trusted cloud platform management model based on tpm … · 2016 2 journal on communications...
TRANSCRIPT
2016� 2� Journal on Communications February 2016
2016025-1
� 37�� 2� � � � � Vol.37 No.2
�� TPM �������� �
�������
����� ������� �� 071002�
����������� ���������������������� !"#$%&'(�)*+
, TPM-."�����/01�2��345�� TPM67$8"9:#�)*+; TPM<= TPM">?5
����������@ABCD"'(�EF@AG">?HI TPM-.�JK TPM<LMNO�PQR
S! TPM-.T��A"��UV'(�)*+WX ,@AG" TPM-.��YZ�[\��]^_`abc
_`abC_`ad@ef_`agh��ij_`<��kl_`�mn+@AG"opq�rs+�t��
����gh"@ABC<��u�ef"vw#5xy���z{d|}~+34�v��"#$<vw#5
����TPM-.����������@AG
����TP393 � ����A
Trusted cloud platform management model based on TPM alliance
TIAN Jun-feng, CHANG Fang-shu
(Institute of Network Technology, Hebei University, Baoding 071002, China)
Abstract: On the basis of trusted computing technology, trusted cloud platform architecture and management model based
on the TPM alliance was proposed to solve the performance bottleneck of dynamic management of trusted nodes in the
building process of trusted cloud platform. Macro TPM was proposed to solve the capability limitation of TPM, the concept
of time-based tree was introduced to organize TPM alliance, addressing the problem of high time cost of nodes management
in trusted cloud. It used TPM and authentication encryption technology to solve the trusted transmission problem of data
among nodes in TPM alliance, and a management strategy of time-based tree TPM alliance was proposed, including node
configuration protocol, node registration protocol, node logout protocol, node state real-time monitor protocol, trusted nodes
management network repair protocol, node update protocol. That explains the production algorithm of time-based tree,
analyses the effectiveness of the time cost of building trusted node management network and monitoring of node state. The
simulation result indicates that the model is efficient, and the time cost in trusted node management can be reduced.
Key words: TPM alliance, cloud computing, trusted cloud platform, time-based tree
1 ��
������������ �����
�������������� ��!"�"#�
$%&'()����*Gartner+��2016,-.
/012�
1
3
� �3�4�Forrester +� 2020 ,
-.���56�78 2 1409:;!<=��
���>?@<ABCD#EF�GH�I-JKL
G>?�M�NO!Gartner �PQRSTU�#V
70%�WX$%YZ[\]^U_`a()����
Ybcd3V�/*I-efghij�kl
[1]
!m
n�/*opqrij/* �sI-�=t/*3
�H�uvw�xy�sz�@<ABC����
�����2015-03-18������2015-06-23
�������6��� ������No.61170254�����6��� ������No.F2014201165��������
�������� ������No.ZH2015088�
Foundation Items: The National Natural Science Foundation of China (No.61170254), The Natural Science Foundation of Hebei
Province (No.F2014201165), The University of Hebei Province Science and Technology Research Program (No.ZH2015088)
doi:10.11959/j.issn.1000-436x.2016025
�2� � � � � 37�
2016025-2
{1|}~�������K�������b��
���i����H����pe���e!
�V����[\������r�3)�
�)o�����t����������� =
i�/*��pe���e!¡3"�"#��V
)�����V¢£����������¤¥
�¦��§¨�=��©ª������ {«¬
i�®��������!«S���� {¯
a8��°�±²)�3³)4´�¤s����
D�r�a����µ¶·�¸¹º»��¼½�
��·�¾�a¿�!dÀÁv ���ÂÃ�Ä
Å�Ã��Æ���ÇsÈÉ������!
2 ����
GarfinkelÊ
[2]
�¦ TerraËÌ����ÍÎ�È
ÄÏÐ�ÑÒÍÎ�ÓÔÕ�)Ö×� gh��
�eij!Shakeel Ê
[3]
�¦������Ø�
�ÙÚÛ�ÜÝØ�Þß)��®ÍÎ��I
-ghij�àáÉ�©ª!Jonathan Ê
[4]
�¦�
TrustVisor ËÌÇ¡âãäåæçr�ÍÎ�ÈÄ
Ï�tI-èé�êëì»sr�f{%xyín
��)îï!HidekazuÊ
[5]
�¦� VMCryptín�
�·Äð1 �ñòóÄð�opÄð�)�ÍÎ
�³)òóÄð�ôõö³)opÄð�÷ø)�
ÍÎ�H�1 �ù��Õôõö!Sven Ê
[6]
�¦
�opñ��ËÌ���)�ÍÎ�H�opxy
��úûï8)�É��opöH�Çü)�®
�I-Þß�¤!ChenÊ
[7]
�¦� cTPM�� TPM
����ýþ�Æ�p��ÞßTPM��WÝ�©
ª!4´�¤¾�3�Æ��4ÐÂ��ì»ÓÔ�
<=�ÓÔ� 3���������b����
��º»�y!
