Trust Chain To Pass Under The Trusted Computing Model

Because of the design deficiencies in the computers' architecture, the computers can not prevent virus, hackers and insider thieves. In order to solve the insecurity of computers fundamentally, trusted computing group begins to carry out trusted computing platform technology through the way of adding the safe chip. The basic idea of the trusted computing platform is firstly built a root of trust, and then a trusted chain, and in the manner of one level measures another and trusts another to extend the trust relation to the whole computer system which insures the trust of the computer. The chain of trust is an important technology of the trusted computing which ensures the creditability and the safety of the computers.The chain of trust can be divided into two processes:one is the process that from the boot of the platform to the starting of the operating system, the other is from the operating system to the applications starting. In system boot phase, TPM and CRTM play the key role, but the system added TPM can cause the users lose some important cryptographic information which goes against the principle of easy to use. Meantime, when the operating system is started, the users who have already passed the validation can still break the creditability of the system through the way of human-computer interaction, and the present manner can brings extra overhead time, especially when the trusted chain transfers to the application layer because to ensure the safety of the application layer, not only the application program should be measured, but also the dynamic shared library and configuration file and so on that the program loads which brings extra overhead time and pulls down the runtime efficiency of the system. Thus, it is important to design a more reasonable and efficient model of trust chain.This thesis carries out a series of researches about the model of trust chain, and the main tasks are summarized as follows:1) Introducing the current situation of chain of trust, analyzing the advantages and disadvantages of them. Improving the existing solution of the chain of trust form boot-trap to the loading of the operating system and bringing forward the chain of trust model of the system boot phase. Besides, the innovation of the thesis is the proposing of the solution of secure solution based on USB KEY and BIOS under TPM fault.2) In order to prevent the users to break the trustiness of the operating system who have already passed the verified, a solution of monitoring the users' behavior has been brought forward, at the same time, simulation has been taken to prove that the solution can improve the accuracy and overcome the disadvantage that analysis can't be done to the insider users.3) Combining the virtualization technology, white lists and LSM technology to bring forward parallel and active defense model of the chain of trust in order to prevent the programs that are not in the list which realizes the active defense, reduce the time spending in the process of measurement. Formal verification is given to the model and basic prototype implementation is carried out with software such as Cent OS Linux, VMware Workstation, and TPM Emulator.