基于扩展LS2的可信虚拟平台信任链分析

doi:10.3969/j.issn.1000-436x.2013.05.004

通信学报 ›› 2013, Vol. 34 ›› Issue (5): 31-41.doi: 10.3969/j.issn.1000-436x.2013.05.004

基于扩展LS²的可信虚拟平台信任链分析

常德显^1,^2,³,冯登国¹,秦宇¹,张倩颖^1,²

¹ 中国科学院软件研究所，北京 100190;
² 中国科学院研究生院，北京 100049;
³ 解放军信息工程大学三院，河南郑州 450004

出版日期:2013-05-25 发布日期:2017-06-27
基金资助:
国家自然科学基金资助项目;国家自然科学基金资助项目;国家重点基础研究发展计划（“973计划）基金资助项目

Analyzing the trust chain of trusted virtualization platform based on the extended LS²

De-xian CHANG^1,^2,³,Deng-guo FENG¹,Yu QIN¹,Qian-ying ZHANG^1,²

¹ Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;
² Graduate University of Chinese Academy of Sciences,Beijing 100049,China;
³ 3rd Institute,PLA Information Engineering University,Zhengzhou 450004,China

Online:2013-05-25 Published:2017-06-27
Supported by:
The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Basic Research Program of China (973 Program)

摘要/Abstract

摘要：

摘要：针对可信虚拟平台信任链的形式化分析问题，建立了包括虚拟机和虚拟信任根在内的可信虚拟平台完整的信任链模型，并详细定义其应满足的信任属性，通过扩展 LS²，验证了可信虚拟平台信任链模型能够有条件地满足其正确性、唯一性。对实例系统分析表明本文所建立信任链模型的通用性及基于扩展LS²分析方法的有效性。

关键词: 可信计算, 可信虚拟平台, 安全系统逻辑, 信任链, 虚拟信任根

Abstract:

Considering the effective formal analysis for the trust chain of the trusted virtualization platform,a trust chain model which includes the virtual machine and the virtual root of trust,was proposed firstly with the detail definition of the trusted properties.Through extending the LS²,it verified the correctness and uniqueness of the trust chain formally under some conditions.Analysis for the photosystem shows the generality of the proposed trust chain model and the va-lidity of the analysis method based on the extended LS².

Key words: trusted computing, trusted virtualization platform, logic of secure system, trust chain, virtual root of trust

常德显,冯登国,秦宇,张倩颖. 基于扩展LS²的可信虚拟平台信任链分析[J]. 通信学报, 2013, 34(5): 31-41.

De-xian CHANG,Deng-guo FENG,Yu QIN,Qian-ying ZHANG. Analyzing the trust chain of trusted virtualization platform based on the extended LS²[J]. Journal on Communications, 2013, 34(5): 31-41.

