| A system is defined as an important information system when its security grade is above the third grade in the national classified information system protection in China. Any security destroying has an impact on social order, public benefit, even the national security and stability. Thus, the important information system must be protected in a high level. In China, Professor Shen Changxiang, a famous information security expert who is the academic member of Chinese Academy of Engineering, proposed the idea of using the platform security as the key to solve the security problem in important information system. This idea is consistent with "trusted computing", which was put forward by TCG. Trusted computing assures the information system security by improving platform security.However, the information system security evolution shows that there still exists some important security problems: 1) lacking a security architecture that is fit for important information system. It is known that the security defense intensity of the information system depends on the weakest part of Maginot line. If there is no appropriate security architecture as a guide, it is difficult for the various security components in the information system to coordinate with each other and to work in order. Then, it often appears the "safety shortcomings" phenomenon, resulting in the vulnerability in the security and all the protection efforts in the information system are in vain. 2) Trusted computing and security mechanisms come apart. The complexity of important information system increases the difficulty in implementing trusted computing. As a result, it is difficult to provide a good assurance service for upper applications. At the same time, most of the current secure operating systems are still using the traditional security architecture before trusted computing. Thus, the current OSes do not take full advantage of the credible function provided by trusted computing to enhance their own safety, making the trusted computing exist in name only. 3) Security and usability are insufficient. To some extent, security and usability are contradictory, and sometimes it's necessary to reduce the usability to enhance the security. For example, in order to reduce the risk of destroying system confidentiality, most of the current important information systems prohibit using mobile storage devices and prohibit terminals from accessing the public network, which reducing the seriously. Therefore it's extremely necessary to enhance the system's security without reducing its usability. With the guideline of "three vertical and three horizontal safeguard system" architecture, from the information system application environment security angle, this dissertation tightly focuses on the problems mentioned above and studies the security architecture and practical models of important information system systematically and comprehensively, and made the following contributions:Firstly, a security architecture for important information system is proposed, which is composed of trusted application environment, trusted boundary control and trusted network transmission. On this architecture, the trusted application environment architecture is refined, fully reflecting the idea of organic integration for trusted computing and security, namely the trusted computing is the basic assurance for security, and security mechanism is helpful for trusted computing in providing better service for upper application.Secondly, an isolation model based on trusted application environment is proposed, which provides a theoretical guidance for shielding and eliminating the harmful interference among tasks, and therefore maintaining the task behavior's dynamic trust ability. According to the behavior characters of applications in information system, this model sets up a correlation between the application and resource, which are strongly related to each other, through the partition of resources in information system. Also, the model assumes that it is impossible for a trusted task to send out information flows to interfere with other task's normal operation. Thus, in the model the task can only communicate with the environment by reading the other application's correlative resource and the first task in the information flow must be trusted, eliminating harmful interference among tasks. Then the model is more practical.Thirdly, the thesis proposes a system security model based on trusted application environment. The model takes the mode of "three entities", which restricts the user's permission by defining what application he can run, and to restrict the task's permission by limiting the resources it can accesses. In order to make sure that an access control mechanism can take full use of the context task running in to check the safety of information flow and to give more accurate access control decision, this model has extended the system TCB to application level with the support of trust train transmission mechanism. In addition, the model defines that the task integrity level is related to user confidence level, application confidence level and the task's running state. This avoids the disadvantage that the confidential level is equal to the integrity level of entity in traditional BLP and BIBA model, making it easy for two-way information flow.Finally, this thesis proposes a key management scheme for important information system, which is especially secure and easy to use and update. Taking full advantage of the identity-based code system, this scheme effectively integrates identification authentication with storage protection and avoides the security flaws existing in the authentication module. In addition, the scheme uses the idea of digital envelope to get the real storage protection key encapsulated with valid user's public key. Only the authenticated users in terminal can get the correct key with their own private key. This idea does not expose the storage protection key to user, which reduces the risk of leaking storage protection key to unauthenticated users. The scheme makes full use of the encryption storage functions provided by trusted computing to store the encapsulated key in TPM. Thus, only after providing the valid authentication information, the user can get the proper key, which improves the security of this scheme.
|
PDF Full Text Request