第1页 / 共376页
第2页 / 共376页
第3页 / 共376页
第4页 / 共376页
第5页 / 共376页
第6页 / 共376页
第7页 / 共376页
第8页 / 共376页
可信计算(A.Practical.Guide.to.Trusted.Computing).pdf
A Practical Guide to Trusted Computing
Contents
Preface
Acknowledgments
About the Authors
Part I: Background Material
Chapter 1 Introduction to Trusted Computing
Computer Security Attacks Are Staggeringly Expensive
The Changing Threats to Computer Security
Can Software Be Made Completely Secure?
How Can the TPM Help?
Privacy and Recovery—Special Considerations for Hardware
Summary
Endnotes
Chapter 2 Design Goals of the Trusted Platform Module
Securely Reporting the Environment: Platform Status
Secure Storage
Secure Signatures
Secure Identity
Isolation of Users in a Multiple User Environment
Internal Random Number Generation
Features Not Included
Security Analysis
Summary
Chapter 3 An Overview of the Trusted Platform Module Capabilities
Secure Storage: The Storage Root Key
Migratable Versus Non-Migratable Keys
Types of Keys
Platform Integrity
Secure Signatures
Summary
Part II: Programming Interfaces to TCG
Chapter 4 Writing a TPM Device Driver
TCG Device Driver Library
TPM 1.1b Specification Device Interface
TPM 1.2 Specification Device Interface
Summary
Chapter 5 Low-Level Software: Using BIOS and TDDL Directly
Talking to the TPM Through BIOS
Talking to the TPM Through TDDL
Taking Ownership
Summary
Chapter 6 Trusted Boot
Trusted Boot with Static Root of Trust
Dynamic Root of Trust Measurements
AMD’s Secure Virtual Machine
Proof of Locality
Summary
Chapter 7 The TCG Software Stack
TSS Design Overview
The TCG Service Provider Interface (Tspi)
TSP Object Types
TSS Return Codes
TSS Memory Management
Portable Data
Persistent Key Storage
Signing and Verifying
Setting Callback Functions
The TSS Validation Data Structure
Summary
Chapter 8 Using TPM Keys
Creating a Key Hierarchy
Utility Functions
Summary
Chapter 9 Using Symmetric Keys
Data Binding
Data Sealing
Encrypting Files
Summary
Chapter 10 The TSS Core Service (TCS)
Overview of a TCS
Utilizing and Implementing a TCS
Brief Breakdown of the .wsdl File
InParms and OutParms in the Complex Types
The Messages
The Operations in portType
The Operations in the Binding
The Service
Privacy Concerns with the TCS
Summary
Chapter 11 Public Key Cryptography Standard #11
PKCS#11 Overview
A PKCS#11 TPM Token
RSA Key Restrictions
Administration
Design Requirements
openCryptoki’s Design
Migration
Summary
Part III: Architectures
Chapter 12 Trusted Computing and Secure Storage
Linking to Symmetric Algorithms
Encrypting Files for Storage on a Group Hard Disk for Group Access
Encrypting Files for Storage in a Backup Facility
Locking Data to Specific PCs
Content Protection
Secure Printing
Secure Faxing
Super Secure Migratable Storage
Summary
Chapter 13 Trusted Computing and Secure Identification
Logon Password Storage
VPN Endpoints
Delegation of Authority
Delegation Without Allowing Further Migration
Credit Card Endpoints
Multiple Users on a Single System
Secure Hoteling
Creating a PKI with the Endorsement Key
Links to Biometrics
Links to Smart Cards
Virtual Dongles
Trusted Endpoints
Medical Solutions for HIPAA Compliance
COTS Security Solutions for the Military
Working with IP Telephony
Working with IPSec
Working with Service Meters
Working with Network Switches
Summary
Chapter 14 Administration of Trusted Devices
Secure Backup/Maintenance
Assignment of Key Certificates
Secure Time Reporting
Key Recovery
TPM Tools
Summary
Chapter 15 Ancillary Hardware
Trusted Path
Trusted Display
Summary
Chapter 16 Moving from TSS 1.1 to TSS 1.2
Certified Migratable Keys
Delegation
Direct Anonymous Attestation
Locality
PCRs—New Behavior
NVRAM
Auditing Functions
Monotonic Counter
Tick Counter
SOAP
Transport Session
Administrative and Convenience Functions
Example Program
Summary
