Researchand Implementatrusted Management System Based On Domestic Trusted Chip

Trusted Computing is an important technique to enhance the security ofinformation systems has been a common concern of many governments, academiaand industry. At present, China has independently developed a variety of confidencechip TPCM, but for the use and management of trusted chip is still in its infancy.Therefore, the design and implementation of a trusted domestic trusted chip-basedmanagement system for the promotion of trusted computing technology research andapplication of great significance.Currently, the typical information system security management has the followingproblems: Security Management Center does not use the trusted chip as the trustedcomputing base, ant it lack of a credible foundation for the hardware and trustedhardware management mechanism; trusted software and management are not perfect,the lack of a mechanism to ensure that the software is installed, uninstall and maintainit’s trusted during the process and the lack of the necessary audit of security-sensitiveoperations; hierarchical security of the computer system can’t provide effectivesupport.In order to solve the above problems, the present subject to design andimplementation of trusted management system based on domestic trusted chip as thetarget. Research trusted chip as a trusted computing base management systemarchitecture, and which focus on the trusted hardware management, the trustedsoftware management and hierarchical security protection on three key technologies.Specific research work are as follows: First, the design of a trusted hardwaremanagement mechanism based on domestic trusted chip, compatible with the currentcomputer system under the premise of providing trusted chip configurationmanagement, trusted storage support and trusted of chip platform configurationregister reference value update method core functionality; Second, the study of trustedsoftware management mechanisms, in particular for the control and audit of the entiresoftware installation process and the integrity of the software metrics validation toensure that the follow-up software installed in the computer system was trusted; sametime, research and design of trusted management audit system, it can be as a trustedsoftware management mechanisms to provide the necessary audit services, but also allsecurity sensitive operations trusted management system for effective audit and support query; then classification of trusted management system policy protectionmechanism, it can be easily security vendors develop the curing protection strategiesof the different security granularity on demand, while supporting trusted managementsystem administrators to custom extended a hierarchical security policy; followedthrough the integration of the research, starting from the scene of the practicalapplication of trusted management system were analyzed and summarized to solve atrusted management system in a number of key issues in the process, then the trustedof management based on trusted chip system implementation. Finally, the existingtrusted computing lab environment trusted management system verification testing.By verifying test results show that the implementation of trusted management systemhas good robustness, but also meets the functional requirements of the existingcomputer system security trusted hardware and software management, andhierarchical security protection, As a result overall security of the computer systemsignificantly improved.