�Ê
[8]
�¦Þß�I-©ª� b�¤�
������f����R�!Joshua Ê
[9]
�¦�
�����ËÌ��|�n��������Þ
ß�)��������e�©ª!��¤�a�
������e���ùar�Çs�Û!Lucas
Ê
[10]
�¦����e�����ËÌ DynIMA �
Þß�Æ©ª!Berger StefanÊ
[11]
�¦��ÍÎ/
*H� TVDc��[\�b)Vi��ÓÔH)�
ÍÎ��îï!¨� Berger Ê
[12]
�c'� TVDc
º»çr���¿)����I-���É�)�
�� ��X©!Andy Ê
[13]
�¦� Jobber ��Æ
����#����I-ËÌ�)V���/*
H����åe� !�������!Wu Ê
[14]
�
¦X©É�ñ��ËÌ AcaaS��ËÌ�"�#$
��)��X©É�%&�ôõ�'Õ���
{!()�Ê
[15]
�¦� TCEE��Õ)�ÍÎ�*
+ vTPM�¿) TCG,-. TSS� OpenPTS�)
�ÍÎ�ÓÔ�ù�¼Õ��¢£�º»��e
����i�)��)Ö×ì»ÓÔ���e!Li
Ê
[16]
�¦�#������ÓÔØ MTCEM �
������I-/0º»ûï��� {10�
2Ãü����)�10ÍÎ�Ç3��)Ö×�
��!ZhangÊ
[17]
�¦� CloudVisorËÌ¿)45
ÍÎ![\����H#��ÓÔ�)�ÍÎ�
�I-ij!4´�¤6<��ÓÔ����©ª
º»â78�§9ä:l�;°ôõ�Æ©ª!
Santos Ê
[18]
�¦������� TCCP���
������P�ôõ�H�<ä��;°�t;
°D�s�ôõ�=;°�s�&>�ar?
W�!¨� Santos Ê
[19]
@º� Excalibur ��()
�VAe�pv%&op�¹ CPABE �ÙÚ#Æ
H�!�ÈÄÏ�@ºôõ��;°<�K�e
rBC!D������ÐÂ�ÖH��;°ôõ
3�erBC�K�E?eF�©ª�SantosÊ
@º� Excalibur�G�<�¦��¹tHHI�!
JKLÊ
[20]
�¦��V����M�p�
³)N/ôõ�¹r�I-äOP ��ijp
�� =ij� �H/*��peQ�p��
³)N/!RSTÊ
[21]
�¦������ �É�
Ø TCMCS��Ø)VÞß� ����I-
©ª!UVWÊ
[22]
��ÓÔ������XYº»
78��¦ân����X©É�ÌÐ!JZÊ
[23]
�¦� POSTER ¿)����XYL����
[8[���ij!\]Ê
[24]
D��ÓÔ�ÍÎ
������¹ 3�Q>e©ª��¦��^w
����Ø TSTM�����Ø��E?e!
4´~yD����H_�ôõ`� �`��X
©É��ÍÎ���e��Ê©ªº»â78!
������ÂÃïa&�����;
°��!ôõ�ÇsÈÉ!6< SantosÊD�;
°ôõ�Æ©ª�¦âÞß�¤�§9äabÞß
��;°ôõ<�K�erBC�cd�����
�E?e!ÁvYe�¦â�V TPM fg���
���híRÐ�<�Õ¦â�Vs�^����
� 2� ������ TPM!"#$�%&'()*+ �3�
2016025-3
ÇsÈÉ������ôõ�¤!
3 �� TPM �� �������
TPMitrusted platform modulejfg� 2�
2 �4�kl�����M��m�R��
nop���ûq����!TPMfg�h4yL
�����iTCP, trusted cloud platformj��r��
GH TPMyL�����H����Ïiserverj
��r�!�V TPM fg������híRÐ
«ð 1<U!
, 1 $�%&'-./0
����ÍÎ�iVM, virtual machinej�w�
� Õ�)��OpenStack ��)�X©����
Ys!�����t 2u����ÏÐK��u�
ôõ;°��u���;°!�ôõ}��ôõ;
°âÞvÆ��;°�����!MTPMimacro
TPMj��V TPM ����*wx���M�
�b10G<3��;°����*wx���
Gy��;°���e�zsÞß TPM ����
a��©ª!RTPMiroot TPMj� TPMfg��
����b10{j�ôõ�Æ TPM fg�TPM
fg�� RTPMôõ<ä�MTPM!
MTPM|}RЫð 2<U�ínH~o-ç
r«�!
1) ���*wxo-��b'� 2|ûçr�
��ín��s�����e��i'� BIOS`
bootloader`OS`��»v-`��v-j���í
nì»s�����e��i'�ÍÎ�`ºÖ�
��»v-`ÓÔ��j�RS Ú�*/*�!
2) ;°��wxo-�Yw��MTPMH;°�
�wxo-m��;°��x��Q���o-���
;°���Ú8;°��x�H���@��;°�
�x�m�Õ4�MTPMH�;°��wxo-!
, 2 MTPM12/0
3) ��o-�¿)��/*�H������
�� MTPM H���*wxo-m���*�Q
�RSm�8;°��wxo-!
4) �*/*�����;°H�1 /*�v
-�MTPM�'!st���*wxo-�ÂQô
õ��*/*����et TPM i���b)�
�¥�������e���!
5) ��/*�����;°H���/*�v
-�MTPM�'!st��o-�ÂQôõ���
/*����et TPMi�!
RTPM|}RЫð 3<U�ínH~o-ç
r«�!
1) ;°��wxo-�Yw�� MTPM H;
°��wxo-m��;°��x��Q���o
-���;°���Ú8;°��x�H���@
��;°��x� Ú;°��/*�!
2) ��o-�¿)��/*�H������
�� MTPM H���*wxo-m���*�Q
�RSm�8;°��wxo-!
3) ��Ï��a��;°����ù��Õ�
ôõ}!
4) ;°ôõo-�TPM fg�'!s��ô
õ}¿)�o-�ÂQôõ�;°/*�`��,
-��`;°��/*�!
5) ��/*���ôõ;°H���/*�v
-�MTPM�'!st��o-�ÂQôõ���
/*����et TPM i����/*�H�1
2 RTPMH�;°��/*����)V��¥
����;°���e!
6) ;°��/*���ôõ;°H�1 /*
�v-�TPMfg�'!s�t�ôõ}�Â�)
�4� � � � � 37�
2016025-4
VÇs� TPM fgH��;°����/*�
�¡qä3��;°>��!s¢>��!!
7) �;°/*���ôõ;°H���/*�v
-� ��H<ä;°i'���;°`ôõ;°`
£� ���;°j�;/*�;/*'�;°�UUID
i;°¤��¥j ¦��ú IP�;°��uØ!
8) ��,-����ôõ;°H���/*�
v-� �,-�v-§¨��©�ù�L TPM
fgHIª�,-� ����TPMfgHì»�
v�Æ��»v-¾�����!
9) ;°��/*���ôõ;°H���/
*�v-��ôõ}«+ TPMfgH�;°��
uØ�v����uØ�¬�ù'���Ï®
-�ù`xyín�ù`ì»��)�ùi3«
,-¯Á ��°/Êj�v����uؾ±�
��Æ�²!
3�����H�ôõ;°� RTPM10{j
<ä�;°����ù!Li��³e�ôõ;°
�´t 2���ÏÐK�oKµ·~��!MTPM
\`e�<3;°º»��e������ù��
s�^M¶·x8 RTPMH!
4 ���������� ������
Santos Ê�¦� TCCP ��ÙÚ���P�
iTCj�ôõ���1|�����;°!TC 1
0¸õ���1|��;°�oÚ`¹¦�{j!
tV TPM�ºO�TC�»�N��;°oÚxy
�»¼½ 1 s¾¿�À�s��t���;°zs
oÚs�s�4�&>�ar?W�!zs TC 1
0ôõ<ä�;°�t;°D�s�TC 2½
KLBC!Excalibur6<3ÈÄ;°f¥ôõ;°
��()�VAe�pv%&opËÌiCPABE,
ciphertext policy attribute-based encryptionj�ÁÂâ
��;°zsoÚ������s�KÁ�§�t
ÃÄ8;°�Å�Æ>�{jÊôõxys�ÈÄ
;°@<±KLínBC!D�4´©ª�Áv�
¦â�Vs�^������;°ôõ%&!
�� 1 s�^ T���;o<V, E>�GH�V
� n(n�0)Æ;°�äÝx��V={
i
v |0� i� n−1}�
E�;°�Ç�x��E={ , | , , }
i j i j
v v v v V i j< > ∈ ≠ !
��
i
v =<I,t>�GH�i�ÉÊ�i∈[0,n−1]�
t�s�Ae�t∈[0,
i
v ]!+�s�AeL;°oÚ
s�^�sË�Ì
i
v f
j
v z�sËoÚs�^�Í
ä
i j
t t= �Ì
i
v eV
j
v oÚs�^�Íä
i j
t t< !i
� tÎ�«�Ïí
0, 0
lb 1, 0
i
t
i i
=
= + ≠
(1)
f(i)¥+�L
0, 1
( ) , mod2 0
2
1
, mod 2 0, 1
2
i
i
f i i
i
f i i
=
= =
−
≠ ≠
(2)
tÐÑt i� jÎ� j= f(i)s�<
ji
vv , >∈E�À
sÒ
i
v �
j
v ��Ó;°�
j
v �
i
v ��Ô;°�
j
v �
<ä�Ó;°LÕÖ;°!
t V=Φ s�Ò TL×s�^�t V Φ≠ s�V
H�;°¨�«+ÉÊ�QØ�(1)«+;°�s�
Ae��ÀsØÙ~;°�ÉÊ�s�Ae¤�Ð
Âs�^!
Ìs�^ TÚ×�Ò<0, 0>L�;°!Ì iÛ
2
n
�
Ò<i,
i
t >LÜ;°��Í<i,
i
t >ÒLûÝ;°!
Øs�^+�Hx�V�x�EÞßÎ��à
� 3 RTPM����
� 2� ��� � TPM������������ �5�
2016025-5
-�wK�s�^ä 2�^Uw�!¢ 1�^Uw
�«ð 4(a)<U�s�^H�;°Øs�Ae� t
ûá!¢ 2�^Uw�«ð 4(b)<U�s�^H�
;°ØÕÖÏíº»ûá!
4.1 ��������
TPM fgH�;°Øs�^ØwK���
;°ôõ��«ð 5<U!
RTPM^Uôõ;°�MTPM^U��;°!
RTPM�ÉÊL 0�MTPM�ÉÊ�Ùs�^�+
�t�ôõ}3 TPM fg�'!�Â;°��/
*�s�+!;°�s�Ae�^U;°3¢âÆ
ã�\`oÚ8��;°ôõ��H!ã�\`^
U 2Æ;°��º»äÖ�u<¼½�s�!
3å´ãh�n���Áv¯«�»+!
UUID
i
�^U;° i� UUID�)V TPMfg
��;°/*�Hæç�¥�Æ;°!
ID
i
�^U;° i�ÉÊ�)V��;°ôõ�
��;°��/*�H�¥�Æ;°!
MTPM
i
�^U;°ÉÊL ID
i
���;°!
/
i j
M RTPM → �^U;° i��Ô;° j!
IP
i
�^U;° i� IPPè!
PK
i
`SK
i
�ûé^U;° i�¦��h�!
KEY
ij
�^U;° i� jýþ��Òp�!
ML
i
� U;° i���e����t���*
wxo-��!
CON
i
�^U;° i���uØ���V;°�
�/*�H�m���uØ!
CHECKVALUE
i
� U;° i������;°
��/*�Hf CON
i
uØê����²!
{M}K�^U)p� K�ëù Mº»op!
4.2 ����
��n³MTPM RTPM�ì®�ÉÊ`�
Ô;°� IP�¦��ú)VÂl��;°ôõ��!
��n3 TPMfg���i'� Û��j�»!
ð 6 å´â MTPM � RTPM ����ù¼í
�Ö�ãhîÖ«�!
� 4 n=16�����
� 5 ��� ��!"
�6� # � $ % � 37&
2016025-6
� 6 � '()*
1) MTPM
i
ï RTPM>ðÉÊñò�ù UUID
i
!
2) RTPM��UUID
i
Qó;°��/*��8
ID
i
�zs>ðd��ù ID
i
!
3) MTPM
i
� ID
i
êÚ�(2)H���¦�Ô;°
ÉÊ ID
j
�zs>ð�Ô;°�ùñò ID
j
!
4) RTPM �� ID
j
Qó;°��/*��8
UUID
j
�ô�� UUID
j
Qó�;°/*��8 IP
j
� PK
j
�zsï MTPM
i
>ðd��ù�IP
j
� PK
j
�
RTPM �� UUID
i
Qó�;°/*��8 PK
i
`
CON
i
� CHECKVALUE
i
�zsï /
i j
M RTPM → >ð
�ù ID
i
`PK
i
`CON
i
� CHECKVALUE
i
!
MTPM
i
� ID
i
IP
j
� PK
j
�8 TPM�ڽ�
e �ÏH! /
i j
M RTPM → � ID
i
� PK
i
�8 TPM
�Ú½�e �ÏH�� CON
i
� CHECKVALUE
i
�8��/*�!
4.3 �����
��n³ RTPM ��<ä MTPM �����
�e!MTPM �����¢rKL TPM fgH�
�}�� ��!��nf�VH��;°ôõ%
&az�����n��»a�+>�3MTPM�
RTPM���=�>�3MTPM��Ô;°���
�õi�â���;°r�zsÆö!��nzs
Ç¡â;°����m÷!��;°ôõ���Â
l���~ MTPM �»;°Æö�n�K��G
H;°Æö�n¿)â TPM �¨�/�K`p�
�K`�©����©Ê�Áçr!
MTPM vN ���¾b���»;°Æö
�n�MTPM�������;°ôõ��m÷Õ
RTPM!RTPM ¿)��;°ôõ��ÇsÈÉ<
äMTPM���!
ð 7å´âMTPM
i
f /
i j
M RTPM → ����ù
¼í�Ö�ãhîÖ«�!
1) MTPM
i
ï /
i j
M RTPM → >ðÆöñò�ù
ID
i
`CON
i
�¨�/ n
1
!
2) /
i j
M RTPM → ï MTPM
i
>ðd��ù�¨
�/ n
2
��© SIG
1
�{n
1
,t}SK
j
�GH t� /
i j
M RTPM →
oÚ��;°ôõ����¥!
3) MTPM
i
�� SIG
1
�Ì����>ðd�
�ù��© SIG
2
�{n
1
, n
2
, ML
i
}SK
i
!�Í�>ð
ø��Ê SUSPEND�Êù��Æã�\` Û
Æö!
4) /
i j
M RTPM → �� SIG
2
�������K
KEY
ij
�>ðd��ù� {KEY
ij
}PK
i
� {KEYSET,
IPSET}KEY
ij
�GH�KEYSET � /
i j
M RTPM → fG
y;°����Òp�x��IPSET�~;°� IP
x�!zs /
i j
M RTPM → ïGy�Ó;°>ð KEY
ij
�
i
IP!Ì��a���ï�Ô;°>ð MTPM
i
�
��a����!
� 7 ������
4.4 �����
t MTPM ��;°Æö�núo8 TPM f
gHs�±wK«ð 5 <U�s�^Øûü��
�;°ôõ��!��Hv�Æ MTPM���¾
����Ô;°������·�Õ RTPM!t
�ôõ}ýÁ;°s���Æ>�|û
MTPM�ÌÆ>� MTPM;°�ûÝ;°�Þ<
±�K�Ó;°���¸¹m�8 RTPM!Lâ
³ TPM fgr�tÉ� MTPM /��zsþ
a����;°ôõ����b�;°�Æ>(
ì��%&�«ð 8 <U!GHð 8(a)Æ>ûÝ
;° B�ð 8(b)Æ>Ü�;° X!Í�^U�&
H�;°�Rê^ RTPM�Gy0�ê^ MTPM!
ãhîÖ«�!
4.4.1 ���� B
1) Rï B>ðÆ>��� PK
Z
�zs� B ;
°��/*�H!
2) Bw8Æ>����� PK
A
� PK
Z
�>Õ X�
� PK
X
� IP
X
>ðÕ A � R�� ID
X
>ðÕ R��
PK
X
>ðÕ C� D!À� B3��;°ôõ��H
�/0t X�� �BÏÑ���!
� 2 �� ��� TPM������������ �7�
2016025-7
� 8 �����
3) X w8 PK
A
� PK
Z
��� PK
Z
�8 TPM
�Ú½�e �ÏH!X �Û�Ô;°�¦�L
PK
A
��Û�Ô;°� IP L IP
A
��®�ÉÊ@
L ID
B
!C� Dw8 PK
X
���Û�Ô;°�¦�
L PK
X
��Û�Ô;°� IPL IP
X
!Aw8 PK
X
�
IP
X
��� B�¦��ù�@L PK
X
��� IP
X
f X
Âl����!Rw8 PK
X
IP
X
� ID
X
��� PK
X
`
IP
X
� ID
X
�>Õ Z!3;°��/*�H�@ Z�
ÉÊL ID
X
��@ X�ÉÊL ID
B
!
4) Zw8 PK
X
IP
X
� ID
X
��ï�Ô;°>ð
¶ø����@�Ô;°� IPL IP
X
��@�Ô;
°�¦�L PK
X
��@®�ÉÊL ID
X
� Û�
»;°Æö�n!
4.4.2 ���� X
1) Rï X>ðÆ>��� PK
Z
�� Z�ÉÊ@
L ID
X
�� ID
X
>ðÕ Z�� X ;°��/*�
H!
2) B� �� PK
X
�@L PK
Z
�ï R>ð IP
B
� PK
B
!Xw8Æ>���ÏÑ���!Zw8 ID
X
���®�ÉÊ@L ID
X
!
3) Rw8ð IP
B
�PK
B
��� IP
B
�PK
B
�>ÕZ!
4) Zw8 IP
B
� PK
B
�ï�Ô;°>ð¶ø�
���@�Ô;°� IPL IP
B
��@�Ô;°�¦
�L PK
B
� Û�»;°Æö�n!
tÆ>��MTPMs�RTPM�eÆ>Ü�;
°�GNÆ>ÉÊ��ûÝ;°��õri�~
MTPM�Æ>zsº»!
4.5 ���������
MTPM���ûL 3�����ñín��e
£����a���ñínHm=ºÖ���e�
8��§;°� MTPM ��e£���i�Lu
Ø 1j���;°�MTPM��e�8��§�;
°��Ô�<äÕÖ;°H¿Âä�Æ;°�
MTPM��e£���i�LuØ 2j���£��
ñ MTPM ���9ä����;°ôõ��m�
8 RTPM!;°����í«ð 9<U�GHÍ�
��^U������!
� 9 !"#$
ûq���ÈÉ�n«�!
TPM fgHvÆ;°�'! 2 Æ×x�
NoTrustedList� LeftList�GH NoTrustedListH�;
�L;°�ÉÊÄGuØ�LeftListH�;�LÜ�
;°ÉÊ!zsvÆ;°{j�Æ�Ó;°�^
SubsequentList��^H;��Ù;°ÉÊ�×��!
TPMfgHvÆ;°º»«�xy!
1) SubsequentListì�Æ�Ó;°!
2) ��f�Ó;°��������&�Ì
��Í��Ó;°ÉÊÄuØ 2�ÚNoTrustedList�
�Í�����*�Ì��a���Í��Ó;°
ÉÊ�uØ 1�Ú NoTrustedList!
3) ���Ó;°��LÜ��Ì���GÉÊ
�Ú8 LeftList!
4) ��Ó;°� NoTrustedList �Ú8Á;°
� NoTrustedList���Ó;°� LeftList �Ú8Á
;°� LeftList!
5) ���Ó;°��L SubsequentListH�M
��Æ;��Ì��Í��8 1)�»!
6) �Á;°����*`NoTrustedList �
�8� % � & ' � 37(
2016025-8
LeftListm�Õ�Ô;°!
RTPM;°H� NoTrustedList� LeftList�±
�ÏV�Æ TPMfgH;°����ù!RTPM�
� LeftList ��¦��£��Ü�;°ÉÊ�^
NoStatusList!
1) NoStatusListHì�ÆÜ�;°ÉÊ�Q
�G�Ú8 NoTrustedList��uØL 2!
2) �ÀÉÊ���Ô;°ÉÊ�Ì�Ô;°É
Ê£¦¡3 NoTrustedListH�Í��Ô;°ÉÊ�
Ú8 NoTrustedList�uØ�L 2���8 2)�»!
3) �� NoStatusList����������
8 1)�»!
4.6 ����������
Lâ{j��;°ôõ�����e�(ì�
���%&!
1) Ì�Ü�;°¦¡�N�RTPM ����Ï
îï�;°Qï�ôõ}��!�ôõ}���;°
���;°Ø*;°Æö�n ÛoÚ TPMfg!
2) Ì��ÆûÝ;°¦¡�N���%&«ð
10<U!
� 10 )*�� B+,-./0�
GH�A`B`C`D`E ê^ MTPM�B �N
�K��;°ôõ���|XYH�� B��Ó
;° C D EH ì�Æ;°ê! B! ìÍ�
ÉÊM��;°!
"Ãð 10H CÉÊM��� Cê! B���
|�����ñ�#�!zs RTPM����Ïîï
BQï�ôõ}���B���Ø*;°Æö�n
ÛoÚ TPMfg��s��;°ôõ���8��!
3) Ì;°f�Ô;°zs¦¡�N���%&
«ð 11<U!
GH�B`C`F`G`Z ê^ MTPM�R ê^
RTPM!B C�N�K��;°ôõ���|XY
H��Às B ��Ó;°ØÙð 10 ��� Â�
��ÁðHaôÕ¦U3� C ��Ó;° F`G
H ì�Æ;°ê! C� ìÍØ<� ÉÊM
��;°!ðH"à F ÉÊ$ G ÉÊ��� F
ê! C!dL C ��Ô B �N�<� F aôf B
ÂlXY�=�%Yf RÂlBsXY�R TPM
fgH �ÆÉÊM��;° Z yL F ��Ô;
°�Ff ZÂlXY����|�����ñ�#
�!zs RTPM����Ïîï B`CQï�ôõ
}���B`C ���Ø*;°Æö�n ÛoÚ
TPMfg��s��;°ôõ���8��!
� 11 BC12+,-./0�
5 ��������
�AD�Áv�¦������ôõØ
��&�Aº»Ç���Äû'�1) TPMfgÂl
��;°ôõ���s�&>û'�2) TPMfg;
°��ÈÉ�äOeû'!
5.1 ����
³) 2 �(7��I-��Ï�v����
Intel Xeon E5620�4G DDRIII�STCM�ì» Linux
3.11.0�XY8 1 Gbit/s��!³)�õ�ÓÔ)*
;°Æö�n 10 N�ì�+���»�N;°Æ
ö�n�s�L 1.93 s!�Æ)�RSfv,[19]
�)�RS�Á-��v,[19]H;°�u�n¼
½ 0.82 s���dLv,[19]��ïã��TPM quote
xyq��»�N��»�N TPM quotexy�»
�b 0.8 s�=Áv�;°Æö�n�·ïã��
�b�» 2N TPM quotexy!³) OctaveÎ
100.Æ;°Âl TPMfg�GRS«ð 12<U!
ì�»;°Æö�n<�s���/yL�0
s��dL¢�ÆoÚ TPM fg� MTPM ;°a
�bã� RTPM�1��q��»�N TPM quote
xy�zsÆö�nH�¢�N TPM quotexy�
vÆ;°��zs�»�ñ�»;°Æö�n��
/s�g23¢�Æ;°oÚ TPMfg�s�1!
� 2 �� ��� TPM������������ �9�
2016025-9
Time tree one ^U;°�N TPM quotexyã��
Æ�Ó;°���Âl TPMfg�Time tree two ^
U;°()Merkel tree
[25]
[\��N TPM quotex
yã�<ä��Ó;°�Monitor ^U()v,[19]
H�;°Æö�¹! ðH��3¦�Time tree one
����100.Æ;°oÚ TPMfg�»¼½ 20 s�
Ì() Time tree two���Í��3�4�s�1
���#���;°�� ����3«�» 12 s
sJä 86.Æ;°oÚ TPMfg�=Monitor��
��20 sqrÆö 1.3.Æ;°!��Æ���°��
tTPMfg«+s�ê��s�^1�«+â�
dÀ Time tree one� Time tree two� 2���Âl
TPMfg�M¶s���¶�!Áv()�s�^
�¹r�³;°Æö�/�fs�K�/Ïí!v
,[19]H�v5�»Æö 633Æ;°�Ð;°Æö�
/�fs�K�eÏí�T<t�6�s�v
,[19]H��¹�ar7r�!
� 12 ����3452678
5.2 � ���
³) OctaveÎãä 100.Æ;°� TPMf
g�;°�����;°��ÈÉ�n���;°
ôõ�����nr�³RTPM89<ä;°��
��zsÕ¦vÆ;°����:������m
�Õ RTPM!��«^ 1<U!
� 1 ���������
9: ;<
9: 1 ��!"%=>?��@AB RTPM
9: 2 ��!"%=CD��@AB RTPM
9: 3 ��!"%=>?�>?@AB RTPM
9: 4 ��!"%=E2>?@AB RTPM
9: 5 ��!"%= RTPMFGHI
GH��� 1 Lòó;°���m������
2~�� 5 L�N;°���m���!Ç�Ã+;°
�N; 0.5%8 5%�!�LâÎ<Ç6=�GH
;°��N�Ù�N;¨����RS«ð 13<U!
� 13 J19:K���34LM��+,N�OPQR
ð 13 RS/*û'TU�N;°/�iñ�
� 2~�� 5��;°/���j>?;°/��$
f��Ã+�;°�N;�¶!�R@DIP�
�âÀØ�äOe!GH�� 2��� 3��;
°/��Á�¶�Ð$�� 4��� 5��;°/
�#��dL� 2�����;°/�W�;°�
N�cdi�;°�N���;°�N�=f�;
°%YêXY�<ä;°òój�=� 2 ����
�;°/�W#;°zs�Ni;°zs�N��
�;°fG%YêXY�|û��<ä;°zs
�Nj�cd!
6 ��
ÐÂ���������¥AB�)� b
���W1�78��«¬ÐÂ�����º»â
�10� % � & ' � 37(
2016025-10
CÚ�78�ì�â b78KS!ÁvD�3�
����HtV TPM �ºOeÙ����;°ô
õ�erBC©ª��¦â�V TPM fg���
����ôõØ!��¤fJä�¤ê$�DI
PÞßâ��;°ôõ�erBC©ª!
!"#$%
[1] STU, VW, VX. �FGYZ[\[J]. ]^&', 2011, 22(1): 71-83.
FENG D G, ZHANG M, ZHANG Y. Study on cloud computing secu-
rity[J]. Journal of Software ,2011, 22(1): 71-83.
[2] GARFINKEL T, PFAFF B, CHOW J. Terra: a virtual machine-based
platform for trusted computing[J]. ACM SIGOPS Operating Systems
Review, 2003, 37(5): 193-206.
[3] BUTT S, LAGAR-CAVILLA H A, SRIVASTAVA A. Self-service
cloud computing[C]//The 2012 ACM Conference on Computer and
Communications Security. ACM, c2012:253-264.
[4] MCCUNE J M, LI Y, QU N. TrustVisor: efficient TCB reduction and
attestation[C]//Security and Privacy (SP), 2010 IEEE Symposium.
c2010:143-158.
[5] TADOKORO H, KOURAI K, CHIBA S. Preventing information
leakage from virtual machines’ memory in IaaS clouds[J]. Information
and Media Technologies, 2012, 7(4): 1421-1431.
[6] BLEIKERTZ S, BUGIEL S, IDELER H. Client-controlled cryptogra-
phy-as-a-service in the cloud[C]//Applied Cryptography and Network
Security. Springer Berlin Heidelberg, c2013:19-36.
