Abstract: With the increasingly complicated of the network environment based on Internet, the studies of security technologies like firewall,IDS, and trusted computing are becoming hotter and hotter. Based on the idea of trusted computing, a network model is set up using the attestation method, and a distributed firewall architecture is offered based on the model. With the plan, the coming in and out packets will be checked according to special secure policies, to achieve the security and trustiness completely.

Key words: Trusted computing; Trusted network; Distributed firewall; IPSec; Secure policy

摘要： 随着基于Internet 的网络环境不断复杂化，防火墙、入侵检测以及可信计算等安全性技术也逐渐成为这一领域研究的焦点。在可信计算概念基础上，建立了一个验证(Attestation)方式的可信网络模型，并提出了一个基于该模型的分布式防火墙(Distributed Firewall)架构，根据既定的安全策略对接收到数据包和发送出的数据包进行安全性检测分析，以成功地实现网络的安全性和可信性。

关键词: 可信计算；可信网络；分布式防火墙；IPSec；安全策略