Research On Some Key Technologies Of Data Leak Prevention Based On Trusted Computing Platform

With digitization and network of the information resources, it aggravates the probability of the private data being stolen, leaked and damaged, which makes both the enterprise and personal being suffered from the increasing loss every year. To address these problems, a number of solutions have been proposed which are based on access control, data encryption, content monitoring and filtering, virtualization or the hybrid scheme of these techniques. However, more and more data security incidents are still repeated in a growing trend. Fundamentally, the existing terminal platform which employs an opening architecture cannot prevent and eradicate all possible security threats. What’s more, many security problems lie in these existing security schemes, for instance, lack of proper mechanisms of trust and authentication for platform, the shortage of high-performance and highly reliable mechanism to constructing the trusted network domain, the limited credible scheme to meet heterogeneity and adaptability of the security policy management, and no effective and light weight key management center, etc. Fortunately, the trusted computing technology provides a good idea for solving the existing problems. Actually, the trusted computing aims at addressing the potential security problems in the terminal. By means of several advantage technologies, such as hardware-based key management center, trusted certification, trusted measurement, trusted storage, trusted network connect and so on, the trusted computing platform supports the establishment for various security approaches fundamentally. However, faced with application assistance, there are still many problems remained to investigate. One of the major problems focused on in this dissertation is the trusted platform-based data leak prevention (DLP).Based on the trusted computing technology, this dissertation mainly focuses on the key problems which are remained unsolved, for instance, the solutions about the secure boot, data protection, key management for the terminal platform, and the security policy management for internal trusted network domain etc.The main works and contributions made in this dissertation are listed as follows:(1) To address the drawbacks existing in both the opening architecture terminal platform and standard reference measurement-based trusted boot in trusted platform, a novel secure boot scheme based on TPM Seal mechanism is proposed. Since the judgment of whether to continue for a component relies on an auto-authentication mechanism for the creditability that is supplied by TPM_Seal command and TPM_Unseal command, neither the standard reference value for each component in booting status nor the real-time measurements verified by verification agency are required. To implement the proposed scheme, no additional measures are required to ensure the safety of CRTM and only minor changes should be taken into the trusted platform. Therefore, the proposed scheme is effective, feasible and more convenient to implement. Simultaneously, a real-time online updates and re-measurement scheme was proposed for boot components and core components of operating system without restarting the operating system based on secure boot. Thus, the safety of the central part of the endpoint can be guaranteed.(2) To address the potential security problems of overreaching and bypassing existing in the traditional Role Based Access Control (RBAC) model while being employed in the encrypted data protection, a role-extended model by key based on RBAC (KRBAC) is proposed. By setting an independent region controlled by key, the KRBAC extends the role to a triple which consists of the role, the control domain of the role and the control domain of the key. With the inheritance of partial ordering relation and the security constraint, it ensures that the adversary cannot capture the confidential information without the corresponding key. Moreover, an element-level fine-grained data protection method is presented based on the KRBAC with element-level keys generated by the major key and characteristic information of data. The analysis suggests that the proposed method could reduce the quantity of roles, decrease the complexity of the access control and improve the rationality for permission assignment. Furthermore, it can not only prevent the authorization field from being leaked, but also protect it against fake and tampering.(3) In order to avoid the complicated hierarchical key AuthData management for the TPM which be used in the cipherdata protection, a novel key AuthData management scheme is proposed. In this scheme, the keys tree of the TPM is virtually classified into multiple levels which could be ranked from low level to high level in a top-down mode. And in one chain of keys, the lower level AuthData values can be easily derived from the higher level AuthData values, but it is conversely infeasible. Even if there are a number of users who obtain the lower level AuthData values, the conspiracy attack for calculating any one of the higher level AuthData values is impossible. The analyses show that only one AuthData should be maintained by each granted user and only the modular exponentiation and hash operation are required for generating and deriving an AuthData.(4) To overcome the problems caused by the multiple heterogeneous policies in a virtual organization, such as policy compatibility, trusted verification, secure delivery and self-adaptive management etc., a novel policy management model named THPMM is proposed. This model employs several important techniques to meet the actual requirements, for instance, it establishes the trusted network domain by the Trusted Network Connection (TNC) and authenticates the external host which is applying the internal resources to guarantee the creditability and security for the internal hosts, it introduces the trusted techniques into the entire lifecycle of policy management and unitize a mapping mechanism to unify the heterogeneous policies, it delivers policy securely through the revised TCP handshake protocol and COPS transfer protocol, and achieves the self-adaptive capability of policy by modifying parameters of policy and overriding the policy objects. Compared with the existing methods, the proposed scheme which can process security policy credibly and benefit the application of security management in the trusted region is more complete.To sum up, this dissertation focuses on several key issues of the DLP, such as the secure boot, data protection and key management for terminal platform, and the security policy management for the internal trusted network domain etc. The proposed methods and solutions will play an important role for promoting and applying the trusted computing technology in the field of the DLP.