Research Of Application Environment Security Based On Trusted Computing

Application environment which is the working environment of the users of the information system is the key tache of the "Information Security Assurance Framework". The lawful users communicate with the information system through the application environment while the unlawfull users destroy the secureity of the system mainly through the application environment. So the safeguard of the application environment is the leading edge of the information secureity recovery. Whether the application environment is secure or not has directly relation to the security of the information system. At present the researches on the secureity of application environment are focused on trusted hardware designing secure OS and network security etc. But there are at least two problems. Firstly, the safequard of OS and that of application system are out of joint. Secondly, combination of trust and security is not closely. All of these problems result in that the security of application layer is depended on the safeguard of the application software (such as authorization and privilege). The secure problem of application layer has become the shot board of the application environment security.According to the hereinbefore problems, this paper is focused on how to make up a secure application environment. The purpose of this paper is to discuss the theories and key technologies about application environment security, bring forward the application environment security assurance framework, and provide academic and technicall support for making up the secure application environment. This paper is following the route of that resolve the problem application environment security assurance on the base of TCB expanding. We will work on the TCB trusted expanding model based on the TCB subsets, inorder to expand the TCB from the hardware layer to the system layer and to the application layer. We will study the trusted pipeline mechanicsm based on the supporting of hardware trusted root, in order to ensure the space-isolating relation of the TCB subsets and conjunct the reference monitor of system layer and application layer. We will study the access control model which is suit the application layer, in order to guarantee the consistence of the system layer access control strategy and the application layer acess control strategy.Eventually, results are obtained in the following four areas:Firstly, the application environment security assurance framework based on the trusted computing technology is studied. A model of application environment securety assurance is proposed, in which the relations of secure safeguard secure mechanicsm and secure policy are formally described, this is important for make up secure application environment. On the base of this model, the application environment security assurance is come down to three aspects which are TCB trusted expanding layering designed access control mechanicsm and hierarchily secure policy. Via resolving these three problems the safeguard mechanicsm and policy of application environment are hang together. These form the entirely project of making up secure application environment.Secondly, TCB trusted expanding model is studied. According to the actuality that there is almost no theory of TCB expanding, this paper proposed TCB trusted expanding model based on TCB subsets. In this model, TCB is divided into some TCB subsets according to the hierarchy of the secure policy, and the time-isolation and space-isolation relations between TCB subsets are formally described. On the base of trusted surporting relations of TCB subsets, the sufficient condition for judging whether the processs of TCB expanding is trusted or not is put forward and proved.Thirdly, the formal model of trusted pipeline is studied. The trusted pipeline is the logic path of information flow. The definition and sort of trusted pipeline are informally described in this paper. The trusted pipeline for TCB expanding which is the sufficient condition for the space-isolation relation between two TCB subsets comes into being is one type of the trusted pipeline and it is the object which is mainly studied. In order to study the basic attribute of the TCB expanding pipeline, we bring forward the formal definition of the trusted pipeline and the roles for making up transmiting and withdrawing the trusted pipeline. At last, the theory of noninterference is imported to discuss the security of this model, and a project is proposed.Fourthly, Application Object Oriented Access Control model is studied. This model which integrates the predominance task based access control model (TBAC) object oriented access control model and role based access control model (RBAC) can be used in production-oriented information system to enhance the secure level. In this model the task of workflow is abstracted as application class and the instance of task is abstracted as application object. The inside character and outside relations of application object are formally described. A set of security rules is brought forward to achieve granular access control, which restricts the operation of application object considering the context.