It is absolutely critical that trusted configuration man-agement which significantly affects trust chain establishment,sealing storage and remote attestation,especially in trusted virtu-alization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is pre-sented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representa-tion method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration repre-sentation. It reflects the true VM status in real time even if the configuration has changed,and it eliminates the invalidation of configuration representation,sealing storage and remote attesta-tion. TPM context manager supports TCG storage protection,re-mote attestation etc,which greatly enhances the security on trusted virtualization platform.
根据可信平台访问控制需求,提出一个可信平台属性分类规则,定义属性评估函数,可以实现可信平台数据安全分发和访问.同时针对XACML现有的策略合成算法不能有效满足可信平台自动方策略复合需求,设计了一个基于平台可信度的策略合成算法,该算法可以使策略的优先级和可信度保持一致,实现自动方策略复合.在此基础上,进一步对XACML实施扩展,形成可信平台策略语言框架TXACML(XACML based on trusted platform).采取TXACML对一个实例给出了策略描述和策略合成过程,验证了TXACML的有效性.