[7] CHEN C, RAJ H, SAROIU S. cTPM: a cloud TPM for cross-device
trusted applications[C]//The 11th USENIX Conference on Networked
Systems Design and Implementation USENIX Association. c2014:
187-201.
[8] _`a, bcd, efg. �FG: h�YZB���[J]. FGi
[\5jk, 2011, 48(l): 229-233.
WU J Y, SHEN Q L, ZHANG J L. Cloud computing: cloud security to
trusted cloud[J]. Journal of Computer Research and Development,
2011, 48(l): 229-233.
[9] SCHIFFMAN J, MOYER T, VIJAYAKUMAR H. Seeding clouds with
trust anchors[C]//The 2010 ACM Workshop on Cloud Computing Se-
curity Workshop. ACM, c2010: 43-46.
[10] DAVI L, SADEGHI A R, WINANDY M. Dynamic integrity meas-
urement and attestation: towards defense against return-oriented pro-
gramming attacks[C]//The 2009 ACM Workshop on Scalable Trusted
Computing. ACM, c2009:49-54.
[11] BERGER S, CÁCERES R, PENDARAKIS D. TVDc: managing
security in the trusted virtual datacenter[J]. ACM SIGOPS Operating
Systems Review, 2008, 42(1): 40-47.
[12] BERGER S, CÁCERES S, GOLDMAN K. Security for the cloud
infrastructure: trusted virtual data center implementation[J]. IBM
Journal of Research and Development, 2009, 53(4): 6: 1-6: 12.
[13] SAYLER A, KELLER E, GRUNWALD D. Jobber: automating in-
ter-tenant trust in the cloud[J/OL].http://www.usenix.org/node/174570,
2013.
[14] WU R, ZHANG X, AHN G J. Design and implementation of access
control as a service for iaas cloud[J]. SCIENCE, 2013, 2(3): 115-130.
[15] lm , gn, op. qr�FG�:�stuv��wx"yz
i{[J]. ]^&', 2014, 25(3): 662-674.
LIU C Y, LIN J, TANG B. Dynamic trustworthiness verification
mechanism for trusted cloud execution environment[J]. Journal of
Software, 2014, 25(3): 662-674.
[16] LI X Y, ZHOU L T, SHI Y. A trusted computing environment model in
cloud architecture[C]//Machine Learning and Cybernetics (ICMLC),
2010 International Conference. IEEE, c2010:2843-2848.
[17] ZHANG F, CHEN J, CHEN H. CloudVisor: retrofitting protection of
virtual machines in multi-tenant cloud with nested virtualization[C]//
The Twenty-Third ACM Symposium on Operating Systems Principles.
ACM, c2011:203-216.
[18] SANTOS N, GUMMADI K P, RODRIGUES R. Towards trusted
cloud computing[C]//The 2009 Conference on Hot Topics in Cloud
Computing. c2009:3.
[19] SANTOS N, RODRIGUES R, GUMMADI K P. Policy-sealed data: a
new abstraction for building trusted cloud services[C]//USENIX Secu-
rity Symposium. c2012:175-188.
[20] |}~, ���, ���. �����������������
�3��9�[J]. FGi[\5jk, 2013, 50(8): 1628-1636.
WANG L N, REN Z W, DONG Y F. A management approach to
key-used times based on trusted platform module in cloud storage[J].
Journal of Computer Research and Development, 2013, 50(8): 1628-
1636.
[21] ��, _�n. ���������{��[J]. ����FGi
8�, 2013, 34(4): 789-795.
TIAN J F, WU Z J. Trusted control model of cloud storage[J]. Journal
of Chinese Computer Systems, 2013, 34(4): 789-795.
[22] V�U, ��, V��. ������[\[J]. FGi&', 2010,
33(4): 706-717.
ZHANG H G, CHEN L, ZHANG L Q. Research on trusted network
connection[J]. Chinese Journal of Computers, 2010, 33(4): 706-717.
[23] WANG J, ZHAO B, ZHANG H. POSTER: an E2E trusted cloud
infrastructure[C]//The 2014 ACM SIGSAC Conference on Computer
and Communications Security. ACM, c2014:1517-1519.
[24] ��`, _ j, ¡¢. �FGuvK�£¤i��¥4��[J].
¦§¨&&'(©ª«&¬), 2014, 44(1): 45-50.
ZHOU Z J, WU L F, HONG Z. Trustworthiness measurement model
of virtual machine for cloud computing[J]. Journal of Southeast Uni-
versity (Natural Science Edition), 2014, 44(1):45-50.
[25] SZYDLO M. Merkle tree traversal in log space and time[C]//Ad-
vances in Cryptology-EUROCRYPT 2004. Springer Berlin Heidelberg,
c2004:541-554.
����
����1989-������������� ��
����������������
����1965-���������
� ���� !"� �#$���
������%&'"()*��"+,
-."����"����