| Trusted computing technology has become a hot topic in the field of information security because of its powerful protection ability of terminal security and widely applying prospect. It becomes the most attractive hotspot either from its theory or its application in these years. Whether the computer system is trusted is based on the trustiness of its hardware, network, operating system, middleware, application software, users of information system and the complicated systems between them. The computer system will be not trusted if problem appeared in any of these parts.Current researches of domestic and overseas about trusted computing focus on hardware level, which judges whether the terminal is trusted based on the integrity measuring of firmware. Research on software trustiness is one of the branches of trusted computing. For application software which becomes more and more complicated, there are some threats of software about their crisis, bugs, errors, failures, invalidations inside the software and virus or the malicious codes outside the software. So merely measuring the terminal's firmware integrity has not satisfied the trusted request of current network. How to do general trustiness evaluation of the terminal's status, especially to choose an evaluating policy in high efficiency, is an important problem which has not been researched much yet from home and abroad. Considering all the reasons above, we present in this paper an initial quantity research on matching evaluating policies with the integrity measuring parameter based on the adaptive matching of policies and knowledge in information security field. The innovative works of this paper are as follows:1,This paper firstly studies the integrity measurement model of TNC based on learning the TNC architecture specification, then gives a matching policy architecture of integrity measurement with focuses on matching the evaluation policies of trusted accessing model. This architecture has packaged a series of actions, such as matching and choosing the evaluation policies according to the integrity measurement parameter in one component and communicated to the whole trusted architecture with an interface in order to implement the order of loosely coupled and high cohesion.2,Learning from more mature ideology of ontology and the principles of computer immune, according to the ontology construction rule, it provides the integrity measurement parameter of the firmware, hardware and software in the proposed policy matching architecture, and do the ontology constructions on the accessing control policies in database in order to implement the atomic semantic. Furthermore, it also designs an adaptive matching policies model based on immune theory to embody the adaptive choosing of evaluation policies. 3,This paper gives an immune matching algorithm based on the research and analysis of ontology matching algorithm. It matches the ontology integrity measurement parameter and policies and gets the testing conclusion with the simulation testing. The result shows that this algorithm can effectively do the optimized policy matching between the parameters of integrity measurements. |
PDF Full Text Request