Research On The Theoretical Model And Implementation Mechanism Of Trust Chain In Terminal

The development and application of computer and network technique enhance thepace of informatization, which not only provides convenience for the human life, butalso putfs orward a more severe challenge for the information security. On one hand, thenew technology brings the new security issues continually; on the other hand, thetraditional meanings of solving security problems which are based on plugging ordetection fail to deal with the increasingly diverse and explosive security threats.Therefore, it is necessary to start from the terminal and bottom to construct an activedefense information security system to solve the security problem, which brings forththe concept of Trusted Computing.Trusted Computing intends to introduce the concept of “trust”into cyberspace. Theaim of implanting the root of trust to the bottom system, and relying on a series ofmechanisms, is to ensure trust be transferred successfully between different levels frombottom to up, and then finally actualizes the entire system trusted. In the world, anumber of manufacturers have developped and launched Trusted Computing terminaland related products based on Trusted Computing Group’s specifications. At home,Chinese Trusted Computing Union has been established, which consists of manymanufacturers, universities, and research institutions, dedicating to the study of theenacting of trusted computing standards with Chinese characteristics, the developmentand promotion of products. Nowadays, Trusted Computing has become a hot topic inthe field of information security.However, compared with the technology development, there are still seriousshortcomings in the theory of Trusted Computing. The definitions of “trust”and “trusted”are the basis of Trusted Computing theory, while the definitions are still in dispute atpresent, so that there has not been a recognized theoretical model for TrustedComputing. The core content of Trusted Computing is constructing and maintaining ofthe trust chain, but it lacks of theoretical model for trust meseaurement, transition andloss. Based on the above issues, the research of this thesis encircling terminal focuses onthe formal definition of trust and trusted, terminal trust management model, as well asthe realization mechanism of trust chain, where the so-called terminal means the basicunit of a network system-the computing node. The main achievements are as follows:On theory:1)Proposes formal definitions of trust in Trusted Computing.Trust is the most basicconcept in trusted computing theory.As to study Trusted Computing is to solve securityproblems, we first analyze the relationship between trust and security. Second, wedefines two sorts of trust respectively——the trust based on identity and trust based onaction, using many-sorted first order logic as a tool. Third, we study the related properties of trust relationship among components, such as reflexivity, symmetry andtransitivity, and emphatically discuss the conditional transitivity of trust.2) Puts forward a model for trust management based on labeled transition system—Ranut. We first give the description of model states and show the invariant of the modelthrough two mappings. Second, we study the trust initialization problem. Third, byconsidering a variety of situations in single steptransition, we analyze the maintenanceand renovation of trust, and conclude the set of state transition rules of the model basedon action trust. Finally, we also introduce an implemention of the model.On implementation:3) Proposes a method for layering components via dependencies relationship.Hierarchical structure has been an important research direction of Trusted Computingsystem architecture. Based on the ideology of Trusted Computing, by modeling the rootof trust as the minimal element of a partial order set and using related knowledge aboutthe complete partial order in set theory, we propose the method for layering componentsof a system via dependencies between them, followed by the proof of the completenessof the method.We also show the implementation of the method through an example.Using the method proposed, we extend the trust degree of a component to a vector, andaccording to their layer number, we put forward a method of evaluating the trust degreeof a component.4) From the view of usability，this thesis proposes an attribute-based access controlmodel. First of all, some basic concepts such as attribute, attribute item are introduced,followed by the model for an access control rule via constraint satisfaction problem.Second, we prove that a positive rule and a negative rule can be transformed into eachother on the given condition that attribute item domains have been fixed, based onwhich the definition of consistent policyis proposed and its formal models, the sets ofpermitted actions are depicted, respectively, according to Permit Override Algorithmand Deny Override Algorithm. We also show the expression power of the modelthrough examples. Third, we bring forward the concept of attention rate on attributeitem, and using which we propose a general method for rules combination. Finally, weintroduce the methodology employed by the OS210to resolve the confilicts amongaccess control policies.