Research On Management Scheme Of Trusted Application Software

Along with the development of computer and network, all kinds of communication and interaction are increasing continuously, the computer has become an indispensable part of our lives. The acceleration of the process of information causes that all sectors of society depend on computer more and more. Meanwhile, the problem of information security is also getting more and more prominent. The computer system is facing unprecedented challenge.On the one hand, malicious programs such as virus, trojan, worm are spreading recklessly among the computers and the networks, on the other hand, the firewall, antivirus software and intrusion detection are intensified one behind the other. But these corresponding protective measures always lags behind the malicious programs and the protective measures are in passive situation. When PC machine was designed in the past, openness and flexibility were emphasized and security attribution was neglected. The protective measures which based on software are very vulnerable to the attackers. For a long time, the bottom of computer system was thought to be absolutely safe, but the Internet's arrival makes the system face more security hidden danger.Trusted computing from the angle of active defense finds a new security mechanism and breaks the condition of passive defense. It takes the security hardware components as the foundation of system safety and adopts the mode of trust expansion to bring the whole system into trusted range. In the trust expansion, from the trusted root, let the layer which control the programs measure the layer above and report the result. If the measure succeeds and result is legal, then hands in the control to the layer above. In this way of trust expanding, it builds a trust link from trusted root to BIOS, then operating system loader, and operating system with application. In the process of trust expanding, it uses the mechanism of credible measure and report, guarantees the system's integrity and security in every layer.In the process of trust link from trusted root to operating system, the order is fixed. So the pattern of integrity measurement is a one-way link. This kind of process is stable and unidirectional. It is not hard to carry out the standard reference data of credible measure in measure process. But the transmission of trust link from operating system to application software presents a diversified and complicated condition. The previous strategy of credible measure is not suitable for this step. At the same time, the application software is the interactive part with user, so its security is easier to raise concerns. That how to transmit the trust link from operating system to application software need to build a measure strategy. This strategy should be valid for application's diversity. The main research works of this paper are as follows:1,This paper analyzes the development situation and research status of trusted computing. In view of the transfer limitation of trust link and shortcoming of some solution, this paper proposed a management mechanism of trusted software based a credible third party.2,This paper introduces the principle and architecture of trusted computing platform and analyzes the credible mechanism of platform by layers. The paper study two core module of trusted platform: TPM (Trusted Platform Module) and CRTM (Core Root of Trusted for Measurement). Besides, as for integrity measure to trusted platform, this paper analyzes the measure, storage, verification and report in measure process. Then it introduces two important algorithms: RSA and SHA, particularly regarding the SHA series algorithm. This paper makes the detailed analysis and comparison to SHA series, and chooses a algorithm according to the efficiency and security attribution.3,Based on the knowledge of trusted computing, this paper make use of remote attestation of trusted computing platform, proposes a management scheme of trusted application software. The scheme penetrates the procedure of software installment, mainteen and upgrade, guarantees integrity and credibility of software. It implements the idea of active defense in trusted computing, provides a new thought for trust transmitting from operating system to application software.4,This paper makes the prototype processs imulation to the scheme proposed above at last. And it proves that the management scheme is feasible and effective. Besides, we make the conception to future work.