan, and Xinwen Zhang. Secure Information Sharing Enabledby Trusted Computing and PEI Model. Proc. of ASIACCS06, Mar., Taipei, Taiwan,2006.
73. John S. Erickson. Fair Use, DRM, and Trusted Computing. Communications of The ACM,2003,46(4):34-39.
74. Zheng Yan. A Conceptual Architecture of a Trusted Mobile Environment. Proceedings of theSecond International Workshop on Security, Privacy and Trust in Pervasive and UbiquitousComputing (SecPerU'06)
75. Shane Balfe and Liqun Chen. Pervasive Trusted Computing. Proceedings of the SecondInternational Workshop on Security, Privacy and Trust in Pervasive and UbiquitousComputing (SecPerU'06),2006.
76.杨力.无线网络可信认证技术研究.博士学位论文.西安电子科技大学,2010.
77.张立强.可信网络连接的一些理论与关键技术研究.博士学位论文,武汉大学,2008.
78.周明天,谭良.可信计算及其进展.电子科技大学学报.2006,35(4):686-697.
79. Nishimuar K, Ishiikawa S, Hirota K, et al. ISO/IEC15408. DBSJ Letters,4(3):13-16,2005.
80.闵应骅.可信系统与网络.计算机工程与科学.2001,23(5):21-23.
81. Trusted Computing Group. TCG Specification Architecture Overview, Revision1.4,https://www.trustedcomputinggroup.org.2007,10.
82. Matt Bishop.计算机安全学——安全的艺术与科学。北京:电子工业出版社,2005
83. Trusted Computing Group. TCG Specification Architecture Overview. Version1.2,https://www.trustedcomputinggroup.org.2004,06.
84. Trusted Computing Group. TPM Main Pan2TPM structures,https://www.trustedcomputinggroup.org.2003,10.
85. Trusted Computing Group. TCG software stack specification version1.2,https://www.trustedcomputinggroup.org.2006,01.
86. Trusted Computing Group. TCG genetic server specification,https://www.trustedcomputinggroup.org.2005,05.
87. Trusted Computing Group. TCG Trusted Network Connect TNC Architecture forInteroperability Specification Version1.2, http://www.trustedcomputinggroup.org.2007,08.
88. Trusted Computing Group. TCG mobile trusted module specification,https://www.trustedcomputinggroup.org.2007,06.
89. Y. Tin, C. Boyd, and J. Gonzalez. Provably secure key exchange: An engineering approach,2003.
90. Yiu Shing Terry Tin,Harikrishna.Vasanta,ColinBoyd, and Juan Manuel Gonzalez Nieto.Protocols with security Proofs for mobile applications.
91.陈火旺,王戟,董威.高可信软件工程技术.电子学报,2003,31(12):1933-1938.
92.林闯,任丰原.可控可信可扩展的新一代互联网.软件学报,2004,15(12):1815-1821.
93.赵佳.可信认证关键技术研究.博士学位论文,北京交通大学,2008,05.
94.李晓勇.可信分布式计算环境的关键技术研究.博士学位论文,北京交通大学,2008,05.
95.张俊伟.密码协议的可组合安全.博士学位论文,西安电子科技大学,2010,04.
96.马卓.无线网络可信接入理论及应用研究.博士学位论文,西安电子科技大学,2010,04.
97.郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案.计算机学报,2006,29(8):1255-1264.
98. Ge, H. and Tate, S.R. A Direct Anonymous Attestation Scheme for Embedded Devices. In:Okamoto, T., Wang, X.(eds.) PKC2007. LNCS, vol.4450, Springer, Heidelberg (2007).
99. Neumann P.G., Principled assuredly trustworthy composable architectures,http://www.csl.sri.com/neumann/chats4.html
100. Ellison R.J., Moore A.P.,Trustworthy refinement through intrusion-aware design(TRIAD):Anoverview, Proceedings of the3rd Annual High Confidence Software and Systems Conference,2003, http://www.cert.org/archive/pdf/triad.pdf
101. Liu Jing-sen, Dai Guan-zhong, and Li Yu. A TPM Authentication Scheme for Mobile IP,International Conference on Computational Intelligence and Security Workshops (CISW2007), pp.721-724,2007.
102. David Clark, Karen Sollins, John Wroclawski, NewArch Project:Future-Generation InternetArchitecture, http://www.isi.edu/newarch/iDOCS/final.finalreport.pdf
103. Halevi S, Karger P A, Naor D. Enforcing confinement in distributed storage and acryptographic model for access control.[EB/OL].[2010-5-11]. http://eprint.iacr.org/2005/169.
104.韩德志,余顺争,谢长生.融合NAS和SAN的存储网络设计与实现[J].电子学报,2006,(11):2012-2017.
105. V. Kher, Y. Kim. Securing distributed storage: Challenges, techniques, and systems [C].StorageSS'05, ACM,2005:9–25.
106. E. Riedel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage systemsecurity [C]. FAST, Monterey, CA, January2002:15-30.
107. Gibson G A, Nagle D F, Courtright W, et al. NASD scalable storage systems[C]//Proceedingsof the USENIX’99Extreme Linux Workshop, Monterey, CA,USA: USENIX Press,1999:121-130.
108. Blanchet B, Chaudhuri A. Automated formal analysis of a protocol for secure file sharing onuntrusted storage. IEEE Symposium on Security and Privacy, Oakland, CA, May2008:417-431.
109. Deepak Garg. Proof Theory for Authorization Logic and its Application to a Practical FileSystem [D], CMU,2009.
110. B. Blanchet. Automatic verification of correspondences for security protocols [J]. Journal ofComputer Security17(4).2009:363–434
111. A. Chaudhuri. On secure distributed implementations of dynamic access control [R].UCSC-CRL-08-01, University of California at Santa Cruz,2008.
