基于TPM硬件的移动Agent安全模型研究

基于可信计算的移动智能终端安全技术研究一、本文概述随着移动互联网的迅猛发展，移动智能终端设备已成为人们日常生活中不可或缺的一部分。

随着其普及和功能的不断增强，安全问题也日益凸显。

如何在保障用户体验的确保移动智能终端的安全性，已成为当前亟待解决的问题。

本文旨在研究基于可信计算的移动智能终端安全技术，探讨如何通过可信计算技术提升移动智能终端的安全性，保障用户数据的安全和隐私。

本文首先将对可信计算技术进行概述，包括其定义、发展历程以及在当前移动智能终端安全领域的应用。

随后，将分析移动智能终端面临的主要安全威胁和挑战，以及现有安全技术的不足。

在此基础上，本文将深入研究基于可信计算的移动智能终端安全技术，提出相应的解决方案和策略。

本文的研究内容将包括可信计算技术在移动智能终端的身份认证、数据加密、访问控制等方面的应用，以及如何通过可信计算技术提升移动智能终端的整体安全性。

本文还将探讨可信计算技术在移动智能终端安全领域的发展趋势和未来挑战，以期为相关领域的研究和实践提供有益的参考和借鉴。

本文旨在通过深入研究基于可信计算的移动智能终端安全技术，为提升移动智能终端的安全性提供有效的解决方案和策略，为保障用户数据的安全和隐私做出积极的贡献。

二、可信计算技术概述可信计算（Trusted Computing）是一种旨在提高计算机系统整体安全性的技术，其核心思想是在硬件、软件、操作系统和应用程序等多个层面构建信任链，以确保系统的安全性和数据的完整性。

可信计算技术起源于上世纪末，随着信息技术的快速发展，网络安全威胁日益严重，传统的安全措施已经难以满足需求，因此可信计算技术得到了广泛的关注和研究。

可信计算技术的核心是信任根（Root of Trust），它是一个在系统中无法被篡改、无法被欺骗的起点，用于建立并维护整个系统的信任。

在可信计算中，信任根通常由一个安全的硬件模块（如可信平台模块TPM）来实现，该模块包含了用于验证系统完整性、存储密钥和证书等敏感信息的安全芯片。

基于移动Agent的网络安全态势感知模型卢爱平;郝洪亮;穆殿宝;李建平【摘要】considering the drawbacks of existed architecture such as single data source or multi-source with homogeneous data, long response delay, weak self-protection and lack of fault tolerance, a heterogeneous data source-oriented network security situation awareness system architecture based on mobile agents is studied. This architecture can be divided into information access layer, data preprocessing layer and situation decision layer. Every module in these three layers has been designed carefully and a systematic, dynamic, distributed and self-adapted NSSA architecture is built as last. The architecture is analyzed based on the formal modeling language PEPA. And then the rationality of this model is validated.%针对现有框架模型存在数据源单一或多源同质、响应延迟大、自我保护性差、稳定性和容错能力差等缺点,借助移动Agent的优点,提出一种网络安全态势感知系统框架模型.该框架结构自下而上依次分为信息获取层、数据预处理层、态势决策层,建立了一个系统化、动态化、分布式、自适应的网络安全态势框架结构.利用PEPA形式化建模语言对框架模型进行分析,验证了框架模型的合理性.【期刊名称】《科学技术与工程》【年(卷),期】2011(011)019【总页数】6页(P4646-4651)【关键词】网络安全;态势感知;移动Agent;PEPA【作者】卢爱平;郝洪亮;穆殿宝;李建平【作者单位】东北石油大学计算机与信息技术学院,大庆163318;大庆油田有限责任公司信息中心,大庆163453;大庆油田有限责任公司信息中心,大庆163453;东北石油大学计算机与信息技术学院,大庆163318【正文语种】中文【中图分类】TP393.08网络安全态势感知(Network Security Situational Awareness，NSSA)指在大规模网络环境中，对能够引起网络安全态势发生变化的安全要素进行提取、理解、显示并预测未来发展趋势［1，2］。

