| The essence of intranet information security is effective management of intranet information flow and data flow for full life-cycle, construction of information and data security controlled use, storage and exchange environment,and as a result, achievement of intranet core data confidentiality and protection.According to the requirements of the development process of information security within the network in China, in view of the current intranet of increasingly serious leakage of confidential information and loss issues, and based on trusted computing theory, the main contents of this paper focus on enhancing the security of the terminal platform, intranet information process monitoring, encrypted storage and transport protection, and trusted computing support within the network access, user terminal security enhancements, and information security management. In this way, the intranet information resources, computers, service providers and users could be connented together organically, and a computer, documents, user trinity in trusted intranet information security system could be built. Important intranet information from a variety of illegal leaks and damage could be prevented, and effective control and protection within intranet data resources could be achieved. Specific contents of this paper are as follows:1. Trusted computing architecture for intranet information securityBased on security requirements of intranet information transmission and storage, and combined with the characteristics of trusted computing,this paper integrated Trusted Platform Module (TPM) with Trusted Software Stack (TSS) , and then it designed trusted computing system structure to protect intranet information security. By building a trusted root, a trust chain is built up, starting from the trust root to the hardware platform, operating system, application, certification and trust one by one. This trust is extended to the entire intranet computer system, thus it's ensured that the entire intranet information transmission and storage is credible. 2. Intranet information security model within the trusted environmentCombinating trusted computing theory with traditional gets-authorization model, it will take security model to introduce trusted subject, ensure that limiting access and authorized operation can only be used by trusted subject, and then increase the trust validation rules for model. Thus it may simplify the model control and prevent dishonest inter-subjective conspiracy to steal unauthorized information. By defining the entities data sharing security policy and the communication mechanism, it formed of a comparatively complete security policy system is formed, and security itself and credibility within the intranet information security mechanism are strengthened.3. The dynamic encryption and decryption within intranet information security protectionBased on the dynamic encryption and decryption, intranet information security protection methods are designed in this paper. After classifying the enterprise electronic document stored and managed in a database. electronic document is dynamically encrypted and decrypted, and then travels over the network. The information of real-time transmission is to monitor and audit, so as to realize dynamic sharing of the electronic document, safety transmission and safety control within the intranet information integration platform.4. Intranet information security system's design and implementationBased on trusted computing system and trusted security model, the comprehensive utilization of trusted chain established technology, process trusted protection technology, storage security technology and network access authentication technology, realize security enhancement for the terminal system is achieved. By constructing a logical internal trusted security domain integrate identity authentication, network monitoring, classification management, and in order to protect the files from the bottom to proceed, sensitive files within intranet are implemented dynamic encryption, the intranet information security system, and achieve effective control of intranet resources is designed and implemented in this paper. |
PDF Full Text Request