Automated Trust Negotiation And Management Based On Trusted Computing Platform

In recent years, the rapid development of computer technology promotes the popularization and application for the Internet. It makes that the computer comes into the thousands of families and businesses. People enjoy the benefits of computer, simultaneously they are troubled for the attendant problems. People most concerned about security, especially the security of personal information. Currently, a large number of online interactions between strangers have become mainstream, and the number of Web services is increasing. Usually the strangers are in the different network environment, so how to build trust and verify their own information security becomes a hot research issues. In this paper, the main idea is about the study of Automated Trust Negotiation technology, it is to solve these security problems.Trusted Computing is a new technology. It provides a new solution for the security problem with its unique perspective. Trusted Computing introduces a new computer architecture. It ensures the security of the terminals, and provides basic secure support for the network. The basic principle is to build a chain of trust. Firstly, create a root of trust in the bottom of the computer. Then, measure the computer system for every step in the process of startup to ensure that every operation is trusted. So, it can ensure that computer system is trusted. On this basis, this kind of authentication mechanism extends to the whole network. Thereby, a chain of trust is established from the bottom of the computer to the network application layer. The new concept of security brings hope to solve the security problems from the source.This paper focuses on how to build trust between the strangers, who are in the different network environment, by Automated Trust Negotiation. In this paper, it completes the following works:ⅰ) It improves Trust-Serv model, which is an existing automated trust negotiation model. Improvement for the model is mainly reflected in two aspects. One is the improvement of the negotiation controller for Trust-Serv model. The other is that it puts forward the concept of trust level. The negotiation controller for improved Trust-Serv model is divided into three parts:request and response module, policy selection module, negotiation management module. It enhances the control and management for automated trust negotiation. The improved Trust-Serv model adds the concept of trust level, which is identified according to the state in the process of automated trust negotiation. Trust level is the basis to obtain roles and authorization. Its advantage is to avoid security risks manually assigned the roles.ⅱ) In this paper, it designs the experiment to implement Automated Trust Negotiation based on Trusted Computing platform and simulate the process of Automated Trust Negotiation. The experiment is divided into three parts:to build the TPM experimental environment, to install the jTSS, and to develop the management module for client and server in the Java environment. In the end, it reaches the following conclusions by the experiment:the idea to improve Trust-Serv model is correct, and it makes Automated Trust Negotiation based on Trusted Computing platform to raise the trust degree.