I. J. Computer Network and Information Security, 2019, 10, 26-36Published Online October 2019 in MECS (/)DOI: 10.5815/ijcnis.2019.10.04Security Policy Modelling in the MobileAgent SystemHassan RAZOUKILMACS Laboratory, Faculty of Science and Technology, University Sultan Moulay Slimane, Beni Mellal, MoroccoE-mail: razouki.hassan@Received: 02 July 2019; Accepted: 25 August 2019; Published: 08 October 2019Abstract—The mobile agent security problem limits the use of mobile agent technology and hinders its extensibility and application because the constantly progressed complexity and extension at the level of systems and applications level increase the difficulty to implement a common security system as well as an anticipated security policy.Ontology is considered one of the most important solutions to the problem of heterogeneity. In this context, our work consists of constructing mobile agent domain security ontology (MASO) in order to eliminate semantic differences between security policies in this domain. We use the OWL language under the protected software to construct this ontology. Then, we chose the WS-Policy standard to model security policies, these policies are structured in forms of security requirements and capabilities. To determine the level of semantic correspondence between security policies we are developing an algorithm called "Matching-algorithm" with Java language and two APIs (Jena API and Jdom API) to manipulate the MASO ontology and security policies.Index Terms—Mobile agents, security, security policy, ontology, semantics.I.I NTRODUCTIONThe power of mobile agent technology in solving complex problems results from the fact that agents, thanks to their autonomy, mobility and adaptability, can achieve their goals in a flexible way by using local and/or remote interaction with other agents on the network. However, the flexibility and mobility of the mobile agent poses a serious security problem that has hindered its expansion. [1]. The implementation of a security policy may require, on the one hand, the protection of the resources and data of the host machines, and on the other hand, the preservation of the integrity and confidentiality of the agents themselves and their communications [2].In this context, the interest in the protection and security of mobile agents and the services offered by platforms has increased within organizations. As a result, different security policies have been developed, and different security standards have been proposed. This has led to heterogeneity in the exploitation of these security policies by different entities.Mobile and service agents are autonomous entities, potentially heterogeneous, of diverse origins, and free to enter and leave the system whenever they wish [3]. In such a scenario, interoperability problems frequently occur that require specific resolution techniques. Our effort is focused on solving these kinds of problems by focusing on the heterogeneity of security policies between these entities.In order to achieve interoperability and resolve issues of heterogeneity between the security policies of the mobile agent and the platforms visited, semantic integration is necessary. Security ontologies, at present, are considered as the next trend to solve heterogeneity problems, as it offers a shared knowledge which is able to prevent communication and interaction failure among mobile agents, this failure is due to their heterogeneous security properties [4]. And this is the reason which pushed us to produce a common security domain ontology that will present concepts, relations, integrity constraints and rules on which agents and platforms could collaborate.The ontology we have proposed has a twofold objective: first, the establishment of formal knowledge on security in mobile agent-based systems, and second, the use of ontology facilitates automatic analysis of the semantic compatibility between the agent's security policies and the platforms visited. We have chosen to model security policies using a W3C standard called WS-Policy. We add semantic annotations using this ontology to describe security requirements and capabilities. Indeed, we have structured the security policy in two parts:∙Security requirements: Allows you to specify the different security settings necessary for the secureexecution of a mobile agent∙Security capacity: represents a set of specifications, protocols, algorithms..., to satisfy a securityrequirement.To determine whether a platform is capable of securely executing an agent, on the one hand, the functional aspects of the platform should satisfy the functional needs of the agent to perform their task, on the other hand, the agent's security requirements must be satisfied by the platform's security capabilities, so the platform's securityrequirements must also be satisfied by the security capabilities used by the mobile agent.The objective of this article is to build an ontology in the field of mobile agent security in order to eliminate the semantic differences that exist between security policies in this field. We use the OWL language under Protected 4 [5] to build this ontology. Then, we chose the WS-Policy standard [6] to model security policies in terms of security requirements and capabilities. To determine the level of semantic correspondence between security policies we are developing an algorithm called "Matching-algorithm" with Java language and two APIs (Jena API and Jdom API) to manipulate MASO ontology and security policies.The rest paper is discussed as follows. In section II, previous work on security ontologies is discussed. Section III, how to model security policies in mobile agent systems with the WS-Policy standard and the security ontology (MASO) we have constructed. Section IV presents the process of matching security policies based on the MASO ontology, we also demonstrate the importance of this solution using an example of the interaction between a mobile agent and an execution platform (how to apply the semantic matching algorithm). Finally, Section V concludes the paper.II.R ELATED W ORKOntology is considered one of the most important solutions to solve the problem of heterogeneity. In the literature several safety ontologies have been developed, targeted safety ontologies are classified and grouped into three main categories: generalized safety ontologies, specific safety ontologies, and diverse safety ontologies [4].1.The generalized security ontologies aimed to coversecurity features, which had formed explicitdomain terminology for dissimilar stakeholders.This category of ontology pays attention tosecurity development and contribution to theknowledge database with general logicalperceptive without human intervention [4]. Someof the generalized security ontologies were cloudcomputing security taxonomies [7], ontology-based Security [8] and ontology-based multi-agentmodel based on information security system [9]. 2.The specialized security ontologies focused on arange of computational models having variablesfrom general terminologies related to securityrequirements application-based security, network,risk and web services, etc. These ontologies werealienated into five subcategories with respect tospecial aspects of security [4]. Web Services (WS)and Web Ontology Language (OWL) basedSecurity Ontologies [10,11]. Network SecurityOntologies [12,13]. Risk-based SecurityOntologies [14]. Application-based SecurityOntologies [15,16].3.Miscellaneous Security Ontologies [4]. There arenumerous ontologies which cannot be sited in anyof the aforementioned categories; thus such typesof ontologies are placed in the miscellaneouscategory. Some of the specialized securityontologies were (Information Security MeasuringOntology (ISMO) [17], Vulnerability-CentricModeling Ontology [18], Cyber Ontology [19],Security Toolbox: Attacks and Countermeasures(STAC) Ontology [13], Ontological approachtoward cybersecurity in Cloud Computing [20],Cloud Ontology [21], Security Ontology DrivenMulti-Agent System Architecture: Cloud DataStorage [22].Subsequent related researches show the importance of using security ontologies in several domains (cloud computing, web service, networks, application...). In the field of security of mobile agent systems, Hacini's approach [15] is considered one of the most important solutions to solve the heterogeneity problem. This solution uses an ontology to eliminate semantic differences in security policy objects, attributes, and data structures to facilitate mobile agent interoperability. The limitations of this approach lie in the fact that ontology is used only in a communication scenario between mobile agents and platforms. Indeed, this ontology does not solve the problem of specifying security policies in the mobile agent system, nor the problem of heterogeneity between the security policies of the mobile agent and the platforms visited. Finally, this ontology does not provide a solution to describe the specific security needs of each agent, nor the security capabilities provided by the platforms.In the following, we will show how to specify semantic security policies for mobile agents and platforms that offer services to agents, as well as how to semantically match these two security policies.III.S ECURITY P OLICY IN M OBILE A GENT S YSTEMS The discovery and selection of the most appropriate platforms for the secure execution of mobile agents are important steps in our approach. We consider platform discovery to be the location of published platforms that satisfy certain functional properties of the agent to perform their task. The selection of platforms corresponds to the