安全与可信securityandtrusted脆弱性安全vs.结构性安全.ppt
《安全与可信securityandtrusted脆弱性安全vs.结构性安全.ppt》由会员分享,可在线阅读,更多相关《安全与可信securityandtrusted脆弱性安全vs.结构性安全.ppt(65页珍藏版)》请在三一文库上搜索。
1、1,安全与可信 security and trusted 脆弱性安全 vs. 结构性安全 Vulnerability vs. Structure 攻防两端如何在结构性安全环境中寻求空间 Space in the structural environment,2,摘要Summary,脆弱性安全Vulnerability-oriented security 结构性安全Structural security 结构性安全中的脆弱性 Vulnerabilities in structures 结构性威胁Structural threats,3,脆弱性安全 Vulnerability-oriented s
2、ecurity,4,脆弱性Vulnerabilities,弱口令 simple password 病毒 virus 操作系统漏洞 OS flaw 协议漏洞 protocol flaw 造成拒绝服务攻击的性能限制 performance limitation 防火墙配置不当 bad configuration of firewalls ,5,面向脆弱性的安全 Vulnerability-oriented security,防病毒系统 anti-virus system 漏洞扫描系统 vulnerability scanner 补丁管理系统 patch management system 入侵检测
3、系统 IDS 防拒绝服务攻击系统 anti-DoS 防火墙 Firewall 多功能安全网关 UTM ,6,PSPC需求驱动筐架 Requirement Driven BaCaMeth,7,面向脆弱性的风险管理 Vulnerability-oriented risk management,8,国家标准中的风险管理关系图 Risk management elements in Chinese standard,9,最精简的风险管理要素模型 3-element risk management model,10,2006 SC Awards,Best anti-malware solution Be
4、st Anti-spyware Best Anti-trojan Best Anti-virus Best Anti-worm Best Content Security Solution Best Anti-spam Best Email Content Filtering Best Email Security Best IM security Best Intellectual Property Protection Best Network Security Solution Best Wireless Security Best Enterprise Firewall Best In
5、trusion Detection Best Intrusion Prevention Best Desktop Firewall Best Remote Access Best VPN - SSL Best VPN - Ipsec Best Endpoint Security Solution Best Web Filtering Best Encryption,Best Identity Management Solution Best Password Management Best Authentication Best Single Sign-on Best Two-Factor S
6、olution Best Unified Threat Solution Best Integrated Security Software Best Integrated Security Appliance Best Managed Security Service Best Email Managed Service Best Network Security Management Best Event Management Best Computer Forensics Best Policy Management Best Security Audit Best Security M
7、anagement Tool Best Vulnerability Assessment and Remediation Best Patch Management Best Vulnerability Assessment,Source from: http:/ Vulnerability-oriented security industrial environment,威胁方 Threat agents,厂商 Provider,用户 User,12,木桶原理的迷失 Misleading of Cask Rule,误导 将整体结构仅仅简化为防御结构 不考虑防御纵深问题 只考虑静态的结果状态
8、没有成本观念 Misleading Only consider prevention structure Not consider deep prevention Only consider static state Not consider cost-effective ,13,结构性安全 Structural security,基本结构basic structure 紧密结构 tight structure 松散结构loose structure,14,访问控制的RM机制 Reference monitor of access control,访问控制的RM机制是非常基本的安全结构 Ref
9、erence monitor of access control is a very basic security structure,15,RM机制有效的结构性条件 Structural conditions of valid RM mechanism,三个条件 不能被绕过 不可篡改 足够小,可以被证明,3 conditions of VRM Can not be bypass Can not be tampered Be small enough, can be proved,16,Randomly Generated Symmetric Key (seed + PRNG),Alice,P
10、ublic key,Private key,Private key,Public key,Bob,密钥交换过程 Key Exchange Process,17,紧密安全结构的代表可信计算 Tight security structure Trusted Computing,http:/www.trustedcomputinggroup.org,可信的定义 Definition of trust 可信就是,一个设备的行为是按照其预期目标和指定方式执行的 Trust is the expectation that a device will behave in a particular manne
11、r for a specific purpose. 一个可信平台应当至少提供三个基本特性:保护能力、完整性测量和完整性报告 A trusted platform should provide at least three basic features: protected capabilities, integrity measurement and integrity reporting. (From section 4.1, TCG Architecture Overview 1.0),18,TCG的基石性原理 Fundamental rule of TCG,信任根就像“公理”一样,是信任
12、的基础。在PC系统中,常常用硬件芯片实现。 Roots of trust In TCG systems roots of trust are components that must be trusted because misbehavior might not be detected.,信任链则是信任传递的机制。常常采用密码技术。 Chains of trust Transitive trust also known as “Inductive Trust”, is a process where the Root of Trust gives a trustworthy descript
13、ion of a second group of functions.,19,一个包含TPM的PC Reference PC platform containing a TCG TPM,20,TCG 可信平台模块 TCG Trusted Platform Module (TPM),一个可信平台常常拥有三个可信根 There are commonly three Roots of Trust in a trusted platform 测量可信根 root of trust for measurement (RTM) 存储可信根 root of trust for storage (RTS) 报
14、告可信根 root of trust for reporting (RTR),21,证明协议和消息交换 Attestation protocol and message exchange,22,TPM 存储可信根的体系结构 TPM Root of Trust for Storage (RTS),23,TPM 部件体系结构 TPM component architecture,24,TCG 软件分层 TCG software layering,25,可信平台的生命周期 The trusted platform lifecycle,26,可信平台上的用户认证 User authentication
15、 using trusted platforms,27,可信平台上的用户认证 User authentication using trusted platforms,28,经典的四角模型 The classical four corners model,29,四角模型的可信平台实现 Detailed TP deployment architecture,30,TCG对于可信计算平台的划分 8 categories of Trusted platform,体系结构Architecture,TPM,移动设备Mobile,客户端PC Client,服务器Server,软件包 Software Sta
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 安全 可信 securityandtrusted 脆弱 vs 结构性
链接地址:https://www.31doc.com/p-4158169.html