Metrics Model, Based On The Dynamic Integrity Of The Trusted Computing

Bringing the trusted computing forward is said to be a new method to solve increasingly serious problems of network security. As one key technology of trusted platform, integrity measurement mechanism constructs the trust chain of trusted computing platform and expands credibility from trusted roots to the whole trusted computing platform. The traditional integrity measurement architecture is static, which only measures the integrity of system before loading software. Although some existing measurement systems can measure the integrity of system at runtime, they lack flexibility and availability. Owing to the lack of dynamic and real-time, they are hard to resist some malicious attacks.For the drawbacks of these mechanisms, a dynamic integrity measurement model with security and high-efficiency is designed and implemented based on research of existing integrity measurement mechanism in this thesis, and is applied in multi-level security model to achieve a balance between confidentiality and integrity of the multi-level security model. The main creative works are as follows:(1) In consideration of inadequacy of the static integrity measurement that cannot ensure the integrity of system in the run-time process, this thesis presents a dynamic integrity measurement model based on trusted computing, which helps the system administrators control the integrity of system in the run-time process. Compared with other existing measurement architectures of integrity measurement, this architecture introduces virtualization technology to monitor the processes' behavior in the run-time process and completes the dynamic integrity measurement. Malicious attacks which damage to the integrity of system in the run-time process were defended against. The security of the system was improved.(2)The current multi-level security model is lack of protection for information security in the access process. The improved UCON (Usage Control) model considers both confidentiality and integrity of multi-level security model by introducing the thought of dynamic integrity measure which has been mentioned in (1). The improved model can protect the security of information in the whole access process, employ the integrity verification policy to ensure the integrity of information and facilitate security administrators to choose proper security policy according to the application. All of these advantages increase the flexibility of the system.(3) The trusted computing platform environment is set up in Linux by using TPM-Emulator. And using JAVA language, the proposed dynamic integrity measurement model is implemented partly.