| With the development of network technology and highly shared network resource, there exists some security problems such as authentication and building confidence between two sides, confidentiality and integrity of information transmitting and exchanging, and access control during the period of resource sharing. Under such circumstance, traditional authentication and access control policy are not fit today's situation. Multi-hierarchy access control model based on trusted computing platform presents as a solution of these problems.At the beginning of this paper, some technologies related to trusted computing, access control and multi-hierarchy are introduced, then some multi-hierarchy access control model are analyzed and some deficiencies of those models are found. With this analysis, a multi-hierarchy access control model based on trusted computing platform is brought forward by combing trusted computing technology and access control technology. This model, which is base on trusted computing infrastructure, transfers trust from trusted computing infrastructure to trust relationship, and finally to network activity. At the same time, this paper adopts a new idea of multi-hierarchy key to implement multi-hierarchy relation, which not only makes trust relationship and network activity behave as multi-level trust in access control, but also strengthens the protection to multi-hierarchy itself. After that, this paper researches and designs a multi-hierarchy access control model based on trusted computing, which contains multi-hierarchy access control core module and trusted computing infrastructure module. Among these modules, multi-hierarchy access control contains multi-hierarchy relation establishment sub-module and authorization sub-module. Multi-hierarchy relation establishment sub-module is a certification authority which consists of random number generator and key generator; random number generator is to generate a proper random number, as well as to be called by the key generator; key generator, which calls random number generator to generate proper random numbers, generates multi-hierarchy keys based on specified access control policy, as well as to be called by the authenticated users; multi-hierarchy relation establishment sub-module also supports all kinds of services related to key, such as distributing keys, updating keys, storing keys, backuping keys, restoring keys, depositing keys and so on. Trusted computing infrastructure implements trusted authentication based on hardware, keeps the multi-hierarchy key safe, but also keeps the platform trusted with the mechanism supported by the TPM. This model solves the flexibility of establishing trust relationship, as well as making the model to be more universal and adapts to establishing of trust relationship and trust activity interaction in open network environment.At the end of this paper, a improved model architecture with its integral workflow is described in detail.The model in this paper not only enhances the security, but also improves the granulation of multi-hierarchy relation building. This model could apply to e-gov, e-commerce, e-shopping, and e-payment, etc. And it has extensive application perspective. |
PDF Full Text Request