evaluation and ranking of platforms already discovered in order to identify those that best meet the security requirements of the mobile agent. Indeed, each platform must have a functional description of the services offered to mobile agents, as well as a non-functional description concerning the security of each service offered by the platform [23].In order to be able to use the security policy in the selection process of the platforms visited by the mobile agent, they must be modeled and attached to the services when they are published and to the mobile agents when they are created. We adapted the WS-Policy specification [6] to express security requirements and capabilities and proposed a security policy model specific to the mobileagent system.A. Semantic need in policy correspondenceThe major problem with the use of WS-Policy is that the correspondence between policies is based solely on a syntactic comparison; the intersection of policies can reject potential partners in many cases, even with compatible policies. We demonstrate the usefulness of semantic comparison through the following example:A mobile agent requires data confidentiality and provides authentication capability:∙Security requirement: a mobile agent which requires a constraint on the confidentiality of thedata produced by the visited platform and requiresthe encryption of this data with the 3DESalgorithm∙Security capability: the mobile agent offers an authentication mechanism with an X.509 digitalcertificate.A platform requires the authentication of visiting mobile agents and offers symmetric encryption capability: ∙Security requirement: the visiting mobile agent must be authenticated∙Security capacity: the platform has an XML-Encryption encryption specification.In the above scenario, if we use the WS-Policy standard to represent and match the agent's security policies and platform. The comparator makes a syntactic comparison between character strings to determine whether the platform capacity can satisfy the agent's requirement, and the agent's capacity can satisfy the platform requirement. The comparator necessarily concludes that these two policies are not compatible although the assertions are equivalent. Indeed, the execution of the agent in this platform will be rejected. Therefore, the integration of semantics and knowledge in the security domain at the intersection between policies seems to be very interesting. To solve this problem, we create an ontology in the mobile agent security domain to capture the following semantic information:∙XML-Encryption is a specification for encrypting/decrypting mobile agent XML data,this specification supports symmetric (3DES) andasymmetric (RSA) encryption algorithms.∙The X.509 certificate is an authentication mechanism, the mobile agent has a certificatecontaining his identity, a public key and dataencrypted using his private key.When this additional information is added to security policies, and semantic correspondence between policies is applied. Then, the comparator concludes that the capacity of the platform satisfies the agent's requirement and the platform's requirement is satisfied by the agent's capacity, making a perfect match between these two policies. This example illustrates the importance of semantic information to improve the quality of correspondence between security policies.Fig.1. Main classes of security policy ontologyB. MASO Ontology to model security policiesA platform offers a set of services for mobile agents to perform their tasks. Each service has a set of functional properties. However, these properties are not sufficient to determine the most appropriate service for the agent's specific needs from a set of services that provide the same functionality. This is why it is important to have a clear description of its security policy, which allows the platform to express their requirements and security capabilities for each service [23]. In order to take security policies into account in the platform selection process for the secure execution of a mobile agent, we proposed an extension to the WS-Policy by adding new elements to its initial specification. These elements are expressed through safety concepts defined in the MASO ontology we have built.This extension has allowed us to integrate the different security concepts, create semantic relations between these concepts and ensure automatic correspondence between security policies. We used a model based on an OWL ontology to represent these different elements.Figure 1 presents the MASO ontology classes based on WS-Policy, to illustrate the difference between semantic relations and the class hierarchy. We use two lines to represent the relations between the different concepts of this ontology: The dotted line (blue color) links a specific class to a more general class, which allows defining the class hierarchies in the MASO ontology. The solid line (red color) allows you to specify the semantic relations between the different classes.We create three classes SecurityPolicy, SecurityAlternative, and SecurityAssertion, in order to express security assertions within a security policy. Indeed, the SecurityPolicy concept is the top level class of our ontology. It represents the root of the security policy, each policy identified by a name and a unique identifier (Name, ID). It is consisted of at least one or more security alternatives (SecurityAlternative).The SecurityAlternative class contains four semantic properties. The hasType property allows you to determine the type of the alternative with the AlternativeType class. This class contains two instances Capability and Requirement. The hasPreference property allows you to specify the preference of a particular alternative. The preference is expressed as xsd:int. The higher the preference value, the more weight the expressed preference has. If no preference is specified, the default value is zero. The hasObject property allows you to set the objective to be achieved by the SecurityObject class security alternative. Finally, the hasSecurityAssertion property allows you to specify the different security assertions used to satisfy a security objective. The SecurityAssertion class contains six subclasses (figure 1): ∙SecurityMechanism describes the technical solutions and methods used to satisfy a securityobjective. This class has six instances:Authorization, DigitalSignature, DigitalDigest,EncryptionAsymmetric, EncryptionSymmetric andIdentification∙SecurityProtocol allows specifying the different protocols and security specifications used toprotect mobile agents and execution platforms∙SecurityAlgorithm contains the different algorithms for encryption, signature, hashing anddata canonization. To do this, we have extractedfour subclasses from this class. The AlgEncryptionclass has symmetric encryption algorithms toensure data confidentiality. The AlgSignature classcontains asymmetric encryption algorithms thatensure the authenticity and integrity of data. TheAlgDigest class has the algorithms that allow youto create the data summary (MD5, SH1, SH2). TheAlgCanonicalization class represents canonizationalgorithms, allowing XML information to bepresented in a standard form.∙SecurityToken allows you to specify the different types of security tokens used by a securityprotocol or algorithm. Indeed, a security token canbe used for authentication, encryption and datasigning. There are six instances for this class:AsymmetricKey, SymmetricKey, SAMLAssertion,KerberosTicket, X509Certificate, andUsernameToken∙SecurityEncryption and SecuritySignature allow you to locate the elements to be encrypted/signedin the mobile agent. These two classes use thesame Elements subclass to determine the elementsto be protected. This class contains four instances:XPath, Data, Component, Itinerary.C. MASO ownership constraintWe present the different semantic relations between security-related concepts in the mobile agent system, such as the security objective, security mechanism, protocols, algorithms, and others. Security policies will be defined on the basis of the MASO ontology. We redraw this ontology with new semantic properties (figure 2).As shown in Figure 2, the SecurityObject class has several semantic properties to specify the security mechanisms, protocols, algorithms, and tokens that ensure a goal set by a security alternative. The ensuredByMechanism property allows expressing the security mechanisms used to satisfy a security objective. For example, the Confidentiality security objective is ensured by two security mechanisms EncryptionAsymmetric and EncryptionSymmetric. The other three semantic properties will be treated in the same way.The supportProtocol property allows you to specify protocols that satisfy a security mechanism. For example, the XML-Signature protocol is used to guarantee the DigitalSignature security mechanism.The adoptAlgorithm property allows a protocol to adopt one or more algorithms in its execution process. Some protocols require the presence of a security token with the required Token property. For example, the XML-Encryption protocol adopts the 3DES algorithm toencrypt data and uses the SymmetricKey security token as an encryption key.The usesToken property is used by the SecurityAlgorithm class to determine the list of keys used in the encryption/signature process (for example, a DSA signature algorithm uses an X509 security token to ensure the integrity and authenticity of the agent). The encryptedElement and signedElement property are used to determine the elements to be encrypted/signed of the mobile agent. The usesHash property is used between the AlgAsymmetric