Design And Research Of System Protecting Model Based On Trusted Computing

With the explosive growth of network applications and complexity, personal computer platforms gradually changes from terminal devices to basic elements which serve as network computing. These changes lead to more serious security threats to the personal computing platforms. And some new challenges are presented for protecting mechanisms. For terminal security of PC, the secure mechanisms only with software have some limits and it can not defend against the attack efficiently. To protect the security of system, the Trusted Computing Group proposed a new hardware enhanced mechanism by modifying the architechture of computer.By studying and reforming the standards of Trusted Computing, the application of TC was enlarged from terminal devices to network transmission and the security of data was improved, too. The researches on TC in this paper include:Firstly, based on Trusted Computing, a terminal information protecting scheme was proposed. The user indetity was authenticated and managed by using both fingerprint identification and smart card, so the Authorization Data could be well protected and the terminal security could also be improved. We also proposed a protocol for verifying the terminal status before the connection and the suucess of connection was depended on the measurement of terminal, by which we can investigate Trusted Network Connection.Secondly, in the integrity measurement scheme of TCG available, the loaded code and static data were simply measured at load-time to approximate the integrity state of system at runtime, which did not reflect runtime behaviors accurately. To solve the problem above, a noninterference integrity measurement model based on actions of system processes was proposed. By using the basic idea of noninterference theory as reference, the process operation integrity and the interprocess integrity transmission were analyzed, hence the runtime integrity of system can be measured from the dynamic point of view. An integrity measurement model based on information flow control between processes was proposed. By dynamically modifying the integrity labels of subjects and objects of Biba model, the subject's access range was enlarged, not only the system integrity was described in nature but also the system compatibility was improved. With the noninterference theory, it was proved that the model met multilevel security policy.Thirdly, the challenge-response attestation protocol was improved to meet the report requirement in the area of real-time control. The Merkle tree was introduced in the new protocol to improve the efficiency of remote attestation, which made the responsor more actively and guaranteed the integrity of attestation result. Meanwhile, time stamp was introduced to keep the freshness of the attestation.Fourthly, a measurement model based on Xen, a virtual enviroment, was proposed to solve the variety of measurement caused by numerous and complicated hardware configuration and updating of software. This model investigated the trust chain transfer on Xen, in which the trust was transfered from the bottom hardware to Domain 0 and then to Domain U. A remote attestation protocol was proposed, where the Domain 0 was measured and attested to be trusted or not firstly, and the image of Domain U was launched under the control of Domain 0 which had been attested trusted. Finally, the trust of Domain U was also measured. In this model, the creation of the trusted virtual machine image was also taken into account, which included trusted compilation and centralized management of images. The characters of strong isolation of virtual machine and ignoring the underlying hardware differences contribute to the unity of integrity measurement.