计算机工程与应用 ›› 2013, Vol. 49 ›› Issue (13): 59-64.

• 网络、通信、安全 • 上一篇    下一篇

可信计算环境构建机制研究进展

程  戈,李  聪   

  1. 湘潭大学 数学与计算科学学院,湖南 湘潭 411105
  • 出版日期:2013-07-01 发布日期:2013-06-28

Research progress of trusted computing environment

CHENG Ge, LI Cong   

  1. School of Mathematics and Computational Science, Xiangtan University, Xiangtan, Hunan 411105, China
  • Online:2013-07-01 Published:2013-06-28

摘要: 可信计算环境构建是通过软硬件结合的方式构建满足可信计算定义的系统,使其上进行的计算具有真实性、机密性、可控性等特性,并利用这些特性来弥补仅依靠传统安全防护方式的不足,从而更好地解决计算机安全面临的挑战和问题。介绍了可信计算环境构建的硬件基础,归纳了近年来基于静态可信度量根、动态可信度量根以及轻量虚拟机监控器的可信计算环境的构建机制,分析了现有可信计算环境构建机制的优势和不足;通过对可信计算环境中信任链的分析,指明了今后的研究方向。

关键词: 可信计算环境, 信任链, 可信度量根

Abstract: Trusted computing environment provides a new arena to address the challenges in computer security by combining software and hardware to meet the definition of trusted computing. The authenticity, confidentiality, controllability and other properties that it provides can make up the deficiencies of traditional security methods. This paper describes the hardware basis of trusted computing, summarizes the recent trusted computing environment which is based on the DRTM(Dynamic Root of Trust for Measurement) and SRTM(Static Root of Trust for Measurement), analyzes the advantages and disadvantages?of existed trusted computing environment, and indicates the direction of future research by analyzing the trust chain.

Key words: trusted computing environment, chain of trust, root of trust measurement