class and AlgHash to set the hash function adopted by the asymmetric algorithm. Finally, the usesCanonicalization property is used by the AlgAsymmetric class to specify the canonization algorithm to sign the mobile agent data.Fig.2. Semantic relationships between the different classes of MASO ontologyAfter defining all constraint properties and defining semantic relationships between classes. Our ontology for the mobile agent system becomes a universal way to express the security policy of the execution platform and the mobile agent.D. Creation of security policies (requirements and capacities)In our work, we have used the WS-Policy standard to express the requirements and capabilities within a security policy, based on the MASO ontology we have created. Indeed, security policies are expressed through the concepts defined by this ontology. They can be either instance of security protocols such as XACML, XML-Encryptions, or concrete security algorithms such as DES, RSA, or collections of instantiated features of these protocols such as confidentiality, authentication. In other words, safety requirements and capabilities can be described by using any component on an abstract level of the safety ontology. Each security policy can have more requirements and capacity.Definition 1:We define a Security Requirement as a Requirement type security alternative, allows to achieve a specific security objective and to group together a set of MASO ontology security assertions to satisfy the objective. Formally, we have expressed the safety requirement (SR) by equation 1:()object RSR AS=∑ (1)AS R is a set of safety assertions from the MASO ontology to express a safety requirement. For example, a mobile agent requires the confidentiality of the data generated by the execution platform, in which case the agent's policy requires an asymmetric RSA encryption algorithm (AS1) with a security token X509Certificate (AS2).SR (confidentiality) = AS1 + AS2Definition 2: We also define a Security Capability as a Capability type security alternative, allowing us to offer a set of security mechanisms, protocols, and algorithms to achieve a particular security objective. Each alternative includes a set of safety assertions from the MASO ontology to meet the intended objective. Formally, weexpressed security capacity (SC) by equation 2:()object C SR AS =∑ (2)AS C is a set of MASO ontology safety assertions to express a safety capability. For example, a platform provides security capabilities to ensure data integrity; the platform policy provides an XML-Signature specification such as a signature protocol (AS 1) with the DSA algorithm (AS 2) and an X509 digital certificate (AS 3) to sign the mobile agent data.SC (integrity) = AS 1 + AS 2 + AS 3The platforms specify their security requirements and capabilities in a policy that can be read by mobile agents. Also, agents have policies in place to express their security requirements and capabilities. The agent's security requirements must meet the platform's security features, so the platform's security requirements must also meet the security capabilities specified by the agent's policy. In the following, we present the semantic matching rules between requirements and security capabilities.IV. S EMANTIC C ORRESPONDENCES B ETWEEN S ECURITYP OLICIES In this section, we will present the process of matching security policies based on the MASO ontology. Indeed, the process of assessing the correspondence between the two policies consists of seeking semantic compatibility between requirements and capabilities. In particular: (a) the platform requirements are compared with the capabilities of the mobile agent. (b) The platform capabilities are compared with the requirements of the agent. For this comparison to yield a positive result, the following two conditions must be met:∙ The capabilities expressed in the platform'ssecurity policy must meet the requirements of the mobile agent∙ The requirements of the platform must berespected by the capabilities expressed in the mobile agent security policy.In the following, we detail the process of semantic correspondence between these two policies. A. Policy Mapping AlgorithmWe have developed a Matching-Algorithm to determine the level of correspondence between two security policies. Our algorithm accepts the agent's security policy and those of the platform as input and decides to what extent they match. This algorithm extracts the most specific type of requirement and capacity that ensure the same security objective and then checks its correspondence. The most specific type is the instance of the lowest class in the security ontology. We determine four possible matching results between a capacity and safety requirement:Perfect-Match: A perfect match occurs when the requirement and capacity both refer to the same or two equivalent concepts. For example, if capacity and a requirement are both of the SAML type, then there is a perfect match between the requirement and the capacity. Generally, two cases are possible:∙ Requirement and capacity refer to the samesemantic notion∙ Requirement and capacity refer to equivalentsemantic concepts.In both cases, if the properties of the requirement and the capacity are specified, then their values must be identical.General Match: if the most specific type of capacity is lower in the hierarchy than the most specific type of requirement. In this case, it is said that the requirement is more general than the capacity. Three cases are possible:∙ The requirement specifies a more general semanticconcept than the capacity∙ Requirement and capacity refer to the samesemantic concept, but more details are specified for capacity (using the construction of the property) ∙ The requirement and capacity refer to the MASOsafety ontology, but the requirement only specifies the safety objective, whereas the capacity is expressed by safety concepts that satisfy the objective specified by the requirement.Negotiable-Match: if the most specific type of requirement is lower in the hierarchy than the most specific type of capacity. It is said that the capacity is more general than the requirement. In this case, the capacity does not adequately meet the safety requirement. For example, if the requirement is of type X509Certiificate, the capacity is of type Authentication. There are three possible cases:∙ The requirement specifies a more specificsemantic concept than the capacity∙ Requirement and capacity refer to the samesemantic concept, but the requirement specifies in more detail (using the construction of the property) ∙ Requirement and capacity refer to the MASOsafety ontology, but capacity determines only one safety objective, while the requirement is expressed by safety concepts that satisfy the safety objective specified by the capacity.No match (No-Match): if the most specific types of requirement and capacity have no relationship in the safety ontology, then there is no match between the two. Two cases are possible:∙ Requirement and capacity refer to semanticconcepts that have no semantic relationship∙ The requirement and capacity refer to the samesemantic concept, but their properties presentdifferent specifications.We have divided the process of semantic correspondence between policies into two steps. The first consists of determining the correspondence result between each pair of requirement and safety capacity, the objective is to find the capacity that best corresponds to a requirement. The second is the assessment of the overall correspondence between the two policies. The overall correspondence is defined as the minimum between theindividual correspondence results evaluated in the first step.Formally we have represented the semantic correspondence algorithm between two policies by a mathematical equation (3). We consider two security policies P1 and P2 (P1 for the agent and P2 for the platform). We define the SR (object ) and SC (object) functions to express the security assertions of a requirement and a capability respectively.()()()()((1)(2)/)12((2)(1)/)i object j object j i i object j object j i R SR p C SC p C SatisfiedR P match P R SR p C SC p C SatisfiedR ∀∈∃∈⎫⎪⇒⎬∀∈∃∈⎪⎭(3)R i and C j represent the most specific requirement andcapacity of Requirement and Capability safety alternatives to ensure a particular safety objective.C j Satisfied R i means that the match result between C j and R i is Perfect-match or General-match. B. Implementation of Matching-algorithmThe Integrated Development Environment (IDE) we must use must be extensible, universal, flexible, free and compatible with the chosen JADE platform. We chose ECLIPSE because it meets all the criteria listed. The specificity of Eclipse comes from its architecture totally developed around the notion of the plug-in: all the functionalities of this software workshop are developed as a plug-in.To implement the semantic matching algorithm, weused two APIs to exploit and manipulate MASO ontology and mobile agent security policies and platforms:Jena API to manipulate the MASO ontology. This API provides the basic level interface for RDF, RDFS and OWL files. It is a free software developed by HP's research laboratory in Bristol. Jena offers a set of SPARQL parsers and query engines in the form of Java classes.JDOM API to manipulate agent security policies and platforms. This API allows you to analyze security policies, extract its different security concepts and represent these concepts in the form of a tree.In the following, we present the class diagram of the semantic correspondence algorithm:Fig.3. Class diagram of the semantic correspondence algorithm。