112. Siani Pearson, Trusted Computing: Strengths, Weaknesses and Further Opportunities forEnhancing Privacy, P. Herrmann et al.,(Eds.): iTrust2005, LNCS3477, pp.305-320,2005.
113. Brian Berger, Trusted Computing Group History, Information Security Technical Report,2005,10,59-62.
114. Trusted Computing Group. TPM Main Specifications-Part1Design Principles, Version1.2,http://www.trustedcomputinggroup.org.2007,12.
115.张曼静,桂文明,苏涤生, et al.从终端到网络的可信计算技术.信息技术快报,2006,4(2):20-31.
116. Trusted Computing Group. Trusted Computing Platform Alliance (TCPA) Main Specification,Version1.1a. Republished as Trusted Computing Group (TCG) Main Specification, Version
1.1b, http://www.trustedcomputinggroup.org,2001,10.
117. Brickell E, Camenisch J, and Chen L Q. Direct anonymous at-testation. Proceedings of the11th ACM Conference on Computer and Communications Security. New York, NY, USA,2004, pp132-145.
118. Sadeghi A and Stuble C. Property based Attestation for Computing Platforms: Caring AboutProperties, Not Mechanisms. Proceedings of New Security ParadigmsWorkshop. New York,2004, pp67-77.
119.秦宇,冯登国.基于组件属性的远程证明.软件学报,2009,20(6):1625-1641.
120. Haldar. Semantic Remote Attestation. Irvine: University of California,2006.
121. Seshadri A, Perrig A, and Doorn L. SWATT: SoftWare-based ATTestation for EmbeddedDevices. Proceedings of2004IEEE Symposium on Security and Privacy. Washington DC:IEEE Computer Society,2004:272-282.
122. Zhang H, and Wang F. A Behavior-Based Remote Trust Attestation Model. WuhanUniversityJournal of Natural Sciences,2006,11(6):1819-1822.
123. Gibson, G. A., Nagle, D. F., Amiri, K., et al. A Cost-effective, High-bandwidth StorageArchitecture. In: Proceedings of the8th Conference on Architectural Support forProgramming Languages and Operating Systems. ACM. November1998.92~103
124. Canetti R, Krawczyk H. Security analysis of IKE’s signature-based key-exchange protocol[C]∥Proceedings of CRYPTO’02, LNCS2442. Berlin: Springer-Verlag,2002:143-161.
125. Gobioff, H., Gibson, G. A. and Tygar, D. Security for Network Attached Storage Devices.CMU SCS Technical Report CMU-CS-97-185,1997
126.杨超.无线网络协议的形式化分析与设计.西安电子科技大学博士论文,2008.
127.马一力,傅湘林,韩晓明,许鲁.存储与计算的分离[J].世界电信,2004,(08):24-32.
128. Blanchet B, Chaudhuri A. Automated formal analysis of a protocol for secure file sharing onuntrusted storage. IEEE Symposium on Security and Privacy, Oakland, CA, May2008:417-431.
129. Deepak Garg. Proof Theory for Authorization Logic and its Application to a Practical FileSystem [D], CMU,2009.
130. B. Blanchet. Automatic verification of correspondences for security protocols [J]. Journal ofComputer Security17(4).2009:363–434
131. A. Chaudhuri. On secure distributed implementations of dynamic access control [R].UCSC-CRL-08-01, University of California at Santa Cruz,2008.
132. P. M. Chen, E. K. Lee, G. A. Gibson et al. RAID: High-Performance, Reliable SecondaryStorage. ACM Computing Surveys,1994,26(2):145~185
133. R. H. Katz, G. A. Gibson and D. A. Patterson. Disk System Architectures for highPerformance Computing. IEEE,1989,77(12):1842~1858
134.张江陵,冯丹.海量信息存储.北京:科学出版社,2003
135.刘群.基于可扩展对象的海量存储系统研究.华中科技大学博士论文,2006.
136. X. Molero, F. Silla, V. Santonja, et al. On the Interconnection Topology for Storage AreaNetworks. In: Proceedings of15th Parallel and Distributed Processing Symposium.2001.1648~1656
137. P. Wang, R. E. Gilligan, Green, et al. IP SAN-From iSCSI to IP-Addressable Ethernet Disks.In: Proceedings of the20th IEEE/11th NASA Goddard Conference on Mass Storage Systemsand Technologies. April7-10,2003.189~193
138. A. Singh, S. Gopisetty, L. Duyanovich, et al. Security vs Performance: Tradeoffs using a TrustFramework. In: Proceedings of the22nd IEEE/13th NASA Goddard Conference on MassStorage Systems and Technologies. April11-14,2005.270~277
139. PanasasIne.ObjectStorageAiehiteeture.WhitePaper. http://www.Panasas.eoln/objecthased--]rngnt.htinl
140. MikeMesnier, R.Ganger, ErikRiedel.Objeet-BasedStorage, IEEEConununicationsMagazine, August2003.84-90
141. Riedel, E. and Gibson, G. A. Understanding Customer Dissatisfaction with UnderutilizedDistributed File Servers. In: Proceedings of the5th NASA Goddard Space Flight CenterConference on Mass Storage Systems and Technologies, September1996.1-18
142. Gibson, G. A., Nagle, D. F., Amiri, K., Chang, et al. File Server Scaling withNetwork-Attached Secure Disks. In: Proceedings of the ACM International Conference onMeasurement and Modeling of Computer Systems,1997.272~284
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |