Research And Application Of Dynamic Trusted Software Usage Control Model

In the 21st century, with the popularization of personal computers and development of network technology, the computers have become an important tool for information exchange and copperating work. The impact of computers has gone deeply into the human's lives. Whether the computer system is security has a direct impact on the human's life. Aiming at the security fault of computer system and network in the distributed open environment, people start to study next-generation security model to resolve the trouble. Jaehong Park and Ravi Sandhu proposed the Usage Control Model in 2002, which became a major research focus in recent years. In 2005, domestic people began to attach importance to study Usage Control Model. Usage Control Model is built as a security model frame, that can solve computer and network security issues in the distributed open environment, based on the Traditional Access Control, Digital Rights Management and Trust Management.The paper analyses the Traditional Access Control Model and standard Usage Control Model, and proposes a Dynamic Trusted Software Usage Control Model aiming at the security issues of using software in the disordered Cyber-Space of computer application system currently. It starts with protecting the terminal application system safety actively, and monitors and manages the software behavior, through considering the subject's action of security control model. It makes software identity and running in order, and achieves the disordered Cyber-Space ordered to solve security issues bring by the disordered Cyber-Space in the terminal application system. Security Administrator can set the security rule based on the system usage policy to monitor the software's behavior of the terminal computer, such as accessing resource, network communications and creating course.The paper designs the model's prototype system, based on lucubrating on the model, and implements it in the real-named software system of Tsinghua University. Security Administrator of the prototype system actualizes real-time usage control of the software's behavior in the application system of every terminal computer in the domain, by using the usage control server. It prevents the terminal computers from the hostility attack by the unknown virus and malware.