Design of trusted Java card code loading mechanism
-
摘要: 对满足可信计算平台(TCP,Trusted Computing Platform)需求的代码管理问题,提出了以Java卡为核心,以代码签名技术为主要手段,以卡内的安全域(security domain)作为各个软件权威(Java卡设备发行方和应用提供方)安全策略执行者的可信代码管理框架.新机制支持设备发行方软件的装载和更新,完善了应用提供方安全域的装载和更新流程,并对下载命令数据结构进行了扩充.解决了在复杂应用环境中,多个软件权威相互独立的限制条件下,代码的免人工广播式发布问题,扩展了传统Java卡软件装载模式,提高了系统的安全性,为使用Java卡平台进行可信计算提供保障.Abstract: Based on the requirements of the trusted computing platform (TCP) program code management, a trusted code management framework was proposed. The Java card technique was the core of the framework. The code signature technique was adopted for the program loading authentication while the on-card security domains were created as the off-card software authorities- security policies executors. The novel mechanism supported the installation and hot update of the device issuer software, promoted the installation and update procedure of the application provider software, and expanded the code-loading command data structure. The framework implemented the un-manual code broadcast distribution with the limitation of mutual independency of all software authorities under the hostile environment. This advanced Java card software loading mode improves the system-s security, and enables the trusted computing on the Java card platform.
-
Key words:
- Java card /
- trusted computing platform /
- code-loading /
- code signature
-
[1] Kent S. Protecting externally supplied software in small computers . Massachusetts, USA: Massachusetts Institute of Technology, 1980 [2] Whit S R, Comerford L D. ABYSS: a trusted architecture for software protection // Proceedings of the IEEE Symposium on Security and Privacy. New York, USA: IEEE Computer Society Press, 1987, 38-51 [3] White S, Weingart S H, Arnold W, et al. Introduction to the citadel architecture: security in physically exposed environment . RC16672, 1991 [4] Yee B S. Using secure coprocessors . Pittsburgh, USA: Department of Computer Science, Carnegie Mellon University, 1994 [5] Sean W S.可信计算平台:设计与应用[M].冯登国,徐震,张立武译.北京: 清华大学出版社, 2006:54-55 Sean W S. Trusted computing platforms: design and applications [M]. Translated by Feng Dengguo, Xu Zhen and Zhang Liwu. Beijing: Tsinghua University Press, 2006:54-55(in Chinese) [6] Sun Microsystems, Inc. Java card platform specification2.2.2 . NewYork, U.S: Sun Microsystems, Inc, 2005. http://www.Javasoft.com [7] Global Platform, Inc. Global platform card specification 2.1 . Readwood, U.S: GlobalPlatform, Inc , 2001. http://www.globalplatform.org
点击查看大图
计量
- 文章访问数: 3070
- HTML全文浏览量: 184
- PDF下载量: 1362
- 被引次数: 0