移动Agent系统中的安全问题
田敬军
【期刊名称】《唐山师范学院学报》
【年(卷),期】2003(025)002
【摘要】安全是移动Agent系统中的最重要、最问题.前者的解决较为容易,在大部移动Agent系统中都已经实现,通常采用认证、授权和资源分配机制来解决.后者比较困难,目前有组件、复制和投票、自我认证和加密函数等部分解决方案.然而,仅依靠软件手段解决移动Agent的安全问题尤其是恶意主机问题是不够的,最好是采用软件和硬件相结合的解决方案.
【总页数】4页(P69-72)
【作者】田敬军
【作者单位】唐山师范学院,计算机科学系,河北,唐山,063000
【正文语种】中文
【中图分类】TP317.2
【相关文献】
1.移动Agent在信息交通系统中的应用 [J], 王莹莹
2.移动Agent系统中的安全问题和技术研究综述 [J], 张阳;曹迎春;黄皓;谢立
3.移动Agent系统的安全问题 [J], 董红斌;石纯一
4.移动Agent技术在实验教学过程管理系统中的应用 [J], 甘桢鹏;项露芬
5.移动Agent系统IBM Aglet的安全问题研究 [J], 田敬军;吴班
因版权原因，仅展示原文概要，查看原文内容请购买。

