IBRAHIM F A M,HEMAYED E E.Trusted cloud computing architectures for infrastructure as a service:Survey and systematic literature review[J].Computers&Security,2019,82:196-226.

CLARKE R A,KNAKE R K.Cyber war:The next threat to national security and what to do about it[M].Pymble,Australia:Harper Collins Publishers,2010.

王勇，王钰茗，张琳，等．乌克兰电力系统BlackEnergy病毒分析与防御[J]．网络与信息安全学报，2017,3(1):46-53.WANG Y,WANG Y M,ZHANG L,et al.Analysis and defense of the BlackEnergy malware in the Ukrainian electric power system[J].Chinese Journal of Network and Information Security ,2017,3(1):46-53.(in Chinese)

吕磅，韩嘉佳，孙歆，等．基于深度神经网络的电力无线终端安全接入测试[J]．浙江电力，2023,42(10):101-106.LYU B,HAN J J,SUN X,et al.Access security testing for wireless power terminals based on DNN[J].Zhejiang Electric Power,2023,42(10):101-106.(in Chinese)

SU L X,LI Z Z,GOU G P,et al.Identifying exposed ICS remote management device using multimodal feature in the wild[C]//2023 IEEE International Performance,Computing,and Communications Conference(IPCCC).November 17-19,2023,Anaheim,CA,USA.IEEE,2023:220-227.

本报评论员．没有网络安全就没有国家安全[N]．解放军报，2018-04-23(1).Our Commentator.Without cybersecurity,there can be no national security[N].PLA Daily,2018-04-23(1).(in Chinese)

国家市场监督管理总局，国家标准化管理委员会．信息安全技术网络安全等级保护基本要求：GB/T 22239―2019[S]．北京：中国标准出版社，2019.State Administration for Market Regulation ,National Standardization Adminnistration.Standardization Administration of the People’s Republic of China.Information security technology―baseline for classified protection of cybersecurity:GB/T22239―2019[S].Beijing:Standards Press of China,2019.(in Chinese)

沈昌祥．用主动免疫可信计算3.0筑牢网络安全防线营造清朗的网络空间[J]．信息安全研究，2018,4(4):282-302.SHEN C X.To create a positive cyberspace by safeguarding network security with active immune trusted computing 3.0[J].Journal of Information Security Research,2018,4(4):282-302.(in Chinese)

Communications Security Establishment ,Communications-Electronics Security Group ,Information Technology Promotion Agency,et al.Common criteria for information technology security evaluation:ISO/IEC 15408:1999[S].California:SAGE Publishing,1999.

AVIZIENIS A,LAPRIE J C,RANDELL B,et al.Basic concepts and taxonomy of dependable and secure computing[J].IEEE Transactions on Dependable and Secure Computing ,2004,1(1):11-33.

沈昌祥，公备．基于国产密码体系的可信计算体系框架[J]．密码学报，2015,2(5):381-389.SHEN C X,GONG B.The innovation of trusted computing based on the domestic cryptography[J].Journal of Cryptologic Research,2015,2(5):381-389.(in Chinese)

国家市场监督管理总局，国家标准化管理委员会．信息安全技术可信计算规范可信软件基：GB/T 37935―2019[S]．北京：中国标准出版社，2019.State Administration for Market Regulation ,National Standardization Adminnistration.Standardization Administration of the People’s Republic of China.Information security technology―trusted computing specification―trusted software base:GB/T37935―2019[S].Beijing:Standards Press of China,2019.(in Chinese)

陈志锋，李清宝，张平，等．基于内存取证的内核完整性度量方法[J]．软件学报，2016,27(9):2443-2458.CHEN Z F,LI Q B,ZHANG P,et al.Kernel integrity measurement method based on memory forensic[J].Journal of Software,2016,27(9):2443-2458.(in Chinese)

潘传幸，张铮，马博林，等．面向进程控制流劫持攻击的拟态防御方法[J]．通信学报，2021,42(1):37-47.PAN C X,ZHANG Z,MA B L,et al.Method against process control-flow hijacking based on mimic defense[J].Journal on Communications,2021,42(1):37-47.(in Chinese)

JIANG R,XIN Y,CHEN Z X,et al.A medical big data access control model based on fuzzy trust prediction and regression analysis[J].Applied Soft Computing,2022,117:108423.