图/表 6

图1

图2

图3

图4

图5

图6

参考文献 19

[1]	REINER S , XIAOLAN Z . Design and implementation of a TCG-based integrity measurement architecture[A]. Proc of the 13th USENIX Security Symposium[C]. Berkeley,USA, 2004. 223-238.
[2]	BERGER S , CACERES R , GOLDMAN K A , et al . VTPM: virtualiz-ing the trusted platform module[A]. Proc of the 15th USENIX Security Symposium[C]. Berkeley,USA, 2006. 305-320.
[3]	CHRIS I D , DAVID P , WOLFGANG W , et al . Trusted virtual platforms:a key enabler for converged client devices[A]. Proc of the ACM SIGOPS Operating Systems Review[C]. New York,USA, 2009. 36-43.
[4]	BERGER S , RAMON C , DIMITRIOS P , et al . TVDc: managing security in the trusted virtual datacenter[A]. Proc of ACM SIGOPS Operating Systems Review[C]. New York,USA, 2008. 40-47.
[5]	KRAUTHEIM F J , DHANANJAV S P , DIMITRIOS P , ALAN T S . Introducing the trusted virtual environment module: a new mechanism for rooting trust in cloud computing[A]. Proc of the 3rd International Conference on Trust and Trustworthy Computing[C]. 2010. 211-227.
[6]	王丽娜，高汉军，余荣威等 . 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报， 2011,32(9):1-8.
[7]	CHEN S Y , WEN Y Y , ZHAO H . Formal analysis of secure bootstrap in trusted computing[A].Proc of the 4th International Conference on Autonomic and Trusted Computing[C]. Berlin,Springer, 2007. 352-360.
[8]	张兴，黄强，沈昌祥 . 一种基于无干扰模型的信任链传递分析方法[J]. 计算机学报， 2010,33(1):74-81.
[9]	冯登国，秦宇 . 可信计算环境证明方法研究[J]. 计算机学报， 2008,31(9):1640-1652. FENG D G . QIN Y . Research on attestation method for trust computing en-vironment[J]. Chinese Journal of Computers, 2008,31(9):1640-1652.
[10]	冯登国，秦宇 . 一种基于 TCM 的属性证明协议[J]. 中国科学， 2010,53(3):454-464.
[11]	JONATHAN M M G , NING Q , LI Y L , et al . TrustVisor: efficient TCB reduction and attestation[A].Proc of the IEEE Symposium on Security and Privacy[C]. Oakland,USA, 2010. 143-158.
[12]	BURROWS M , ABADI M , NEEDHAM M R . A logic of authentica-tion[A]. Proc of the Royal Society[C]. London,UK, 1989. 233-271.
[13]	ABADI M , FOURNET C . Mobile values,new names,and secure communication[A].Proc of the 28th Symposium on Principles of Pro-gramming Languages[C]. London,ACM, 2001. 104-115.
[14]	GILLES B , GUSTAVO B , JUAN D C , et al . Formally verifying isola-tion and availability in an idealized model of virtualization[A].Proc of the 17th International Conference on Formal Methods[C]. Berlin,Springer, 2011. 231-245.
[15]	DATTA A , FRANKLIN J , GARG D , et al . A logic of secure systems and its application to trusted computing[A]. Proc of the 30th IEEE Symposium on Security and Privacy[C]. Los Alamitos,USA, 2009. 221-236.
[16]	Trusted Computing Group.TCG infrastructure working group archi-tecture part II-integrity management version 1.0[EB/OL]. 2006.
[17]	CABUK S , CHEN L Q , PLAQUIN D , et al . Trusted integrity meas-urement and reporting for virtualized platforms[A]. Proc of the Inter-national Conference on Trusted Systems[C]. Berlin,Springer, 2010. 180-196.
[18]	CHANG D X , CHU X B , QIN Y , et al . TSD: a flexible root of trust for the cloud[A].Proc of the IEEE 11th International Conference on Trust,Security and Privacy in Computing and Communications[C].Liver-pool.Springer, 2012, 119-126.
[19]	Trusted Computing Group.Virtualized trusted platform architecture specification version 1.0[EB/OL]. .

基于扩展LS²的可信虚拟平台信任链分析

Analyzing the trust chain of trusted virtualization platform based on the extended LS²

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	何欣枫,田俊峰,刘凡鸣. 可信云平台技术综述[J]. 通信学报, 2019, 40(2): 154-163.
[2]	田俊峰,李天乐. 基于TPA云联盟的数据完整性验证模型[J]. 通信学报, 2018, 39(8): 113-124.
[3]	田俊峰,张永超. 基于改进期望值决策法的虚拟机可信审计方法[J]. 通信学报, 2018, 39(6): 52-63.
[4]	谭良,齐能,胡玲碧. 虚拟平台环境中一种新的可信证书链扩展方法[J]. 通信学报, 2018, 39(6): 133-145.
[5]	陈兴蜀,王伟,金鑫. 基于标签的vTPM私密信息保护方案[J]. 通信学报, 2018, 39(11): 170-180.
[6]	王雷,杨明华,刘增良,郑建群. 适于双冗余系统的信任链生成和更新算法[J]. 通信学报, 2017, 38(1): 1-8.
[7]	冯伟,秦宇,冯登国,杨波,张英骏. 基于TCM的安全Windows平台设计与实现[J]. 通信学报, 2015, 36(8): 91-103.
[8]	张倩颖，赵世军，冯伟，秦宇，冯登国. 跨平台的可信执行环境模块方案研究[J]. 通信学报, 2014, 35(Z2): 11-85.
[9]	周振吉，吴礼发，洪征，赖海光，郑成辉. 云计算环境下可信虚拟机管理模型[J]. 通信学报, 2014, 35(Z2): 13-105.
[10]	张倩颖,赵世军,冯伟,秦宇,冯登国. 跨平台的可信执行环境模块方案研究[J]. 通信学报, 2014, 35(Z2): 72-85.
[11]	周振吉,吴礼发,洪征,赖海光,郑成辉. 云计算环境下可信虚拟机管理模型[J]. 通信学报, 2014, 35(Z2): 94-105.
[12]	张倩颖，冯登国，赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报, 2014, 35(8): 13-106.
[13]	张倩颖,冯登国,赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报, 2014, 35(8): 94-106.
[14]	肖跃雷，王育民，庞辽军，谭示崇. 可信计算环境下的WLAN Mesh安全关联方案[J]. 通信学报, 2014, 35(7): 12-103.
[15]	肖跃雷,王育民,庞辽军,谭示崇. 可信计算环境下的WLAN Mesh安全关联方案[J]. 通信学报, 2014, 35(7): 94-103.