logo资料库

可信计算(A.Practical.Guide.to.Trusted.Computing).pdf

第1页 / 共376页
第2页 / 共376页
第3页 / 共376页
第4页 / 共376页
第5页 / 共376页
第6页 / 共376页
第7页 / 共376页
第8页 / 共376页
资料共376页,剩余部分请下载后查看
A Practical Guide to Trusted Computing
Contents
Preface
Acknowledgments
About the Authors
Part I: Background Material
Chapter 1 Introduction to Trusted Computing
Computer Security Attacks Are Staggeringly Expensive
The Changing Threats to Computer Security
Can Software Be Made Completely Secure?
How Can the TPM Help?
Privacy and Recovery—Special Considerations for Hardware
Summary
Endnotes
Chapter 2 Design Goals of the Trusted Platform Module
Securely Reporting the Environment: Platform Status
Secure Storage
Secure Signatures
Secure Identity
Isolation of Users in a Multiple User Environment
Internal Random Number Generation
Features Not Included
Security Analysis
Summary
Chapter 3 An Overview of the Trusted Platform Module Capabilities
Secure Storage: The Storage Root Key
Migratable Versus Non-Migratable Keys
Types of Keys
Platform Integrity
Secure Signatures
Summary
Part II: Programming Interfaces to TCG
Chapter 4 Writing a TPM Device Driver
TCG Device Driver Library
TPM 1.1b Specification Device Interface
TPM 1.2 Specification Device Interface
Summary
Chapter 5 Low-Level Software: Using BIOS and TDDL Directly
Talking to the TPM Through BIOS
Talking to the TPM Through TDDL
Taking Ownership
Summary
Chapter 6 Trusted Boot
Trusted Boot with Static Root of Trust
Dynamic Root of Trust Measurements
AMD’s Secure Virtual Machine
Proof of Locality
Summary
Chapter 7 The TCG Software Stack
TSS Design Overview
The TCG Service Provider Interface (Tspi)
TSP Object Types
TSS Return Codes
TSS Memory Management
Portable Data
Persistent Key Storage
Signing and Verifying
Setting Callback Functions
The TSS Validation Data Structure
Summary
Chapter 8 Using TPM Keys
Creating a Key Hierarchy
Utility Functions
Summary
Chapter 9 Using Symmetric Keys
Data Binding
Data Sealing
Encrypting Files
Summary
Chapter 10 The TSS Core Service (TCS)
Overview of a TCS
Utilizing and Implementing a TCS
Brief Breakdown of the .wsdl File
InParms and OutParms in the Complex Types
The Messages
The Operations in portType
The Operations in the Binding
The Service
Privacy Concerns with the TCS
Summary
Chapter 11 Public Key Cryptography Standard #11
PKCS#11 Overview
A PKCS#11 TPM Token
RSA Key Restrictions
Administration
Design Requirements
openCryptoki’s Design
Migration
Summary
Part III: Architectures
Chapter 12 Trusted Computing and Secure Storage
Linking to Symmetric Algorithms
Encrypting Files for Storage on a Group Hard Disk for Group Access
Encrypting Files for Storage in a Backup Facility
Locking Data to Specific PCs
Content Protection
Secure Printing
Secure Faxing
Super Secure Migratable Storage
Summary
Chapter 13 Trusted Computing and Secure Identification
Logon Password Storage
VPN Endpoints
Delegation of Authority
Delegation Without Allowing Further Migration
Credit Card Endpoints
Multiple Users on a Single System
Secure Hoteling
Creating a PKI with the Endorsement Key
Links to Biometrics
Links to Smart Cards
Virtual Dongles
Trusted Endpoints
Medical Solutions for HIPAA Compliance
COTS Security Solutions for the Military
Working with IP Telephony
Working with IPSec
Working with Service Meters
Working with Network Switches
Summary
Chapter 14 Administration of Trusted Devices
Secure Backup/Maintenance
Assignment of Key Certificates
Secure Time Reporting
Key Recovery
TPM Tools
Summary
Chapter 15 Ancillary Hardware
Trusted Path
Trusted Display
Summary
Chapter 16 Moving from TSS 1.1 to TSS 1.2
Certified Migratable Keys
Delegation