一种基于移动Ａｇｅｎｔ的系统监控模型摘要：对于一些大型的复杂网络系统，利用传统的集中式系统监控模型进行监控和故障诊断是困难的。

文章给出了一种将移动Agent技术用于系统监控的分布式系统监控模型。

利用这种系统监控模型可以减少网络数据流量，缩短系统监控与故障诊断时间。

关键词：分布式；移动Agent；系统监控；监控模型0引言在现有的集中式系统监控体系中，客户端与服务器之间传递着大量的数据，网络流量很大，增加了网络拥塞的机率，严重的可以导致系统不能正常工作。

而且对于一些不太稳定的网络环境，在大量传送数据的过程中，很可能出现网络中断，导致系统监控与诊断不能正常进行的情况。

本文提出了一种基于移动Agent技术的系统监控模型，它适合一些不稳定的网络，能减少网络中的通信流量，缩短系统监控与诊断的时间。

1移动Agent技术移动Agent是一个可以携带代码和状态自主在异构网络设备间迁移的具有自治特性的代码或程序，它可以移动到网络中需要进行监控的地方，利用事先赋予的智能，选取系统监控所需要的信息，并进行相应的处理。

Agent在移动过程中，它的自身状态被保存，并封装成信息传送到新的主机上，从而在新的主机上继续执行，所以对于很多应用系统来说，移动Agent是一个行之有效的选择。

在客户机服务器体系中它可以明显改善延迟和提高网络带宽利用率，在网络状况不佳时还可以降低通信中断的概率等。

2基于移动Agent的系统监控模型分布式系统监控的主要任务是监控网络内的所有设备，并根据所采集的设备信息，采用智能的诊断方法，准确而又及时地判断可能产生的设备故障，给出设备故障描述和快速排除故障的策略。

2．1分布式系统监控模型的各组成部分如图1所示，整个系统监控由两部分组成：监控管理站和被监控站。

基于分布式的系统监控采用了两级故障诊断结构，即高级诊断部分与低级诊断部分，诊断的粒度可以达到网络中的具体设备，如计算机、网络交换机、路由器等，完成整个域内系统监控任务的设备则由具有监控能力的计算机承担，从而形成一个分层次的系统监控与诊断的体系结构。

浅谈TPM在设备管理上的应用TPM（Trusted Platform Module）是一种硬件安全芯片，广泛应用于设备管理领域。

TPM能够为设备提供安全认证、数据保护、完整性验证等功能，帮助设备管理者提升设备的安全性和可管理性。

在下文中，将对TPM在设备管理上的应用进行浅谈。

TPM可以提供设备的安全认证功能。

设备管理者可以将设备的安全凭证存储在TPM中，通过TPM提供的认证机制，对设备进行身份验证，确保只有授权的设备可以接入网络或访问关键资源。

这样可以防止未经授权的设备入侵网络，提升网络的安全性。

TPM可以提供设备的数据保护功能。

TPM中的密钥存储模块（Key Storage Module）可以储存设备生成的密钥，确保密钥只能在TPM中进行使用，防止密钥被恶意程序或黑客获取，保护设备的敏感数据。

TPM还可以提供数据的加密和解密功能，确保设备通信过程中的数据传输安全。

TPM还可以提供设备的完整性验证功能。

设备管理者可以在设备上预先存储设备的软件或系统镜像的摘要（Hash），通过TPM进行完整性检查。

当设备启动时，TPM会计算设备软件或系统镜像的摘要，并与预先存储的摘要进行比对，以确保设备上的软件和系统没有被恶意篡改。

这样可以防止设备被恶意程序篡改，提高设备的安全性和可信度。

TPM还可以为设备管理提供追溯性和追踪性的功能。

TPM可以记录设备的安全事件、行为日志等信息，并对其进行安全存储。

设备管理者可以通过TPM提供的接口，查询和分析设备的日志信息，快速定位和解决设备的安全问题。

这对设备管理者来说，是一种非常便利和有效的手段。

移动Agent的安全性研究
王浩鸣
【期刊名称】《计算机应用》
【年(卷),期】2003(023)004
【摘要】随着计算机网络技术的发展,软件设计中移动代理(MA)的技术获得了极大的应用.移动代理的设计不仅需要考虑其执行效率,还必须考虑其安全性.文章对保护运行环境免受恶意Agent或其它实体的攻击,以及保护Agent免受运行环境与其它实体的攻击进行了阐述.
【总页数】3页(P53-55)
【作者】王浩鸣
【作者单位】西安财经学院,计算机科学与技术系,西安,陕西,710061
【正文语种】中文
【中图分类】TP309
【相关文献】
1.基于分布式入侵检测的移动Agent宿主安全性研究 [J], 赖贤伟;胡山立
2.移动Agent系统的安全性研究 [J], 赵进;袁春风
3.移动Agent安全性研究 [J], 董春冻;王聪;周星;李戈
4.基于移动Agent的电子商务安全性研究 [J], 李云鹤;武善玉;晏振鸣
5.移动Agent在IDS中的应用及其安全性研究 [J], 谷雨;范菁;杨柽;夏姜虹
因版权原因，仅展示原文概要，查看原文内容请购买。

一种移动Agent安全参考模型
黄成伟;贾宇波;蔡浩
【期刊名称】《计算机应用与软件》
【年(卷),期】2010(027)011
【摘要】移动Agent系统的安全性问题是阻碍其广泛应用于实践的最重要因素之一.通过对已有的移动Agent系统安全理论的讨论与分析,提出了一种更严密移动Agent安全参考模型.该参考模型分别从移动Agent通信安全、移动Agent服务器安全和移动Agent自身安全三个方面进行分析,在某种程度上提高了移动Agent 的安全性.
【总页数】4页(P40-42,98)
【作者】黄成伟;贾宇波;蔡浩
【作者单位】浙江理工大学信电学院,浙江,杭州,310018;浙江理工大学信电学院,浙江,杭州,310018;浙江理工大学信电学院,浙江,杭州,310018
【正文语种】中文
【相关文献】
1.基于Java移动Agent系统的安全参考模型 [J], 周屹
2.一种基于移动Agent的电子商务安全机制 [J], 梁东莺;郑玮琨
3.一种基于移动Agent的云端计算任务安全分割与分配算法 [J], 倪斌;李红兰
4.一种基于移动Agent的网络安全问题研究 [J], 萧雅文;刘玉喜
5.一种基于移动Agent的云端计算任务安全分割与分配算法 [J], 徐小龙;程春玲;熊婧夷;王汝传
因版权原因，仅展示原文概要，查看原文内容请购买。