庄琭，蔡勉，沈昌祥．基于交互式马尔可夫链的可信动态度量研究[J]．计算机研究与发展，2011,48(8):1464-1472.ZHUANG L,CAI M,SHEN C X.Trusted dynamic measurement based on interactive Markov chains[J].Journal of Computer Research and Development,2011,48(8):1464-1472.(in Chinese)

罗新星，唐振宇，赵玉洁．基于马尔可夫链的可信软件动态评估模型[J]．计算机应用研究，2015,32(8):2400-2405.LUO X X,TANG Z Y,ZHAO Y J.Dynamic software reliability assessment based on Markov chain[J].Application Research of Computers,2015,32(8):2400-2405.(in Chinese)

李小勇，桂小林．动态信任预测的认知模型[J]．软件学报，2010,21(1):163-176.LI X Y,GUI X L.Cognitive model of dynamic trust forecasting[J].Journal of Software,2010,21(1):163-176.(in Chinese)

李小勇，桂小林，赵娟，等．一种可扩展的反馈信任信息聚合算法[J]．西安交通大学学报，2007,41(8):879-883.LI X Y,GUI X L,ZHAO J,et al.Novel scalable aggregation algorithm of feedback trust information[J].Journal of Xi’an Jiaotong University,2007,41(8):879-883.(in Chinese)

郁宁，王高才．基于可信期望的跨域访问安全性研究[J]．计算机应用研究，2020,37(11):3406-3410+3416.YU N,WANG G C.Study on cross-domain access security based on trusted expectations[J].Application Research of Computers,2020,37(11):3406-3410+3416.(in Chinese)

张帆，徐明迪，赵涵捷，等．软件实时可信度量：一种无干扰行为可信性分析方法[J]．软件学报，2019,30(8):2268-2286.ZHANG F,XU M D,ZHAO H J,et al.Real-time trust measurement of software:Behavior trust analysis approach based on noninterference[J].Journal of Software,2019,30(8):2268-2286.(in Chinese)

黄浩翔，张建标，袁艺林，等．基于无干扰理论的虚拟机可信启动研究[J]．软件学报，2023,34(6):2959-2978.HUANG H X,ZHANG J B,YUAN Y L,et al.Research on trusted startup of virtual machine based on non-interference theory[J].Journal of Software,2023,34(6):2959-2978.(in Chinese)

SAILER R,ZHANG X,JAEGER T,et al.Design and implementation of a TCG-based integrity measurement architecture[C]//Proceedings of the 13th USENIX Security Symposium.San Diego,CA,USA.USENIX Association.2004:1-16.

刘孜文，冯登国．基于可信计算的动态完整性度量架构[J]．电子与信息学报，2010,32(4):875-879.LIU Z W,FENG D G.TPM-based dynamic integrity measurement architecture[J].Journal of Electronics&Information Technology,2010,32(4):875-879.(in Chinese)

JAGER E T,SAILER R,SHANKAR U.Policy-reduced integrity measurement architecture(PRIMA)[C]//Proceedings of 11th ACM Symposium on Access Control Models and Technologies.New York,USA.2006:19-28.

PETRONI Jr N L,FRASER T,MOLINA J,et al.Copilot-a coprocessor-based kernel runtime integrity monitor[C]//Proceedings of the International Conference.San Diego,CA,USA.USENIX Association.2004:1-8.

PETRONI N L Jr,HICKS M.Automated detection of persistent kernel control-flow attacks[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.Alexandria Virginia USA.ACM,2007:103-115.

SHI E,PERRIG A,VAN DOORN L.BIND:A fine-grained attestation service for secure distributed systems[C]//2005 IEEE Symposium on Security and Privacy(S&P’05).Oakland,CA,USA.IEEE,2005:154-168.

DONG S W,XIONG Y,HUANG W C,et al.KIMS:Kernel integrity measuring system based on Trust Zone[C]//2020 6th International Conference on Big Data Computing and Communications(BIGCOM).Deqing,China.IEEE,2020:103-107.

吴远．Windows应用程序的可信度量技术研究与实现[D]．南京：南京理工大学，2012.WU Y.Research and Implementation of Trust Measurement Technology for Windows Applications[D].Nanjing:Nanjing University of Science and Technology,2012.(in Chinese)

吴涛，杨秋松，贺也平．基于邻接点的VMM动态完整性度量方法[J]．通信学报，2015,36(9):169-180.WU T,YANG Q S,HE Y P.Method of dynamic integrity measurement for VMM based on adjacency data[J].Journal on Communications,2015,36(9):169-180.(in Chinese)

蔡梦娟，陈兴蜀，金鑫，等．基于硬件虚拟化的虚拟机进程代码分页式度量方法[J]．计算机应用，2018,38(2):305-309+315.CAI M J,CHEN X S,JIN X,et al.Paging-measurement method for virtual machine process code based on hardware virtualization[J].Journal of Computer Applications ,2018,38(2):305-309+315.(in Chinese)

VADUVA J A,DASCALU S,FLOREA I M,et al.Observations over SPROBES mechanism on the Trust Zone architecture[C]//2019 22nd International Conference on Control Systems and Computer Science(CSCS).Bucharest,Romania.IEEE,2019:317-322.

汪自旺，庄毅，晏祖佳．一种移动安全域动态完整性度量方案[J]．小型微型计算机系统，2021,42(11):2422-2427.WANG Z W,ZHUANG Y,YAN Z J.Probe-based dynamic integrity measurement scheme for mobile devices using ARM Trust Zone[J].Journal of Chinese Computer Systems ,2021,42(11):2422-2427.(in Chinese)

GE X Y,VIJAYAKUMAR H,JAEGER T.Sprobes:Enforcing kernel code integrity on the Trust Zone architecture[J].Procedia Computer Science,2014:1793-1795.

PETER A L,MCGILL K N.LKIM:The Linux kernel integrity measurer[J].Johns Hopkins APL Technical Digest,2013,32(2):509-516.

JOY J,JOHN A,JOY J.Rootkit detection mechanism:A survey[C]//Advances in Parallel Distributed Computing.Berlin,Heidelberg:Springer Berlin Heidelberg,2011:366-374.

ABIJAH ROSELINE S,GEETHA S.A comprehensive survey of tools and techniques mitigating computer and mobile malware attacks[J].Computers&Electrical Engineering ,2021,92:107143.

JUNNILA J.Effectiveness of Linux rootkit detection tools[D].Oulu:University of Oulu,2020.

LI Y G,CHUNG Y C,HWANG K,et al.Virtual wall:Filtering rootkit attacks to protect Linux kernel functions[J].IEEE Transactions on Computers ,2021,70(10):1640-1653.

BUCHANAN E,ROEMER R,SHACHAM H,et al.When good instructions go bad:Generalizing return-oriented programming to RISC[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security.Alexandria Virginia USA.ACM,2008:27-38.

BLETSCH T,JIANG X X,FREEH V W,et al.Jump-oriented programming:A new class of code-reuse attack[C]//Proceedings of the 6th ACM Symposium on Information ,Computer and Communications Security.Hong Kong,China.ACM,2011:30-40.

