摘要
操作系统可信性的建立是从整个计算机系统加电引导开始直至操作系统运行环境最终的创建,对任意一可能降低操作系统可信性的执行代码操作都要进行一致性度量。本文基于可信计算联盟的规范,分析了基于T■的可信引导过程,提出了一种新的可信引导过程:并行可复原可信引导过程一在主机CPU与TPM之间采用并行作方式,并支持被验证组件代码的备份和恢复。然后利用通道技术设计和实现了这一引导过程。最后对该引导过进行了安全和性能分析,分析表明该引导过程可以使计算机获得更高的安全保障,为进一步建立可信计算环境提供基础。
For establishing the trustworthiness of the operating system, every program code of the operating system, which possibly reduces the trustworthiness,must be attest the integrality during the whole process form firstly switching on power to finally establishing the running environment in the computer system. According to the standards of the trusted computing group, based on the analysis to the trusted startup process of the common operator system, a trusted boot process, called a Parallel Recovery Trusted Startup Process (PRTSP), which takes a parallel working between CPU and TPM, and supports backup and recovery, has been put forward, and then designed and implemented by channel technology. Finally, we discuss the security and performance of the PRTSP. Based on the PRTSP, high assurance of system security has been gained, thus the basis for building the trusted computing environment has been provided.
出处
《计算机科学》
CSCD
北大核心
2007年第10期284-289,共6页
Computer Science
基金
国家863宽带VPN项目863-104-03-01课题资助
2003年度四川省科技攻关项目03GG007-007支持
关键词
可信计算
可信平台模块
完整性度量
Trusted computing, Trusted platform module (TPM), Attestation of integrity
