共查询到17条相似文献,搜索用时 140 毫秒
1.
未来的移动终端面临更多的安全威胁.本文在对未来移动终端的安全要求和面临的安全威胁进行全面分析的基础上,基于分割控制、可信认证,专用处理的设计思想,提出了一种开放的可信移动终端的设计方案.并采用多种安全防护机制增强终端系统安全性。 相似文献
2.
3.
可信计算组织TCG针对不符合可信网络接入策略要求终端的处理问题提出隔离补救的概念,实现终端和网络的可信增强,但在实现模型和运行机制方面的研究还有待完善和加强。提出基于可信度的网络接入补救机制,首先通过可信度计算实现终端的可信程度量化分析,然后进行相应的补救处理操作,最后通过实验分析证明该机制能有效实现终端的隔离与补救,在保证安全性的同时增强了网络的易用性。 相似文献
4.
移动互联网下可信移动平台接入机制 总被引:1,自引:0,他引:1
TCG MTM规范的发布,确保了移动终端的安全性,但MTM芯片的推广导致移动终端通信方式的改变,从而提出移动互联网下可信移动平台(带有MTM芯片的移动终端,TMP)的接入机制,该机制在服务域中引入策略决策者管理本域的TMP及Internet服务提供商,定义了移动互联网下TMP的2种访问模式──本域服务和跨域访问,并详细介绍各模式的具体工作流程,其中将跨域访问模式定义为漫游服务和资源请求2种场景,重点描述TMP接入机制的可信性认证体系.运用通用可组合安全模型对TMP的2种访问方式进行安全性分析,分析表明,该机制可安全实现移动互联网下TMP的可信接入,同时具有实用、高效的特点. 相似文献
5.
目前单一、孤立的安全防护设备越来越难以胜任计算机网络的安全防护工作,基于源端身份认证和完整性校验的可信计算连接(TNC)架构将可信性由终端平台延伸至网络,一定程度上为网络提供了可信性保障。文中在研究TNC的基础上提出了对可信网络概念的一些新的认识,并设计了一种可信网络安全平台实现方案。 相似文献
6.
7.
8.
可信计算的链式度量机制不容易扩展到终端所有应用程序,因而可信终端要始终保证其动态运行环境的可信仍然困难.为了提供可信终端动态运行环境客观、真实、全面的可信证据,提出了可信终端动态运行环境的可信证据收集机制.首先,在可信终端的应用层引入一个可信证据收集代理,并将该代理作为可信平台模块(trusted platform module,简称TPM)链式度量机制的重要一环,利用TPM提供的度量功能保证该代理可信;然后通过该代理收集可信终端的内存、CPU、网络端口、磁盘文件、策略配置数据和进程等的运行时状态信息,并利用TPM提供的可信存储功能,保存这些状态信息作为终端运行环境的可信证据,并保障可信证据本身的可信性.该可信证据收集机制具有良好的可扩展性,为支持面向不同应用的信任评估模型提供基础.在Windows平台中实现了一个可信证据收集代理的原型,并以一个开放的局域网为实验环境来分析可信证据收集代理所获取的终端动态运行环境可信证据以及可信证据收集代理在该应用实例中的性能开销.该应用实例验证了该方案的可行性. 相似文献
9.
当前,虚拟机技术和可信计算技术是两大热门技术,可信计算技术是实现信息系统安全的重要手段。是否可以在虚拟机的环境下,通过结合虚拟机和可信计算的技术优势,来实现终端系统与网络的可信,提高整个信息系统的安全?研究了如何设计一个基于虚拟机的可信计算平台安全架构,并进一步研究了虚拟化TPM的问题。同时,分析并总结了TCG定义的可信链技术。在此基础上,提出了虚拟机环境下可信链的实现方法,加强终端系统与网络的安全性。 相似文献
10.
11.
12.
Whether the cloud computing environment is credible is the key factor in the promotion and effective use of cloud computing.For this reason,the expected value decision method in risk decision-making was improved.The usage scenarios was redefined,the cost and benefit of audit scheme was digitized,and a virtual machine trusted auditing strategy based on improved expectation decision method was proposed.Several levels of security protection for the user virtual machine was provided,and the optimal audit scheme was selected autonomously according to the security protection level chosen by the user for the virtual machine.The virtual machine introspection (VMI) technology was used to obtain the virtual machine information that needs to be audited.The designed encryption mechanism was used to protect the security of users selected security protection level,so as to ensure the security of user virtual machine selection audit strategy.Finally,the simulation results show that the scheme has good performance and validity. 相似文献
13.
移动存储设备的使用控制研究 总被引:1,自引:0,他引:1
移动存储设备的广泛使用,极大地方便了计算机之间的信息交换,但是如果不对移动存储设备的使用加以控制,就会造成敏感或机密信息的泄露,从而可能对企事业单位造成重大损失.文章提出了一种基于电子钥匙的移动存储设备的使用控制方案,该方案能有效控制移动存储设备的使用,使计算机之间基于移动存储设备的信息交换更加安全有序. 相似文献
14.
谈剑峰 《信息安全与通信保密》2014,(3):116-119,122
在网络信息技术高速发展和信息安全威胁肆虐的今天,各类信息环境均要面临如何保障其自身运行环境的安全可信问题.文中通过对可信计算技术,这一结合安全软硬件信息技术的研究与分析,通过其自身的安全机制与物理防御能力,以及信任链验证体系,为信息系统环境与身份识别环境提供一种有效的可信环境实现方法. 相似文献
15.
When using trusted computing technology to build a trusted virtual platform environment,it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment.At present,the certificate trust expansion schemes are not perfect,either there is a violation of the TCG specifications,or TPM and vTPM certificate results inconsistent,either the presence of key redundancy,or privacy CA performance burden,some project cannot even extend the certificate trust.Based on this,a new extension method of trusted certificate chain was proposed.Firstly,a new class of certificate called VMEK (virtual machine extension key) was added in TPM,and the management mechanism of certificate VMEK was constructed,the main feature of which was that its key was not transferable and could be used to sign and encrypt the data inside and outside of TPM.Secondly,it used certificate VMEK to sign vTPM’s vEK to build the trust relationship between the underlying TPM and virtual machine,and realized extension of trusted certificate chain in virtual machine.Finally,in Xen,VMEK certificate and its management mechanism,and certificate trust extension based on VMEK were realized.The experiment results show that the proposed scheme can effectively realize the remote attestation function of virtual platform. 相似文献
16.
Chang-Ying Zhou Chun-Ru Zhang 《中国电子科技》2007,5(3):206-211
With the growing intelligence and popularity of mobile phones, and the trend of cellular network's convergence to IP based network, more and more mobile applications emerge on the market. For mission critical applications, like the electronic payment which will be discussed in this paper, the lack of trust in the underlying mobile infrastructure and secure interface to legacy systems (for this case, the banking systems) poses obstacles to their widespread presence in mobile services. Recently, the exposure of hacking of iPhone and other smart phones further emphasizes the criticality of establishing a trust platform for mobile applications. This paper analyzes the building blocks of the trusted smart phone, and proposes a framework to provide a trusted platform for mobile electronic payment. Such a proposed system may allow direct interface to the banking systems due to the banking industry recognized strong security, and hence, may enable its widespread use. 相似文献