作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2006, Vol. 32 ›› Issue (17): 194-196,. doi: 10.3969/j.issn.1000-3428.2006.17.068

• 安全技术 • 上一篇    下一篇

分布式系统中计算安全问题的一种解决方案

方艳湘1;沈昌祥2;黄 涛3   

  1. 1. 南开大学信息科学技术学院,天津300071;2. 海军计算技术研究所,北京 100841;
    3. 解放军信息工程大学电子技术学院,郑州 450052
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-09-05 发布日期:2006-09-05

A Solution for Security Problem in Distributed Computing Systems

FANG Yanxiang1;SHEN Changxiang2;HUANG Tao3   

  1. 1. College of Information Technical Science, Nankai University, Tianjin 300071; 2. Computing Technology Institute of China Navy,
    Beijing 100841; 3. Electronic Technology Institute, PLA Information Engineering University, Zhengzhou 450052
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-09-05 Published:2006-09-05

摘要: 分布式计算系统安全问题分为两大类:分布式计算的安全和主机的安全。其中恶意主机问题较难解决,该文通过对恶意主机问题的形式化分析,提出了一种基于可信域的终端模型(Trust Domain Based Terminal Model, TDBTM)。该模型通过分布式应用参与制定本地访问控制决策来解决分布式系统对信息的机密性和完整性要求。同时提出了基于该模型以及可信计算思想设计的体系结构(Trust Domain Based Terminal Architecture, TDBTA),以满足远程证实终端系统可信的需要。结合上述两点内容,该方案有望从根本上解决分布式计算系统中恶意主机带来的安全问题。

关键词: 分布式计算, TCG, TPM, 可信计算, 恶意主机

Abstract: There are two classes of security problems in distributed computing system, security of hosts and security of distributed applications. This paper analyzes the problem of malicious hosts with formalized method, and proposes a trust domain based terminal model (TDBTM). The model which has distributed applications participate in establishing local system’s access control policies should solve the requirement for guaranteeing integrity and confidentiality of distributed applications. Also, it proposes a trust domain based terminal architecture (TDBTA) to meet the remote attestation of terminal systems. With these two propositions, this solution can deracinate the malicious host problem fundamentally.

Key words: Distributed computing systems, TCG, TPM, Trust computing, Malicious host