Built On The Jvm. Trusted Computing Research And Design Of A Complete Chain Of Trust

Trusted computing means that the trusted computing platform based on security hardware module is used in the computing and communications systems, by enhancing the security of existing computer system architecture to enhance the whole system's security. The trusted computing group only develops technical specifications of trusted computing hardware platforms. While only hardware platform is trustworthy, the entire system is still insecure. So it is necessary to establish trusted mechanism for the operating system and application.The research work is supported by the electronic information industry development fund (NO.H04010601W060692). Based on the ideas from the trusted computing, the thesis has made a study of strengthening the security of the existing computer system. It is researched that how to establish the software part of the chain of trust building process which is not mentioned in TCG specifications. A whole chain of trust from hardware to software based on java virtual machine is designed, and eventually the trustworthy java application execution environment is realized.In the thesis, current security technology and requirements for its development is analyzed, the idea and technical direction of enhancing computer system security is elaborated, and the concept, architecture and current research progress of TCG are discussed in details. Finally, through an analysis of two significant components (java virtual machine loader and class loader subsystem) involved in the process of a java program's start-up and running procedure, a complete chain of trust is constructed in the environment of trustworthy personal computer platform, linux operating system, and java runtime enviorment 6. And eventually an authenticated execution environment of java application is realized by Trusted JVM'. Through the use of cryptography services and storage capabilities provided by trusted platform module, inserting control points before application module loading, the integrity information is measured and verifid in the process of building. After the chain of trust system is tested under real environment, the trustworthy of this system is proved. In this environment the untrustworthy software or trustworthy software which is illegal tampered can't be executed. And thus malicious attacks or spreading of viruses is avoided. This system also has the ability to prove and report the current integrity information.The main contributions of this thesis include:1. Aiming at the trusted mechanism of application which is not referred in the TCG spcification, the thesis designed a complete chain of trust based on JVM.This design is useful and valuable for further study in trusted computing and trusted mechanism of application.2. Through modifying the JVM based on TCG specifications, the trustworthy java application execution environment is realized and a complete and cross-platform design to realize the trust of java application under trusted computing platform is provided. By using trusted computing platform's functions and trustworthy class list, 'Trusted JVM' can provide stronger security control and more stringent security policies under current java security model.