Direct Anonymous Attestation
Locality
PCRs—New Behavior
NVRAM
Auditing Functions
Monotonic Counter
Tick Counter
SOAP
Transport Session
Administrative and Convenience Functions
Example Program
Summary
Part IV: Appendixes
Appendix A: TPM Command Reference
Appendix B: TSS Command Reference
Appendix C: Function Library
Appendix D: TSS Functions Grouped by Object and API Level
Index
A
B
C
D
E
F
G–H
I
J–K
L–M
N
O
P
Q–R
S
T
U–V
W–Z
This page intentionally left blank
A Practical Guide to Trusted Computing
IBM Press COMPUTING Autonomic Computing Murch I ISBN 013144025X Business Intelligence for the Enterprise Biere I ISBN 0131413031 Grid Computing Joseph and Fellenstein I ISBN 0131456601 Implementing ITIL Configuration Management Klosterboer I ISBN 0132425939 Inescapable Data Stakutis and Webster I ISBN 0131852159 Mainframe Basics for Security Professionals Pomerantz, Vander Weele, Nelson, and Hahn I ISBN 0131738569 On Demand Computing Fellenstein I ISBN 0131440241 A Practical Guide to Trusted Computing High Availability Guide for DB2® Eaton and Cialini I ISBN 0131448307 The Official Introduction to DB2® for z/OS®, Second Edition Sloan I ISBN 0131477501 Understanding DB2® 9 Security Bond, See, Wong, and Chan I ISBN 0131345907 Understanding DB2®, Second Edition Chong, Wang, Dang, and Snow I ISBN 0131580183 WEBSPHERE Enterprise Java™ Programming with IBM® WebSphere®, Second Edition Brown, Craig, Hester, Pitt, Stinehour, Weitzel, Amsden, Jakab, and Berg ISBN 032118579X Enterprise Messaging Using JMS and IBM® WebSphere® Yusuf I ISBN 0131468634 IBM® WebSphere® Challener, Yoder, Catherman, Safford, and Van Doorn I ISBN 0132398427 Barcia, Hines, Alcott, and Botzum I ISBN 0131468626 RFID Sourcebook Lahiri I ISBN 0131851373 Service-Oriented Architecture (SOA) Compass Bieberstein, Bose, Fiammante, Jones, and Shah I ISBN 0131870025 RATIONAL AND SOFTWARE DEVELOPMENT IBM Rational® ClearCase®, Ant, and CruiseControl Lee I ISBN 0321356993 IBM® Rational® Unified Process® Reference and Certification Guide Shuja and Krebs I ISBN 0131562924 Implementing IBM® Rational® ClearQuest® Buckley, Pulsipher, and Scott I ISBN 0321334868 Implementing the IBM® Rational Unified Process® and Solutions Barnes I ISBN 0321369459 Outside-in Software Development Kessler and Sweitzer I ISBN 0131575511 Project Management with the IBM® Rational Unified Process® Gibbs I ISBN 0321336399 Requirements Management Using IBM® Rational® RequisitePro® Zielczynski I ISBN 0321383001 Software Configuration Management Strategies and IBM® Rational® ClearCase®, Second Edition Bellagio and Milligan I ISBN 0321200195 Visual Modeling with IBM® Rational® Software Architect and UML™ Quatrani and Palistrant I ISBN 0321238087 INFORMATION MANAGEMENT An Introduction to IMS™ Meltz, Long, Harrington, Hain, and Nicholls I ISBN 0131856715 DB2® Express Yip, Cheung, Gartner, Liu, and O’Connell I ISBN 0131463977 DB2® for z/OS® Version 8 DBA Certification Guide Lawson I ISBN 0131491202 DB2® SQL PL, Second Edition Janmohamed, Liu, Bradstock, Chong, Gao, McArthur, and Yip ISBN 0131477005 DB2® 9 for Linux®, UNIX®, and Windows® Baklarz and Zikopoulos I ISBN 013185514X IBM® WebSphere® Application Server for Distributed Platforms and z/OS® Black, Everett, Draeger, Miller, Iyer, McGuinnes, Patel, Herescu, Gissel, Betancourt, Casile, Tang, and Beaubien I ISBN 0131855875 IBM® WebSphere® System Administration Williamson, Chan, Cundiff, Lauzon, and Mitchell I ISBN 0131446045 WebSphere® Business Integration Primer Iyengar, Jessani, and Chilanti I ISBN 013224831X LOTUS IBM® WebSphere® and Lotus® Lamb, Laskey, and Indurkhya I ISBN 0131443305 