| With the internet technology pervading all fields of daily life and the increasing security demands, the node privacy also becomes an important issue. However, the present implementation method of Multi-level security access control which is on the premise of identity clarity cannot satisfy the anonymous demands for the access object and subject, therefore, nowadays the traditional authentication schema are not fit demand of anonymous. As a result, the multi-level security access control technology based on Direct Anonymous Attestation (DAA) was raised to solve the abovementioned shortcomings.Studying on the shortcomings of present multi-level security access control models, this paper states a brand new scheme which combines the anonymous idea with multi-level trust model supported by Trust Computing (TC) technology. Utilizing the anonymous characteristic of DAA protocol, the new scheme offers a meaningful research. Compared to traditional technology, it can protect efficiently the visitor's identity privacy as well as get fine grained access control levels in more details. The key technology within the anonymous validation model is Trusted Computing Platform (TCP), which includes the user authenticated by the platform and the unique network identity of platform, etc. TCP can prove itself well and truly by the unique identity certification which is issued by authority organization, supplying the foundation for application such as e-commerce and e-government.In this paper, the multi-level security access control technology based on DAA performs access control through three processes: identity authentication, level of trust distribution and access control judgment. Aimed at terminal's anonymous demand, the scheme adopts both DAA certification and ordinary digital certification as the core identity technology to solve the security problems of platform authentication and trust transformation. Good performance of the new model has been verified by simulation test. The simulation test demonstrates that time spending ratio is a fixed value (10 times) between verification of DAA certification and ordinary digital certification.At the end of this dissertation, the author applies this model to two sample systems, access control of corporation Intranet and net-shopping system, and analyzes how to solve the security problem in the practical application. It has been proved that this model is feasible and useable. The new Multi-level security access control technology based on DAA protocol, not only implements the basic access control, but also protects the visitor's identity privacy efficiently which is feasible and extensible. It is applicable to use in e-commerce, financial institution and martial information system, etc. This model has extensive application perspective for the demand of trusted computing environments... |
PDF Full Text Request