安全与可信securityandtrusted脆弱性安全vs.结构性安全

上传人:艾力 文档编号:49557511 上传时间:2018-07-30 格式:PPT 页数:65 大小:2.03MB
返回 下载 相关 举报
安全与可信securityandtrusted脆弱性安全vs.结构性安全_第1页
第1页 / 共65页
安全与可信securityandtrusted脆弱性安全vs.结构性安全_第2页
第2页 / 共65页
安全与可信securityandtrusted脆弱性安全vs.结构性安全_第3页
第3页 / 共65页
安全与可信securityandtrusted脆弱性安全vs.结构性安全_第4页
第4页 / 共65页
安全与可信securityandtrusted脆弱性安全vs.结构性安全_第5页
第5页 / 共65页
点击查看更多>>
资源描述

《安全与可信securityandtrusted脆弱性安全vs.结构性安全》由会员分享,可在线阅读,更多相关《安全与可信securityandtrusted脆弱性安全vs.结构性安全(65页珍藏版)》请在金锄头文库上搜索。

1、安全与可信 security and trusted 脆弱性安全 vs. 结构性安全 Vulnerability vs. Structure 攻防两端如何在结构性安全环境中寻求空间 Space in the structural environment潘柱廷(大潘) Jordan Pan http:/ mailto:1摘要Summary 脆弱性安全Vulnerability-oriented security 结构性安全Structural security 结构性安全中的脆弱性 Vulnerabilities in structures 结构性威胁Structural threats2脆弱性

2、安全 Vulnerability-oriented security3脆弱性Vulnerabilities 弱口令 simple password 病毒 virus 操作系统漏洞 OS flaw 协议漏洞 protocol flaw 造成拒绝服务攻击的性能限制 performance limitation 防火墙配置不当 bad configuration of firewalls 4面向脆弱性的安全 Vulnerability-oriented security 防病毒系统 anti-virus system 漏洞扫描系统 vulnerability scanner 补丁管理系统 patch

3、 management system 入侵检测系统 IDS 防拒绝服务攻击系统 anti-DoS 防火墙 Firewall 多功能安全网关 UTM 5PSPC需求驱动筐架Requirement Driven BaCaMeth需求筐架 Req.BCM.来自内部 From Internal来自外部 From External主动引导 Active体系化 Systematic政策性 Policy被动要求 Passive问题型 Problem合规性 Compliance6面向脆弱性的风险管理 Vulnerability-oriented risk management7国家标准中的风险管理关系图 Ri

4、sk management elements in Chinese standard8最精简的风险管理要素模型 3-element risk management model92006 SC AwardsBest anti-malware solution Best Anti-spyware Best Anti-trojan Best Anti-virus Best Anti-worm Best Content Security Solution Best Anti-spam Best Email Content Filtering Best Email Security Best IM se

5、curity Best Intellectual Property Protection Best Network Security Solution Best Wireless Security Best Enterprise Firewall Best Intrusion Detection Best Intrusion Prevention Best Desktop Firewall Best Remote Access Best VPN - SSL Best VPN - Ipsec Best Endpoint Security Solution Best Web Filtering B

6、est Encryption Best Identity Management Solution Best Password Management Best Authentication Best Single Sign-on Best Two-Factor Solution Best Unified Threat Solution Best Integrated Security Software Best Integrated Security Appliance Best Managed Security Service Best Email Managed Service Best N

7、etwork Security Management Best Event Management Best Computer Forensics Best Policy Management Best Security Audit Best Security Management Tool Best Vulnerability Assessment and Remediation Best Patch Management Best Vulnerability Assessment Source from: http:/ Vulnerability-oriented security indu

8、strial environment威胁方 Threat agents厂商 Provider用户 User11木桶原理的迷失 Misleading of Cask Rule 误导 将整体结构仅仅简化为防御结构 不考虑防御纵深问题 只考虑静态的结果状态 没有成本观念 Misleading Only consider prevention structure Not consider deep prevention Only consider static state Not consider cost-effective 12结构性安全 Structural security基本结构basic

9、structure 紧密结构 tight structure 松散结构loose structure13访问控制的RM机制 Reference monitor of access control 访问控制的RM机制是非 常基本的安全结构 Reference monitor of access control is a very basic security structure14RM机制有效的结构性条件 Structural conditions of valid RM mechanism 三个条件 不能被绕过 不可篡改 足够小,可以被证明 3 conditions of VRM Can no

10、t be bypass Can not be tampered Be small enough, can be proved15Randomly Generated Symmetric Key (seed + PRNG)AlicePublic keyPrivate keyPrivate keyPublic keyBob密钥交换过程 Key Exchange ProcessmessageX15/ow83h7ERH39DJ3HmessageX15/ow83h7ERH39DJ3H16紧密安全结构的代表可信计算 Tight security structure Trusted Computinghtt

11、p:/www.trustedcomputinggroup.org 可信的定义 Definition of trust 可信就是,一个设备的行为是按照其预期目标和指定方式执行的 Trust is the expectation that a device will behave in a particular manner for a specific purpose. 一个可信平台应当至少提供三个基本特性:保护能力、完整性测 量和完整性报告 A trusted platform should provide at least three basic features: protected ca

12、pabilities, integrity measurement and integrity reporting. (From section 4.1, TCG Architecture Overview 1.0)17TCG的基石性原理 Fundamental rule of TCG 信任根就像“公理”一样,是信任的基础。在PC 系统中,常常用硬件芯片实现。 Roots of trust In TCG systems roots of trust are components that must be trusted because misbehavior might not be dete

13、cted. 信任链则是信任传递的机制。常常采用密码 技术。 Chains of trust Transitive trust also known as “Inductive Trust”, is a process where the Root of Trust gives a trustworthy description of a second group of functions. 18一个包含TPM的PC Reference PC platform containing a TCG TPM19TCG 可信平台模块 TCG Trusted Platform Module (TPM) 一

14、个可信平台常常拥有三个可信根 There are commonly three Roots of Trust in a trusted platform 测量可信根 root of trust for measurement (RTM) 存储可信根 root of trust for storage (RTS) 报告可信根 root of trust for reporting (RTR)20证明协议和消息交换 Attestation protocol and message exchange21TPM 存储可信根的体系结构 TPM Root of Trust for Storage (RTS

15、)22TPM 部件体系结构 TPM component architecture23TCG 软件分层 TCG software layering24可信平台的生命周期 The trusted platform lifecycle25可信平台上的用户认证 User authentication using trusted platforms 26可信平台上的用户认证 User authentication using trusted platforms27经典的四角模型 The classical four corners model28四角模型的可信平台实现 Detailed TP deployment architecture29TCG对于可信计算平台的划分 8 categories of Trusted platform体系结构体系结构ArchitectureArchitectureTPMTPM移动设备移动设备MobileMobile客户端客户端PC ClientPC Client服务器服务器ServerS

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 行业资料 > 其它行业文档

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号