TPM自主保全讲义1. 什么是TPM？TPM（Trusted Platform Module）是一种硬件安全芯片，用于保护计算机系统的安全性。

它被设计为一个安全的容器，可以存储和处理敏感数据，并提供身份验证和加密功能。

TPM可以在计算机启动时验证系统的完整性，并能够检测和防止恶意软件和未经授权的访问。

2. TPM的主要功能2.1 安全启动TPM可以验证计算机的启动过程，并确保系统启动时不被篡改。

它可以认证引导加载程序（Boot Loader）和操作系统的完整性，并检查每个阶段的签名。

如果系统的启动过程被修改，TPM将发送警报，并阻止系统继续启动。

2.2 加密和解密TPM可以生成和管理加密密钥，并用于加密和解密数据。

它可以在硬件级别上保护密钥，并提供安全存储和访问控制。

TPM还支持基于非对称加密算法的安全通信，可以用于加密网络通信和文件传输。

2.3 身份验证TPM可以用于身份验证，确保只有经过授权的用户可以访问系统资源。

通过存储和验证用户密钥，TPM可以防止未经授权的访问，并保护用户的个人信息。

TPM还可以与其他身份验证机制（如生物特征识别）结合使用，提供更强大的安全保护。

2.4 安全存储TPM可以提供一个安全的存储容器，用于存储敏感数据，如密钥、证书和密码。

这些数据将被加密，并只能通过TPM进行访问。

即使系统被入侵或被盗，敏感数据也不会暴露，因为它们只能在TPM的安全环境中解密和使用。

3. TPM的应用场景3.1 企业安全TPM可以帮助企业保护敏感信息和业务数据。

通过使用TPM进行身份验证和加密，企业可以确保只有授权用户可以访问系统和数据。

TPM还可以防止未经授权的外部设备连接到企业网络，提高网络的安全性。

3.2 云计算安全随着云计算的普及，安全成为云计算的关键问题之一。

TPM可以提供硬件级别的安全保护，确保虚拟机和云平台的完整性和安全性。

TPM可以用于认证云服务提供商并保护云服务的安全隔离。

3.3 IoT安全物联网（IoT）设备的安全性也变得越来越重要。

基于TPM技术的个人电脑信息安全研究在当今数字化时代，信息安全已经成为人们越来越关注的话题，随着个人电脑的普及，个人电脑信息安全问题也越来越受到关注。

而可信计算模块（TPM）技术的发展，为个人电脑信息安全提供了新的保障。

一、可信计算模块（TPM）技术的概念可信计算模块（TPM）是一种安全芯片，它内置有安全软件和硬件模块，可以提供具有高度强制性的安全保护，保护计算机系统对非授权攻击进行防御。

这个技术最早在1999年由IBM、惠普和英特尔等公司提出。

TPM技术的作用类似于一个身份证，它可以用来验证用户、操作系统和应用程序，从而实现计算机、网络和应用程序的安全保护。

在计算机安全领域，TPM 技术已经得到了广泛应用。

二、TPM技术的原理TPM技术主要包括三个部分：TPM芯片、TPM驱动程序和TPM应用程序。

TPM芯片是固定在计算机主板上的芯片，主要包含安全处理器、随机数发生器、密钥储存器、密钥生成器、加密协处理器、计数器和时钟模块等硬件设施。

TPM驱动程序是计算机操作系统中的一个设备驱动程序，主要负责与TPM芯片进行通讯和调度，包括初始化TPM芯片、读取和存储密钥等操作。

TPM应用程序则是基于TPM技术实现的安全服务程序，包括系统登录、数据加密和数字签名等操作，它们利用TPM芯片提供的安全功能，实现计算机和网络的安全保护。

三、TPM技术在个人电脑中的应用在个人电脑中，TPM技术的应用主要包括系统启动安全保护、文件加密、数字签名和数据传输安全保护等方面。

系统启动安全保护：TPM芯片可以用来验证系统启动程序的合法性，并保证系统启动过程中没有受到篡改或攻击。

这样可以防止计算机病毒、木马和恶意软件等恶意攻击，保障个人电脑的安全。

文件加密：TPM芯片提供了硬件级别的安全保护，可以用来更好地保护数据的机密性，防止文件泄漏和非法访问。

数字签名：TPM技术可以用来对文档、代码和软件进行数字签名，在数字签名过程中，TPM芯片会生成一个唯一的密钥，用于保证文档或代码的完整性和真实性，从而防止篡改和欺骗。

移动Agent系统安全技术研究
王磊;谢伟东
【期刊名称】《信息技术》
【年(卷),期】2003(27)1
【摘要】移动Agent作为新一代网络分布处理技术,能在网络上任意移动,自动执行使用者所设计和赋予的工作任务.移动Agent的安全问题是该项技术能否成功应用的关键.对移动Agent可能存在的安全问题以及遭受的攻击类型作了较详细的论述.从检测和保护两方面来阐述目前解决移动Agent安全问题的方法以及存在的问题.最后,引入具有监控和授权功能的安全管理器,提出了一种新的移动Agent系统安全模型,并分析了该模型的整个工作流程.
【总页数】4页(P1-3,62)
【作者】王磊;谢伟东
【作者单位】浙江工业大学,杭州,310014;浙江工业大学,杭州,310014
【正文语种】中文
【中图分类】TP393.08
【相关文献】
1.基于移动Agent信息系统安全模型的研究 [J], 吴健
2.移动Agent 系统安全技术研究 [J],
3.移动Agent系统安全性若干问题研究 [J], 陈婷
4.基于移动Agent信息系统安全模型的研究 [J], 杨娜;
5.移动Agent系统安全技术研究 [J], 王磊;谢伟东
因版权原因，仅展示原文概要，查看原文内容请购买。