李晓勇，左晓栋，沈昌祥．基于系统行为的计算平台可信证明[J]．电子学报，2007,35(7):1234-1239.LI X Y,ZUO X D,SHEN C X.System behavior based trustworthiness attestation for computing platform[J].Acta Electronica Sinica,2007,35(7):1234-1239.(in Chinese)

MAGGI F,MATTEUCCI M,ZANERO S.Detecting intrusions through system call sequence and argument analysis[J].IEEE Transactions on Dependable and Secure Computing ,2010,7(4):381-395.

FORREST S,HOFMEYR S A,SOMAYAJI A,et al.A sense of self for unix processes[C]//Proceedings 1996 IEEE Symposium on Security and Privacy.Oakland,CA,USA.IEEE,1996:120-128.

HOFMEYR S A,FORREST S,SOMAYAJI A.Intrusion detection using sequences of system calls[J].Journal of Computer Security,1998,6(3):151-180.

蔡洪波，单征，范超，等．基于非定长系统调用序列的程序行为动态度量方法[J]．计算机应用研究，2016,33(4):1154-1158.CAI H B,SHAN Z,FAN C,et al.Dynamic measurement of program behavior based on variable-length system call sequence[J].Application Research of Computers,2016,33(4):1154-1158.(in Chinese)

LI H,SHAN Z,CHAO F,et al.A model of short sequence matching and Markov estimating on behavior recognition for anomaly detection[J].International Journal of Advancements in Computing Technology,2014,6(1):106.

杨维永，刘苇，崔恒志，等．SG-Edge：电力物联网可信边缘计算框架关键技术[J]．软件学报，2022,33(2):641-663.YANG W Y,LIU W,CUI H Z,et al.SG-edge:Key technology of power internet of things trusted edge computing framework[J].Journal of Software,2022,33(2):641-663.(in Chinese)

MARICONTI E,ONWUZURIKE L,ANDRIOTIS P,et al.MaMaDroid:Detecting Android malware by building Markov chains of behavioral models[C]//Proceedings 2017 Network and Distributed System Security Symposium.San Diego,CA.Internet Society,2017:1-34.

WAGNER D,DEAN R.Intrusion detection via static analysis[C]//Proceedings 2001 IEEE Symposium on Security and Privacy.Oakland,CA,USA.IEEE,2001:156-168.

GIFFIN J T,JHA S,MILLER B P.Detecting manipulated remote call streams[C]//11th USENIX Security Symposium(USENIX Security 02).San Francisco,CA,USA.2002:1-19.

GENS D,SCHMITT S,DAVI L,et al.K-miner:Uncovering memory corruption in Linux[C]//Proceedings 2018 Network and Distributed System Security Symposium.San Diego,CA.Internet Society,2018:1-15.

FELT A P,CHIN E,HANNA S,et al.Android permissions demystified[C]//Proceedings of the 18th ACM Conference on Computer and Communications Security.Chicago Illinois USA.ACM,2011:627-638.

DAWOUD A,BUGIEL S.Bringing balance to the force:Dynamic analysis of the Android application framework[C]//Proceedings2021 Network and Distributed System Security Symposium.Virtual.Internet Society,2021:1-18.

SHANG W L,XING X Y.ICS software trust measurement method based on dynamic length trust chain[J].Scientific Programming,2021:6691696.

刘晗，李凯旋，陈仪香．人工智能系统可信性度量评估研究综述[J]．软件学报，2023,34(8):3774-3792.LIU H,LI K X,CHEN Y X.Survey on trustworthiness measurement for artificial intelligence systems[J].Journal of Software,2023,34(8):3774-3792.(in Chinese)

秦臻，庄添铭，朱国淞，等．面向人工智能模型的安全攻击和防御策略综述[J]．计算机研究与发展，2024,61(10):2627-2648.QIN Z,ZHUANG T M,ZHU G S,et al.Survey of security attack and defense strategies for artificial intelligence model[J].Journal of Computer Research and Development ,2024,61(10):2627-2648.(in Chinese)

DAS S,LIU Y,ZHANG W,et al.Semantics-based online malware detection:Towards efficient real-time protection against malware[J].IEEE Transactions on Information Forensics and Security ,2016,11(2):289-302.

