移动智能平台的可信计算体系结构与应用研究

在分析移动智能平台安全需求基础上,从逻辑原理、硬件组成、软件系统三个层面提出了移动智能平台的可信计算体系结构,之后提出了包含十种可信计算应用功能的全景图。     

基于可信包装的可信软件构造模型

Since the guarantee of trustiness is considered inadequate in traditional software development methods, software developed using these methods lacks effective measures for ensuring its trustiness. Combining agent technique with the support of trusted computing provided by TPM, a trust shell based constitution model of trusted software (TSCMTS) is demonstrated, trust shell ensures the trustiness of software logically. The concept of Trust Engine is proposed, which extends the “chain of trust” of TCG into application, and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness; Data Structure called trust view is defined to represent the characteristic of software behavior. For the purpose of improving the accuracy of trustiness constraints, a strategy for determining the weights of characteristic attributes based on information entropy is proposed. Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.     

Endogenous Innovation, the Organization of Work and Institutional Context

Drawing on the results of the third Community Innovation Survey and the third European Working Conditions Survey, this paper develops aggregate indicators at the national level of innovation modes and forms of work organization for the 15 member nations of the European Union in 2000. The analysis based on these indicators demonstrates that there is a close connection between how people work and learn in a country and the way firms＇ innovate. Specifically, it shows that in nations where work is organized to support high levels of discretion in solving complex problems firms tend to be more active in terms of endogenous innovation, i.e. innovation developed, at least to some degree, in house. In countries where learning and problem-solving on the job are more constrained, and little discretion is left to the employee, firms tend to engage in a supplier-dominated innovation strategy. The technological renewal of these firms reflects, almost exclusively, absorption of innovations developed elsewhere.     

基于TEE的移动终端数据安全研究与实现

分析对比了移动终端数据安全的3种实现方式,提出了基于TEE的移动终端数据安全框架,并探讨了典型TEE移动支付方案.在典型方案基础上,创新性地提出了基于TEE的指纹动态调整支付额度的业务方案,最后给出了核心代码实现.     

Trusted solution monitoring system based on ZigBee wireless sensor network

In the greenhouse environment,the concentration of nutrient solution was always ignored.At the same time,the core node coordinator of the ZigBee wireless monitoring system was easily compromised.A trusted solution monitoring system based on ZigBee wireless sensor network was designed and implemented.Firstly the hardware structure of sensor,router and coordinator was introduced.Then the processes of external voltage measurement and data cleaning were illustrated.For realizing the trusted boot of the coordinator,trusted u-boot to measure the integrity of some key files was designed.Experimental results show that the solution concentration data could be sent from each node to the monitoring computer and the remote terminal.At the same time,the trusted module of the coordinator can detect the captured coordinator node and warning.Therefore,the designed system has strong function and security.     

区块链的安全风险评估模型

随着区块链技术在社会经济领域的应用不断扩大,区块链的安全问题受到越来越多的关注.本文提出了一种新的区块链安全风险评估方法,分别从技术架构和算力两方面量化区块链的安全风险.我们首先根据区块链技术体系架构建立了区块链可信计算基(Blockchain Trusted Computing Base,BTCB),进而设计了一种结...     

基于可信计算的移动终端签名方案

针对当前移动终端支付系统的安全性问题,分析了可信计算技术的基本思想,利用双线性对及离散对数问题的数学知识,提出了一种在可信移动平台上结合SIM卡的数字签名方案,增加了移动终端系统的安全性。为了防止消息在公共信道被篡改,利用用户与签名者的一次一密密码加密系统对消息和签名进行加密处理。最后,给出该方案的正确性证明和安全性分析,证明该方案在理论上可行且具有很高的安全性。     

没有SDC的(t，n)门限秘密共享方案

利用椭圆曲线离散问题对数问题的难解性,给出了基于椭圆曲线密码体制的(t,n)门限秘密共享方案。基于门限秘密共享方案一般分为需要SDC和不需要SDC两类,在分布式环境下,一个被所有成员信任的SDC并不存在,不需要SDC的门限秘密共享方案的安全性得到很大的提高,该方案中由组成员共同生成群公钥和私有密钥。并给出了当新成员加入时,无SDC下的周期密钥分片的更新方案。还给出了一个本方案数据实例,最后对本方案的安全性进行了分析。     

一种软件源的可信管控模型设计

基于对目前可信计算信任链及度量基准值采集流程存在的问题,提出了软件源的可信管控模型,实现软件的安全认定、度量基准值统一计算采集以及可信第三方的集中管控,为软件的可信运行奠定了基础,降低了可信度量值采集工作的复杂度,对软件源的可信管控实施具有一定的指导意义。此外,进行了软件可信表征格式和基于可信表征的可信度量流程设计,将软件源的可信延伸至软件加载的可信和软件运行的可信,较大程度地提升了软件全生命周期的可信证明强度。     

基于可信根的计算机终端免疫模型

人工免疫系统方法中的否定选择(NS)算法已广泛应用于病毒防护、入侵检测、垃圾邮件检测等.然而,由于当前的计算机中不存在类似"免疫器官"的硬件部件,无法对NS算法的运行提供保护,可能造成其运行过程遭受恶意干扰,成熟检测器和中间变量遭受篡改,进而导致其检测结果不可信.借鉴自然免疫系统的组成和原理,提出一种基于可信根的计算机终端免疫模型(TRBCTIM),引入可信计算技术中的可信根作为"免疫器官",对NS算法实施保护.采用无干扰可信模型理论对新模型进行分析,并通过构建新模型的原型系统来进行性能实验.理论分析及实验结果表明,新模型能够确保NS算法的运行过程和检测结果可信.