中文摘要：

完整性度量是可信计算的关键问题之一.首先分析了目前研究成果在开放网络环境下存在的问题及其原因.提出了一种开放网络环境下完整性按需度量模型.该模型由度量请求者根据具体要求定制完整性度量策略,完整性度量策略由程序指令度量策略和数据流度量策略组成,度量响应者根据度量策略来度量自身组件的完整性,并为每个度量请求构造相应的可信链实例.该模型动态地度量完整性,改善了度量结果的新鲜性,兼顾软件代码和用户数据的完整性度量,克服了度量目标的片面性.在该模型的基础上实现了远程证明及其原型系统,并在流媒体服务网络中进行实验测试,实验结果表明该模型以较低的资源开销解决了存在的问题,能够适应开放网络环境下完整性度量的要求.

英文摘要：

Integrity measurement is a hot research topic in trusted computing.The potential defects of the existing integrity measurement models under open network environment are analyzed.Aiming at these defects,an on-command model for integrity measurement is proposed.In this model,interrogators define their policy of integrity measurement according to their own security needs.Measurement policy is made up of code and data flow integrity measurement policy.Interrogatee only measure the integrity of relevant components defined in measurement policy,not all possible components in interrogee.Interrogee maybe was inquired from many interrogators simultaneously and should construct special instance of integrity measurement for each interrogator.Compared with the existing models,the noticeable point of this model is the self-defining measurement policy,which provides enough convenience to meet interrogators＇ needs.Meanwhile,this model supported integrity measurement of both code and data flow,which overcome the one-sided defect of measuring partial object.Remote attestation and prototype system based on this model are built in a stream media service network.In this network,servers measure the integrity of clients＇ media player before service,and measure the integrity of media data during service.The experiment under stream media service network indicate that this model has solved the existing problems and could be adapted to open network environment with acceptable performance cost.