Research On Theory And Technologies Of Trusted Network Connect And Dynamic Authorization

Currently, information system security is facing an austere situation, and security accidents are taking place frequently. In order to enhance the security level of information system, we must take actions from the bottom of the system, accompanying with the network security techniques and cryptography. Compared with the traditional concept of network security, the connotation of trust is much wider. Trust is the attribute formed by measuring and analyzing behavior, which focuses more on the trustworthiness and controllability of behavior. So the trend of network security is the trusted network with expectable behavior. For the trusted network, there are two main issues to take off. One is the security and dependability of data transmission, which can be ensured by cryptography. The other is the trusted resource sharing and the way to ensure its reliability and controllability, especially for the rational authorization of resource sharing.But how to feed these requirements is still a problem left for us to go further to study.Focusing on the computing environment and user behavior of terminal system, it proposed an authorization predictive control model which can be self-adaptive to the resource sharing environment in this paper. Combined with the architecture of trusted network connect, it also established a comprehensive and dynamic syetem of trusted network connect and authorization based on the trust of user behavior, which can be summarized as follows:(1) Aiming at the current situation of authorization models which lack the trust-based evaluation of terminal computing environment and user’s behavior and focus less on the occurrence of abnormal environment and behavior during the process of resource sharing, server can not carry out the reasonable adjustment of dynamic authorization and control. We take deep research on the elements and features of authorization for resource sharing. Learning from the model predictive control theory and method, we proposed an authorization predictive control model based on user’s behavior. And combined with the trusted network connect, we also proposed a dynamic control model of trusted network connect and authorization, which ensure a comprehensive, process-based, and dynamic authorization protection. However, this model is a bit complicated.(2) As it is required to use the mathematical methods to build the authorization model mentioned above to obtain evaluation of authorization with quantitatively analysis and get the corresponding constraints and performance indexes to determine the optimization of the judgment matrix, we take the trust of user’s behavior and platform environment as target to explore the principles of trusted information collection and the model of trust evaluation, and then propose a dynamic authorization model under the guidance of signaling game theory. Using the authorization based on the signaling game, system can overcome the problems of inaccuracy and incompleteness of the method that prediction of the user’s behavior is depending on the evaluation of evidence.(3) Aiming at the problems of judgment matrix, which is usually presented by the expertise leading the subjectivity and uncertainty of quantitative analysis, we determine to optimize the judgment matrix using the genetic algorithms, and propose the way to generate the initial judgment matrix and adjust judgment matrix automatically if the abnormal event happens during the process of resource sharing. According to the re-calculating evaluation of trust, we propose a model which can adjust the resource authorization and always can ensure the self-adaptive authorization with the user’s behavior and resource sharing environment.(4) Aiming at the problems of the network connect and authorization system, which lack the dynamic controllability and ignore the evaluation of behavior trust, we have built a whole trusted network connect and dynamic authorization demonstration system from the bottom to top. Firstly, we design and implement the network access control system, the remote attestation system, and the whole architecture and interfaces of trusted network connect based on TPM, and actualize the mutual attestation; Then the authorization model predictive control system based on the user’s behavior using the genetic algorithm and signaling game model is achieved; Finally, the trusted dynamic control system of the network connect and authorization based on the user’s behavior is accomplished, which can improve the integrated defense capabilities of trusted network by constituting an internal associated control system between user’s behavior and policy of the network connect and resource authorization.