A data sealing approach based on integrity measurement architecture

CORC > 北京大学 > 软件与微电子学院

	A data sealing approach based on integrity measurement architecture
	Shen, Qingni ; Du, Hong ; Wen, Han ; Qing, Sihan
刊名	jisuanji yanjiu yu fazhancomputer research and development
	2012
英文摘要	As an important capability of trusted computing platform, sealing can provide strong data storage security by combining data's encryption with the platform configuration, by which data can only be unsealed under specific configurations. However, sealing operation is hard to use for the complexity of modern OS, the randomness of the loading order of the booting components, the frequently changing configuration, software update and patches. IMA (integrity measurement architecture) implemented in operating system could measure the dynamic configurations and extend them to the trust chain of the whole trusted platform, and then support the data sealing. Therefore, a new approach to data sealing based on IMA is proposed here, which seals data to a relatively fixed configuration in PCR0-PCR7 (Platform Configuration Register) and then applies a list policy (black list policy or white list policy) to the measurement list (ML) in IMA for the variable configuration in PCR10 to determine whether the unseal operation can be performed. Finally, a prototype system 'TPM Master' implemented in Linux is given and its performance and security analysis are both evaluated. The results show that the proposed approach could solve the issue of the PCR value varying with the OS complexity and make updating process much more flexible by the list policy, without re-sealing the original data.; EI; 0; 1; 210-216; 49
语种	英语
内容类型	期刊论文
源URL	[http://ir.pku.edu.cn/handle/20.500.11897/325780]
专题	软件与微电子学院
推荐引用方式 GB/T 7714	Shen, Qingni,Du, Hong,Wen, Han,et al. A data sealing approach based on integrity measurement architecture[J]. jisuanji yanjiu yu fazhancomputer research and development,2012.
APA	Shen, Qingni,Du, Hong,Wen, Han,&Qing, Sihan.(2012).A data sealing approach based on integrity measurement architecture.jisuanji yanjiu yu fazhancomputer research and development.
MLA	Shen, Qingni,et al."A data sealing approach based on integrity measurement architecture".jisuanji yanjiu yu fazhancomputer research and development (2012).