可信计算规范要求可信计算平台上运行的所有组件均要保证可信,这一机制严重制约了可信计算平台的应用.本文提出一种容忍非信任组件的可信终端模型,与现有可信计算平台相比,该模型允许非信任组件的存在,但同时能保证安全结果可预测和可控性.模型分为可信域和容忍非信任组件的不可信域.基于信息流无干扰理论和域间无干扰思想,给出非信任组件容忍机制并推导出可信终端应满足的充分条件.在此基础上给出具体的物理模型设计,并证明该模型为可信终端模型.%The Trust Computing Group Specifications specify all components running on the trusted computing platform should be trusted, which seriously restrained the applications of trusted computing platform. This paper proposes a trusted terminal computer model tolerating untrusted components. Comparing with the existing trusted platforms, the model allows untrusted components loading and assures the security results be expected and controlled. The model includes trusted domains and untrusted domains tolerating untrusted components. With the non-interference theory, an untmsted component-tolerating mechanism is designed and reasons out the sufficient conditions about the trusted domain can rum trustfully. Based on the theory model, provides a detailed physical model and proves it be a tr usted terminal computer model.
展开▼
