Research on the Architecture of Trusted Attestation within Operating System
Trusted attestation is the activity of making the claim about the properties of a target entity by supplying evidence to a verifier, and it is an important function of trusted computing. At present, the research on trusted attestation mainly focuses on remote attestation between computing platforms, while the trusted attestation between entities within operating system is of great significance for constructing trusted operating system and preventing illegal information flows within operating system. In this paper, trusted attestation is introduced into the interior of operating system, and based on research on the definitions and classification of operating system entities, a kind of architecture of trusted attestation within operating system (ATIOS) is proposed. The essential mechanisms constituting ATIOS are given and described, including entity identity management, trusted measurement, key management, domain separation and attestation protocol. Furthermore, a trusted attestation protocol within operating system is designed and the security of the protocol is analyzed. Finally, the realization and implementation of ATIOS prototype is presented. The prototype confirms that ATIOS can effectively realize trusted attestation between entities within operating system, establish trust relations between entities of different levels in operating system, and prevent the malicious entity form executing.
Trusted attestation attestation entity operating system architecture
Siyuan Xin Yong Zhao Yi Liu Changxiang Shen
Zhengzhou Information Science and Technology Institute , Zhengzhou, China State Key Laboratory of In College of Computer Science Beijing University of Technology Beijing, China
国际会议
成都
英文
927-931
2010-12-17(万方平台首次上网日期,不代表论文的发表时间)