MENG Q,WANG X M,YANG K,et al.Research on intrusion tolerance system based on behavioral baseline and defense-indepth architecture[C]//International Conference on Mechatronics and Intelligent Control(ICMIC 2024).Wuhan,China.SPIE,2025:1-13.

CONG S,ZHAN K L,LIANG C,et al.Digital currency features oriented fine-grained code injection attack detection[J].Journal of Computer Research and Development ,2021,58(5):1035.

MENG D,HOU R,SHI G,et al.Security-first architecture:Deploying physically isolated active security processors for safeguarding the future of computing[J].Cybersecurity,2018,1(1):2.

沈昌祥，田楠．按“等保2.0”用主动免疫可信计算筑牢“新基建”网络安全防线[J]．信息安全与通信保密，2020,18(10):2-9.SHEN C X,TIAN N.Building a“new infrastructure”network security defense line with active immune trusted computing according to“equal security 2.0”[J].Information Security and Communications Privacy ,2020,18(10):2-9.(in Chinese)

王晓，张建标，曾志强．基于可信平台控制模块的可信虚拟执行环境构建方法[J]．北京工业大学学报，2019,45(6):554-565.WANG X,ZHANG J B,ZENG Z Q.Construction method of trusted virtual execution environment based on trusted platform control module[J].Journal of Beijing University of Technology,2019,45(6):554-565.(in Chinese)

芮志清，梅瑶，陈振哲，等．Se Chain：基于国密算法的RISC-V安全启动机制设计与实现[J]．计算机研究与发展，2024,61(6):1458-1475.RUI Z Q,MEI Y,CHEN Z Z,et al.Se Chain:Design and implementation of RISC-V secure boot mechanism based on domestic cryptographic algorithms[J].Journal of Computer Research and Development ,2024,61(6):1458-1475.(in Chinese)

田健生，詹静．基于TPCM的主动动态度量机制的研究与实现[J]．信息网络安全，2016,16(6):22-27.TIAN J S,ZHAN J.Research and implementation of active dynamic measurement based on TPCM[J].Netinfo Security,2016,16(6):22-27.(in Chinese)

黄坚会，张江江，沈昌祥，等．基于TPCM可信根的双体系可信终端计算架构[J]．通信学报，2025,46(4):1-14.HUANG J H,ZHANG J J,SHEN C X,el at.Dual system trusted terminal computing architecture based on TPCMRoT[J].Journal on Communications ,2025,46(4):1-14.(in Chinese)

MORBITZER M.Scanclave:Verifying application runtime integrity in untrusted environments[C]//2019 IEEE 28th International Conference on Enabling Technologies:Infrastructure for Collaborative Enterprises(WETICE).Napoli,Italy.IEEE,2019:198-203.

冯登国，刘敬彬，秦宇，等．创新发展中的可信计算理论与技术[J]．中国科学：信息科学，2020,50(8):1127-1147.FENG D G,LIU J B,QIN Y,et al.Trusted computing theory and technology in innovation-driven development[J].Science in China(Information Sciences),2020,50(8):1127-1147.(in Chinese)

严飞，于钊，张立强，等．vTSE：一种基于SGX的vTPM安全增强方案[J]．工程科学与技术，2017,49(2):133-139.YAN F,YU Z,ZHANG L Q,et al.vTSE:A solution of SGX-based vTPM secure enhancement[J].Advanced Engineering Sciences,2017,49(2):133-139.(in Chinese)

KUMAR S,PANDA A,NERLIKAR A,et al.A tug-of-war between static and dynamic memory in intel SGX[C]//2025 38th International Conference on VLSI Design and 2024 23rd International Conference on Embedded Systems(VLSID).Bangalore,India.IEEE,2025:272-277.

