Research On Secure Technologies In Trusted Computing Environment

Trusted Computing (TC) is a new-born information security technology with embedded security chip Trusted Platform Module, aimed at patching the security limitation of the existing computer infrastructure and promoting the security level of computing system in a whole. Attestation of the platform is one of requisite functions supported by TC, whose main point is the Integrity Measurement. With the development of TC and the extensive applications of TC in all domains, how to enhancing and improving the attestation of platform in trusted computing platform has become one key researching topic.This dissertation analyzes the current situation and future trend of security technologies of TC, devotes to the exploring and innovating the research work of attestation of platform based on TC. Our works includes the technology of Integrity Measurement methods based on TC as well as their applications in data sealing, smart phone and Linux server, trustworthy networks and trust chain models. The main works are as follows.(1) The method to emulating and constructing trusted computing environment is studied in detail. A novel trusted computing environment based on hardware and software ESW-TPM is proposed. It is used to provide an available experimental platform for later research works.(2) The methods for integrity measurement based on TC are studied in detail. Two novel methods for integrity measurement are proposed to meet the different application cases, which are adaptive to Intranet and Internet respectively.(3) Several applications of integrity measurement proposed in this dissertation are studied in detail, including the method of sealing privacy data based on TC, the light-weigte method of access control for Android smart phone and the application on the security of Linux server.(4) The trustworthy estimation of user network behavior in local network is studied in detail. A novel method is proposed to estimate dynamically the trustworthy of network users in local network.(5) Summarizing our works in integrity measurement as well as its applications, a semantic model of trust chain with the aid of Stochastic Process Algebra is suggested, among which the granularity of integrity measurement is proposed to depict the relationship between measurement granularity and the trustworthy of platform as well as performance consumption of integrity measurement.(6) A trust chain model based on Petri is proposed to demonstrate several behavior features of trust transitive in TC.This dissertation deploys our researching works mentioned above with the technology route from engineering practice to theory study. In each research phase, simulation experiment is undertaken to verify the feasibility and rationality of relevant proposal. Simulation results indicate that the proposed innovations can enhance and promote effectively the capability of the attestation of platform for computing platform.