| In recent years, with the fast development of Internet, network security requirements have become more sophisticated. Especially, server security requirements of the popular Web services are also increasing. Traditional security technologies, such as firewalls, antivirus software, can prevent computer viruses and Trojan attacks, but they can't put an end to these attacks fundamentally. Moreover, the main reason for most of the network attacks is that the terminals are hacked and then the server is attacked, so ensuring the safety of the network terminals is the key to the whole network system. Trusted Computing, which installs an inviolable trusted device as the root of trust in the platform by way of combination of hardware and software, and makes trust relationships extended to the whole computer system progressively through the way of the establishment of a chain of trust, is proposed for terminal security to ensure the credibility of the remote platform ultimately.In this thesis, it designs a chain of trust, which is based on java virtual machine from hardware to software, and simulates the TPM chip as a root of trust in software mode. Additionally, traditional TCG software stack wraps a C stack. In this paper, it specifically uses jTSS as TSS for java environment. It ensures that the upper java applications can call the TPM, to execute environment of the Java applications ultimately.In the traditional attestation of trusted computing, end-user or entity assures the trusty of platform by a chain of trust and avoids that servers send privacy messages to terminals which are unsafe or had been attacked. For dynamic and persist authentication of attestation, this thesis uses semantic remote attestation technology. Based on Linux system call of program when running, it compares between program's behavior attributions and these in model base to complete the aim of the trusty of platform. Through methods of semantic remote attestation in jTSS environment, it designs an attestation model for web server. In the process of web server facilitating, the server needs persistently to run safe attestation for clients, and once the environment changing of clients that not match for server's principles, the server immediately terminates web services.According to the characteristics of that a server provides many kinds of Web pages at one time, remote attestation process is divided into two parts, one is to decide whether to allow connecting to the server, the other is to decide whether to have right to enjoy services. This way is more efficient than the traditional approach, because that multiple Web Services might be provided when a client accesses the server, if all the decisions are made in the platform attestation process, which will make the system more complicated and deteriorate the performance of the system. Additionally, for different Web Services, contradictory rules might not be defined, such as allowing access to a web page and refusing access to the same web page happen at the same time. |
PDF Full Text Request