Part IV: Appendixes
Appendix A: TPM Command Reference
Appendix B: TSS Command Reference
Appendix C: Function Library
Appendix D: TSS Functions Grouped by Object and API Level
Index
A
B
C
D
E
F
G–H
I
J–K
L–M
N
O
P
Q–R
S
T
U–V
W–Z
This page intentionally left blank
A Practical Guide to
Trusted Computing
IBM Press
COMPUTING
Autonomic Computing
Murch I ISBN 013144025X
Business Intelligence for the Enterprise
Biere I ISBN 0131413031
Grid Computing
Joseph and Fellenstein I ISBN 0131456601
Implementing ITIL Configuration Management
Klosterboer I ISBN 0132425939
Inescapable Data
Stakutis and Webster I ISBN 0131852159
Mainframe Basics for Security Professionals
Pomerantz, Vander Weele, Nelson, and Hahn I ISBN 0131738569
On Demand Computing
Fellenstein I ISBN 0131440241
A Practical Guide to Trusted Computing
High Availability Guide for DB2®
Eaton and Cialini I ISBN 0131448307
The Official Introduction to DB2® for z/OS®, Second Edition
Sloan I ISBN 0131477501
Understanding DB2® 9 Security
Bond, See, Wong, and Chan I ISBN 0131345907
Understanding DB2®, Second Edition
Chong, Wang, Dang, and Snow I ISBN 0131580183
WEBSPHERE
Enterprise Java™ Programming with IBM® WebSphere®,
Second Edition
Brown, Craig, Hester, Pitt, Stinehour, Weitzel, Amsden, Jakab, and Berg
ISBN 032118579X
Enterprise Messaging Using JMS and IBM® WebSphere®
Yusuf I ISBN 0131468634
IBM® WebSphere®
Challener, Yoder, Catherman, Safford, and Van Doorn I ISBN 0132398427
Barcia, Hines, Alcott, and Botzum I ISBN 0131468626
RFID Sourcebook
Lahiri I ISBN 0131851373
Service-Oriented Architecture (SOA) Compass
Bieberstein, Bose, Fiammante, Jones, and Shah I ISBN 0131870025
RATIONAL AND SOFTWARE DEVELOPMENT
IBM Rational® ClearCase®, Ant, and CruiseControl
Lee I ISBN 0321356993
IBM® Rational® Unified Process® Reference and Certification
Guide
Shuja and Krebs I ISBN 0131562924
Implementing IBM® Rational® ClearQuest®
Buckley, Pulsipher, and Scott I ISBN 0321334868
Implementing the IBM® Rational Unified Process® and Solutions
Barnes I ISBN 0321369459
Outside-in Software Development
Kessler and Sweitzer I ISBN 0131575511
Project Management with the IBM® Rational Unified Process®
Gibbs I ISBN 0321336399
Requirements Management Using IBM® Rational® RequisitePro®
Zielczynski I ISBN 0321383001
Software Configuration Management Strategies and IBM®
Rational® ClearCase®, Second Edition
Bellagio and Milligan I ISBN 0321200195
Visual Modeling with IBM® Rational® Software Architect
and UML™
Quatrani and Palistrant I ISBN 0321238087
INFORMATION MANAGEMENT
An Introduction to IMS™
Meltz, Long, Harrington, Hain, and Nicholls I ISBN 0131856715
DB2® Express
Yip, Cheung, Gartner, Liu, and O’Connell I ISBN 0131463977
DB2® for z/OS® Version 8 DBA Certification Guide
Lawson I ISBN 0131491202
DB2® SQL PL, Second Edition
Janmohamed, Liu, Bradstock, Chong, Gao, McArthur, and Yip
ISBN 0131477005
DB2® 9 for Linux®, UNIX®, and Windows®
Baklarz and Zikopoulos I ISBN 013185514X
IBM® WebSphere® Application Server for Distributed
Platforms and z/OS®
Black, Everett, Draeger, Miller, Iyer, McGuinnes, Patel, Herescu, Gissel,
Betancourt, Casile, Tang, and Beaubien I ISBN 0131855875
IBM® WebSphere® System Administration
Williamson, Chan, Cundiff, Lauzon, and Mitchell I ISBN 0131446045
WebSphere® Business Integration Primer
Iyengar, Jessani, and Chilanti I ISBN 013224831X
LOTUS
IBM® WebSphere® and Lotus®
Lamb, Laskey, and Indurkhya I ISBN 0131443305
Lotus® Notes® Developer’s Toolbox
Elliott I ISBN 0132214482
OPEN SOURCE
Apache Derby—Off to the Races
Zikopoulos, Baklarz, and Scott I ISBN 0131855255
Building Applications with the Linux® Standard Base
Linux Standard Base Team I ISBN 0131456954
Performance Tuning for Linux® Servers
Johnson, Huizenga, and Pulavarty I ISBN 013144753X
BUSINESS STRATEGY & MANAGEMENT
Can Two Rights Make a Wrong?
