Researches On Some Key Techniques Of Trusted Computing Architecture

The rapid development of computer science has led new material life and spiritual life for human being. Unfortunately, it also brings great challenge to information system security at the same time. Today security accidents happen frequently and widely. However traditional security products for passive defense which leave client out of account have not form a coherent whole. Those can not meet needs for information security. In order to solve the problems, trusted computing takes steps by hardwares and cryptography to build up a secure architecture for source control and active defense. Trusted computing has been leading the development trend of information system securityAt present, many institutes and organizations have been developing and researching on trusted computing theory and technology, and the researches and applications in the field have accomplished substantial achievements. But the development of technology still exceeds the development of theory for trusted computing. According to fix the problems in TCG specification, this paper researches on trusted computing dual system architecture, which is aiming at build up trusted computing environment. Focusing on transitive trust, the paper discusses the chain of trust and the maintainability of trusted computing environment. For compatibility problem always emerges with new architecture, the paper also do some researches on the compatible problem for heterogeneous trusted computing architectures. The paper includes four aspects as follow.(1) Research on the model of chain of trust based on active measurementWith the analysis of the notion and the flow in TCG chain of trust, and the discussion of the relationship betweent TCG credentials and chain of trust, the paper sorts the problems in TCG chain of trust as source uncontrollability, root of trust vulnerability and TCG credential complexity. A chain of trust based on active measurement with a simplified credential architecture aim at to overcome those problems. The paper defines "active measurement" and its demands and features. Extending a logic theory of authentication by Lampson, the paper describes the model of chain of trust based on active measurement in formal way, and analyzes the trustworth and security of the model. The model enhances the security of the root of trust for measurement, and simplies the complexity of TCG credential, which is secure for chain of trust.(2) Research on the model of dynamic trust based on active measurementAccording to the analysis of current research on dynamic trust, the model of dynamic trust based on active measurement is proposed. A trusted moniter module is built up in kernel of operating system for the model to judge the trustworth of a process. The model considers a process as a deterministic finite automaton whose state is affected by other processes and files. The paper describes the definition of a trusted process, and proves that layering sysyem is a sufficient condition for trusted process. Compared with TCG IMM, the model is closer to the fact of actual process in memory. And the model deals with code-diversity and OS-state-complexity to make sure of the trustworth of computing environment in run and achieve the goal that the trusted computing system monitors the general system.(3) Research on the compatibility of trusted computingFocusing on compatible problems of heterogeneous trusted computing platforms, the paper takes the Chinese specification and the TCG specifications as sample. After comparing the differences between algorithms, key usages and protocols et al, the paper analyzes the demands of measurement compatibility, application compatibility, and platformcompatibility for a Chinese trusted computing platform (CTCP). And the paper proposes a compatibility model and an adapter generation algorithm for transplanting an application from a TCP to a CTCP. The paper also proposes a trust model for a CTCP and a TCP. And the paper describes an implematation of a compatible TSS for a CTCP. The work is aiming at a compatibility goal for CTCP to make functions compatible inside, and join together outside.(4) Research on the design and implementation for a prototype of the proposed schemesBased on the trusted computing dual system architectur, the paper conducts research on the implementation for a prototype of the architecture. According to the model of chain of trust based on active measurement, we design the power-on and the mainboard for the TPCM (Trusted Platform Control Module), and propose a scheme for the trustd system software containing a trusted control module which complies with he model of dynamic trust based on active measurement.