Lotus® Notes® Developer’s Toolbox Elliott I ISBN 0132214482 OPEN SOURCE Apache Derby—Off to the Races Zikopoulos, Baklarz, and Scott I ISBN 0131855255 Building Applications with the Linux® Standard Base Linux Standard Base Team I ISBN 0131456954 Performance Tuning for Linux® Servers Johnson, Huizenga, and Pulavarty I ISBN 013144753X BUSINESS STRATEGY & MANAGEMENT Can Two Rights Make a Wrong? Moulton Reger I ISBN 0131732943 Developing Quality Technical Information, Second Edition Hargis, Carey, Hernandez, Hughes, Longo, Rouiller, and Wilde ISBN 0131477498 Do It Wrong Quickly Moran I ISBN 0132255960 Irresistible! Bailey and Wenzek I ISBN 0131987585 Mining the Talk Spangler and Kreulen I ISBN 0132339536 Reaching the Goal Ricketts I ISBN 0132333120 Search Engine Marketing, Inc. Moran and Hunt I ISBN 0131852922 The New Language of Business Carter I ISBN 013195654X Visit www.ibmpressbooks.com for a complete list of IBM Press books
IBM WebSphere [SUBTITLE ] A Practical Guide to Trusted Computing Deployment and Advanced Configuration Roland Barcia, Bill Hines, Tom Alcott, and Keys Botzum David Challener Kent Yoder Ryan Catherman David Safford Leendert Van Doorn IBM Press Pearson plc Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Cape Town • Sydney • Tokyo • Singapore • Mexico City Ibmpressbooks.com
The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. © Copyright 2008 by International Business Machines Corporation. All rights reserved. Note to U.S. Government Users: Documentation related to restricted right. Use, duplication, or disclosure is subject to restric- tions set forth in GSA ADP Schedule Contract with IBM Corporation. IBM Press Program Managers: Tara Woodman, Ellice Uffer Cover design: IBM Corporation Associate Publisher: Greg Wiegand Marketing Manager: Kourtnaye Sturgeon Publicist: Heather Fox Acquisitions Editor: Greg Wiegand Development Editors: Kevin Howard, Chris Zahn Managing Editor: Gina Kanouse Designer: Alan Clements Project Editor: Michelle Housley Copy Editor: Water Crest Publishing Indexer: WordWise Publishing Services LLC Senior Compositor: Gloria Schurick Proofreader: Lori Lyons Manufacturing Buyer: Anna Popick Published by Pearson plc Publishing as IBM Press IBM Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com. For sales outside the U.S., please contact: International Sales international@pearsoned.com. The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: IBM, the IBM logo, IBM Press, DB2, Lotus, Rational, Tivoli, WebSphere, Notes and AIX. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Micro- soft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other coun- tries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
Library of Congress Cataloging-in-Publication Data Challener, David. A practical guide to trusted computing / David Challener, Kent Yoder. p. cm. Includes index. ISBN 0-13-239842-7 1. Embedded computer systems. 2. Programmable controllers. 3. Computer security. I. Yoder, Kent. II. Title. TK7895.E42C4533 2007 005.8—dc22 2007038929 All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, write to: Pearson Education, Inc Rights and Contracts Department 501 Boylston Street, Suite 900 Boston, MA 02116 Fax (617) 671 3447 ISBN-13: 978-0-13-239842-8 ISBN-10: 0-13-239842-7 Text printed in the United States on recycled paper at R.R. Donnelley in Crawfordsville, Indiana. First printing December 2007
This book is dedicated to all the people who worked so hard to make the TPM and TSS specifications what they are today. It is also dedicated to my wife, Ruth, who allowed me the time to work on this book. —David Challener
分享到:
收藏