Research And Implementation On A Trusted Secure Storage System

With the development of information and network technology and the popularization of their application, people are more and more dependent on information system. While information systems are serving as the key infrastructure all over the world, malicious software (or malware) becomes a new type"social vermin". Nowadays, information systems are mostly threatened by information stealing and destroying attacks launched by such malware as virus, worm, Troy horse and spy-ware. With an enlarged gap between the expanding of information technology application field and the laggard development of responding defense technology, the situation turns to be serious.Explicit authorization (briefly EA) mechanism has many excellent security properties and is capable of preventing information stealing and destroying attack. The research of this dissertation focuses on constructing a trusted secure storage (briefly TSS) system based on the EA mechanism and its simulating implementation. TSS has a host-independent operation and software environment. By right of TSS's own trusted bases and its unique trusted access interface provided to the host part, it guarantees the trustworthiness of all data access process in computer system so that data security is fully achieved.Firstly, this dissertation discusses several essential theory issues of current information security technology. Based on them, explicit authorization mechanism is put forward with accurate definition, formal model and demonstration of security properties. This part aims to describe this mechanism and its security in theory.Secondly, based on the EA theory, this dissertation constructs the trusted secure storage system TSS. Above all, it makes a complete model of TSS architecture, including hardware structure and software system. TSS hardware structure comprises self-manage storage unit, host hardware interface, explicit authorizing unit and storage media. Software system modeling is another key content of this dissertation, which incarnates the explicit authorization mechanism completely and definitely. Software system comprises some main subsystems such as the TSS embedded OS, host interface specification, file access control module, explicit authorization table management and audit system.Thirdly, this dissertation discusses many other related important security technologies, including the security technology of OS installation, start-up and running in the TSS-based computer system, security management technology of multi-OS, and data recovery technology. In addition, this dissertation demonstrates the ability of TSS-based computer system preventing information stealing and destroying. In addition, some limitations of the system are necessarily analyzed.