Research on theory and key technology of trusted computing platform security testing and evaluation

作     者：ZHANG HuanGuo1,2, YAN Fei1,2, FU JianMing1,2, XU MingDi1,2, YANG Yang1,2, HE Fan1,2 & ZHAN Jing1,2 1School of Computer, Wuhan University, Wuhan 430072, China 2Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China 

作者机构：School of Computer Wuhan University Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education 

出 版 物：《Science China(Information Sciences)》 (中国科学:信息科学(英文版))

年 卷 期：2010年第53卷第3期

页      面：434-453页

核心收录：

学科分类：0810[工学-信息与通信工程] 0808[工学-电气工程] 08[工学] 0839[工学-网络空间安全] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Natural Science Foundation of China (Grant Nos. 60673071, 60970115 and 90718005) the National High-Tech Research & Development Program of China (Grant Nos. 2007AA01Z411,2006AA01Z442) the Open Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education (Grant Nos. AISTC2008 01, AISTC2008Q02) 

主　　题：information security trusted computing trusted computing platform testing and evaluation 

摘      要：Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.