基于可信环境密钥的移动Agent安全模型
徐志英
【期刊名称】《辽宁师专学报（自然科学版）》
【年(卷),期】2009(11)4
【摘要】提出一种基于信任的安全机制,用于改进移动Agent安全,并允许他们在不同环境下执行.安全机制基于Agent与环境之间的动态交互,在交互中收集信息并产生环境密钥,这个密钥告知主机的信任度并允许移动Agent适应它的执行环境.信任的评价基于具体参数的值,因此如果不被信任,可以定位问题的源头,移动Agent 可以选择适当的行为.
【总页数】5页(P33-36,48)
【作者】徐志英
【作者单位】朝阳师专,辽宁,朝阳,122000
【正文语种】中文
【中图分类】TP393.08
【相关文献】
1.基于可信安全模型的可信计算机平台密钥管理 [J], 李权
2.可信计算环境下基于TPM的认证密钥协商协议 [J], 王海燕;吴振强;种慧芳;蒋李
3.多租户环境下基于可信第三方的云安全模型研究 [J], 王佩雪;周华强
4.适合可信计算环境基于口令的双向匿名认证密钥协商协议 [J], 朱昶胜;刘鹏辉;王庆荣;曹来成
5.可信云存储环境下基于银行摄像头安全的密钥管理方法与系统研究 [J], 曹晓雯;崔维亮
因版权原因，仅展示原文概要，查看原文内容请购买。

浅谈TPM在设备管理上的应用TPM（Trusted Platform Module）是一种安全芯片，旨在提供安全的硬件基础，保护设备免受各种恶意攻击和数据泄露。

TPM被广泛应用于计算机和其他设备上，以确保设备的安全性和可信度。

在设备管理方面，TPM的应用也越来越受到重视。

本文将就TPM在设备管理上的应用进行探讨，以帮助读者更加全面地了解TPM的作用和重要性。

一、TPM的基本原理TPM是一种安全芯片，它的基本功能是存储和保护加密密钥、数字证书和其他安全标识，提供安全授权和身份验证服务。

TPM通常集成在设备的主板上，并与设备的处理器、存储器和其他硬件组件进行密切的配合，以提供全面的硬件安全保护。

TPM的基本原理包括安全存储、加密协处理和数字签名。

通过安全存储，TPM可以存储和保护设备密钥、证书和其他敏感信息，避免其被未经授权的访问所窃取或篡改。

通过加密协处理，TPM可以为设备提供加密和解密功能，确保设备的数据在传输和存储过程中得到安全保护。

通过数字签名，TPM可以为设备提供数字身份认证和数据完整性验证，防止数据被篡改或伪造。

1.设备身份认证TPM可以为设备提供独一无二的身份标识，并通过数字签名和证书验证技术，确保设备的身份认证安全可靠。

在设备管理中，通过TPM可以对设备进行身份认证，防止未经授权的设备接入网络或系统，保障设备的安全和可信度。

2.数据加密保护TPM可以为设备提供数据加密和解密功能，保护设备的数据在传输和存储过程中得到有效的加密保护。

在设备管理中，通过TPM可以对设备存储的敏感数据进行加密保护，防止数据泄露和被恶意篡改。

3.安全启动和固件验证4.远程管理和控制TPM可以为设备提供远程管理和控制功能，允许设备管理者对设备进行远程的监控和控制。

在设备管理中，通过TPM可以实现对设备的远程锁定、远程擦除和远程更新等功能，确保设备在丢失或被盗的情况下得到及时的安全保护。

5.数字签名和数据完整性验证三、TPM在设备管理上的应用案例1.商用计算机在商用计算机上，TPM被广泛应用于设备管理中。

基于TPM芯片的可信接入客户端原型系统TNCCS的研究与设计的开题报告1.研究背景与意义：随着信息技术的不断发展，网络安全问题日益凸显。

针对各种安全威胁的出现，如ARP欺骗、拒绝服务攻击、恶意软件等，已经出现了各种安全解决方案，如防火墙、入侵检测系统、反病毒软件等。

然而，这些安全解决方案通常只能提供有限的保障，由于其局限性或弱点，安全威胁仍然可能会继续存在或者得以规避。

因此，安全方案需要不断地发展和升级，以提高安全级别和有效性。

在这样一个背景下，可信计算和可信网络连接的研究成为了当前信息安全领域的热门话题。

可信计算和可信网络连接以安全硬件为基础，通过将物理特征与数字证书相结合，维护了计算设备和网络之间的信任关系，有效地防止了恶意对计算设备和网络的攻击。

TPM（Trusted Platform Module）芯片是保障计算机可信计算的必要且关键的功能部件之一。

其包括了诸多物理防护功能，如硬件安全边界、存储保护等，同时提供了多种加密算法，实现了安全认证、防篡改数据、秘钥保护等功能。

TPM芯片的安全特性为计算机提供了可信认证和数据保护的基础，是可信计算和可信网络连接的关键技术之一。

2.研究内容和研究方法：本文主要研究基于TPM芯片的可信接入客户端原型系统TNCCS （Trusted Network Connect Client System）的设计和实现。

该系统主要包括TPM驱动、TNCCS客户端与TNCCS服务器三个部分，实现了计算机认证、数据的保护和防篡改等功能。

具体研究内容包括如下几个方面：（1）TPM芯片的原理和功能：介绍TPM芯片的基本原理和功能，包括硬件安全边界、存储保护、多种加密算法等。

（2）TNCCS架构与工作流程：描述TNCCS的架构和客户端与服务器之间的交互工作流程，包括客户端认证、安全通道建立和数据传输等环节。

（3）硬件接口和设备驱动程序：设计并实现针对TPM芯片的硬件接口和设备驱动程序，以提供TPM客户端和TNCCS服务器之间的数据安全保障。