Abstract
This paper fist gives an investigation on trusted computing on mainstream operation system (OS). Based on the observations, it is pointed out that Trusted Computing cannot be achieved due to the lack of separation mechanism of the components in mainstream OS. In order to provide a kind of separation mechanism, this paper proposes a separated domain-based kernel model (SDBKM), and this model is verified by non-interference theory. By monitoring and simplifying the trust dependence between domains, this model can solve problems in trust measurement such as deny of service (DoS) attack, Host security, and reduce the overhead of measurement.
Similar content being viewed by others
References
Trusted Computing Group. TPM Main Specification Versions 1. 2 [EB/OL]. [2006-03-07].htt://www.trustedcomputinggroup.org.
Reid J F, Caelli W. J DRM, Trusted Computing and Operating System Architecture[C]//Proceeding of Australasian Information Security Workshop (AISW) 2005. Newcastle, Australia, Feb 2005.
Kelem N L, Reiertag R J. A, Separation Model for Virtual Machine Monitors[C]//Proceeding of the Sysposium on Research in Security and Privacy. Oakland, USA, May 1991.
Rushby J. Proof of Separability: A Verification Technique for a Class of Security Kernels[C]//Proceeding of the 5th International Symposium on Programming. Turin, Italy, April 1982.
Rushby J.Safe and Secure Computing Systems [M]. Malden: Blackwell Science Inc., 1989.
Garfinkel T, Pfaff B, Chow J. Terra: A Virtual Machine-Based Platform for Trusted Computing[C]//Proceedings of the 19th ACM Symposium on Operating Systems Principles. Bolton Landing, USA, Oct 2003.
Microsoft. Security Model for the Next-Generation Secure Computing Base [EB/OL]. [2006-03-07].http://www.microsft.com
Sailer R, Zhang Xiaolan, Jaeger T,et al. Design and Implementation of a TCG-Based Integrity Measurement Architecture[C]//Proceeding of the 13th USENIX Security Symposium. San Diego, USA, Aug 2004.
Rushby JNoninterference, Transitivity, and Channel-Control Security Policies [R]. Menlo Park: Stanford Research Institute, 1992.
Grace H N,Proposed Technical Evaluation Criteria for Trusted Computer Systems [M]. Bedford: The Mitre Corporation, 1979.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Basic Research Program of China (G1999035801)
Biography: FANG Yanxiang (1975) male, Ph. D. candidate, research direction: system security.
Rights and permissions
About this article
Cite this article
Yanxiang, F., Changxiang, S., Jingdong, X. et al. A separated domain-based kernel model for trusted computing. Wuhan Univ. J. Nat. Sci. 11, 1424–1428 (2006). https://doi.org/10.1007/BF02831789
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02831789