摘要
针对已有的一些完整性度量方法在度量主动性、灵活性和运行效率等方面的不足,提出了基于策略嵌入和可信计算的完整性主动动态度量架构(PEDIAMA)。将度量策略嵌入到度量目标内部,因此不需要专门的内存空间来集中维护所有的策略,节省了策略的查询和维护成本,提高了运行效率。由于策略方便存取,制订灵活,不仅可以实时接收外部的度量请求,也可以依据内嵌的策略主动进行度量,主动防御性更强。同时,通过TPM硬件来保护度量架构和度量过程的安全,并对度量策略和相关度量结果进行签名保护,提高了整个系统的安全性。经过测试,PEDIAMA能够即时检测出针对运行实体的攻击,并且度量开销较小。
In order to improve the current integrity measurement methods in activity,flexibility and efficiency,this paper presented a TPM-based architecture PEDIAMA(policy embedded dynamic integrity active measurement architecture).It embedded measurement policies into measurement targets,thus no extra memory was needed to hold and maintain the policies,and the cost in searching and maintaining was very low,so increased the efficiency of the whole system.As the policies were flexible in contents and easy to access,not only the external measurement requests could be fulfilled instantly,but also the embedded policies could be performed actively.For the architecture and the measurement process were protected by TPM,also protected the policies and some measurement results by digit signature,boosted the security of the whole system.Experimental results show that,PEDIAMA can instantly detect the attack aiming at running objects with lower overhead.
出处
《计算机应用研究》
CSCD
北大核心
2013年第1期261-264,共4页
Application Research of Computers
基金
国家重点基础研究发展计划资助项目(2007CB310900)