Moulton Reger I ISBN 0131732943
Developing Quality Technical Information, Second Edition
Hargis, Carey, Hernandez, Hughes, Longo, Rouiller, and Wilde
ISBN 0131477498
Do It Wrong Quickly
Moran I ISBN 0132255960
Irresistible!
Bailey and Wenzek I ISBN 0131987585
Mining the Talk
Spangler and Kreulen I ISBN 0132339536
Reaching the Goal
Ricketts I ISBN 0132333120
Search Engine Marketing, Inc.
Moran and Hunt I ISBN 0131852922
The New Language of Business
Carter I ISBN 013195654X
Visit www.ibmpressbooks.com for a complete list of IBM Press books
IBM WebSphere
[SUBTITLE ]
A Practical Guide to
Trusted Computing
Deployment and Advanced
Configuration
Roland Barcia, Bill Hines, Tom Alcott, and Keys Botzum
David Challener
Kent Yoder
Ryan Catherman
David Safford
Leendert Van Doorn
IBM Press
Pearson plc
Upper Saddle River, NJ • Boston • Indianapolis • San Francisco
New York • Toronto • Montreal • London • Munich • Paris • Madrid
Cape Town • Sydney • Tokyo • Singapore • Mexico City
Ibmpressbooks.com
The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any
kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in
connection with or arising out of the use of the information or programs contained herein.
© Copyright 2008 by International Business Machines Corporation. All rights reserved.
Note to U.S. Government Users: Documentation related to restricted right. Use, duplication, or disclosure is subject to restric-
tions set forth in GSA ADP Schedule Contract with IBM Corporation.
IBM Press Program Managers: Tara Woodman, Ellice Uffer
Cover design: IBM Corporation
Associate Publisher: Greg Wiegand
Marketing Manager: Kourtnaye Sturgeon
Publicist: Heather Fox
Acquisitions Editor: Greg Wiegand
Development Editors: Kevin Howard, Chris Zahn
Managing Editor: Gina Kanouse
Designer: Alan Clements
Project Editor: Michelle Housley
Copy Editor: Water Crest Publishing
Indexer: WordWise Publishing Services LLC
Senior Compositor: Gloria Schurick
Proofreader: Lori Lyons
Manufacturing Buyer: Anna Popick
Published by Pearson plc
Publishing as IBM Press
IBM Press offers excellent discounts on this book when ordered in quantity for bulk purchases or
special sales, which may include electronic versions and/or custom covers and content particular to your business, training
goals, marketing focus, and branding interests. For more information, please contact:
U.S. Corporate and Government Sales
1-800-382-3419
corpsales@pearsontechgroup.com.
For sales outside the U.S., please contact:
International Sales
international@pearsoned.com.
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United
States, other countries, or both: IBM, the IBM logo, IBM Press, DB2, Lotus, Rational, Tivoli, WebSphere, Notes and AIX. Java
and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Micro-
soft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other coun-
tries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel
SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United
States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is
a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service
names may be trademarks or service marks of others.
Library of Congress Cataloging-in-Publication Data
Challener, David.
A practical guide to trusted computing / David Challener, Kent Yoder.
p. cm.
Includes index.
ISBN 0-13-239842-7
1. Embedded computer systems. 2. Programmable controllers. 3. Computer security. I. Yoder, Kent. II. Title.
TK7895.E42C4533 2007
005.8—dc22
2007038929
All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior
to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic,
mechanical, photocopying, recording, or likewise. For information regarding permissions, write to:
Pearson Education, Inc
Rights and Contracts Department
501 Boylston Street, Suite 900
Boston, MA 02116
Fax (617) 671 3447
ISBN-13: 978-0-13-239842-8
ISBN-10: 0-13-239842-7
Text printed in the United States on recycled paper at R.R. Donnelley in Crawfordsville, Indiana.
First printing December 2007
This book is dedicated to all the people who worked so hard to make the
TPM and TSS specifications what they are today.
It is also dedicated to my wife, Ruth,
who allowed me the time to work on this book.
—David Challener
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