赵波，袁安琪，安杨．SGX在可信计算中的应用分析[J]．网络与信息安全学报，2021,7(6):126-142.ZHAO B,YUAN A Q,AN Y.Application progress of SGX in trusted computing area[J].Chinese Journal of Network and Information Security,2021,7(6):126-142.(in Chinese)

董春涛，沈晴霓，罗武，等．SGX应用支持技术研究进展[J]．软件学报，2021,32(1):137-166.DONG C T,SHEN Q N,LUO W,et al.Research progress of SGX application supporting techniques[J].Journal of Software,2021,32(1):137-166.(in Chinese)

ZAHID M J S.Integration of intel SGX with confidential measurement control for enhanced remote attestation[J].Authorea Preprints,2025:1-10.

WEISSE O,BERTACCO V,AUSTIN T.Regaining lost cycles with HotCalls:A fast interface for SGX secure enclaves[C]//2017ACM/IEEE 44th Annual International Symposium on Computer Architecture(ISCA).Toronto,ON,Canada.IEEE,2017:81-93.

TIAN H L,ZHANG Q,YAN S M,et al.Switchless calls made practical in intel SGX[C]//Proceedings of the 3rd Workshop on System Software for Trusted Execution.Toronto Canada.ACM,2018:22-27.

WANG Z Y,ZHOU Y Z.Analysis and evaluation of intel software guard extension-based trusted execution environment usage in edge intelligence and internet of things scenarios[J].Future Internet,2025,17(1):32.

WEICHBRODT N,AUBLIN P L,KAPITZA R.SGX-perf:A performance analysis tool for intel SGX enclaves[C]//Proceedings of the 19th International Middleware Conference.Rennes France.ACM,2018:201-213.

JIAN Z L,LIU X,DONG Q K,et al.SmartZone:Runtime support for secure and efficient on-device inference on ARM Trust Zone[J].IEEE Transactions on Computers,2025,74(6):2144-2158.

BUSCH M,MAO P,PAYER M.Global confusion:TrustZone trusted application 0-days by design[C]//Proceedings of the 33rd USENIX Security Symposium.Philadelphia,PA,USA.IEEE,2024:24SEC4.

GOES C,SOUSA J,NETO J B,et al.Key-encapsulation mechanisms embedded in trusted execution environment:An evaluation[C]//2025 IEEE International Conference on Consumer Electronics(ICCE).Las Vegas,NV,USA.IEEE,2025:1-6.

徐万山，张建标，袁艺林，等．基于BMC的服务器可信启动方法研究[J]．信息网络安全，2021,21(5):67-73.XU W S,ZHANG J B,YUAN Y L,et al.Research on trusted server startup method based on BMC[J].Netinfo Security,2021,21(5):67-73.(in Chinese)

孙亮，陈小春，钟阳，等．基于可信BMC的服务器安全启动机制[J]．山东大学学报(理学版)，2018,53(1):89-94.SUN L,CHEN X C,ZHONG Y,et al.Secure start up mechanism of server based on trusted BMC[J].Journal of Shandong University(Natural Science),2018,53(1):89-94.(in Chinese)

苏振宇．基于国产BMC的服务器安全启动技术研究与实现[J]．信息安全研究，2017,3(9):823-831.SU Z Y.Research and implementation of secure boot technology for server based on domestic BMC[J].Journal of Information Security Research,2017,3(9):823-831.(in Chinese)

庄琭，沈昌祥，蔡勉．基于行为的可信动态度量的状态空间约简研究[J]．计算机学报，2014,37(5):1071-1081.ZHUANG L,SHEN C X,CAI M.Research on state space reduction of behavior-based trusted dynamic measurement[J].Chinese Journal of Computers,2014,37(5):1071-1081.(in Chinese)

SANG Q,WANG Y H,LIU Y W,et al.AirTaint:Making dynamic taint analysis faster and easier[C]//2024 IEEE Symposium on Security and Privacy(SP).San Francisco,CA,USA.IEEE,2024:3998-4014.