Research Of Software Distribution For Trusted Computing Platform

Trusted Computing technology is based on trust transfer and measurement; it is an effective solution to an increasing number of viruses, Trojans, network intrusion and other security threats that computer information systems are facing with. The terminals, laptops and servers build on trusted computing technology have been used in many important areas such as government, finance, to ensure the national and enterprise information security. With the application of trusted computing platform more widely, there is an urgent need to establish a software distribution system adapted to trusted computing technologies, which can effectively manage and control software credibility, safety and suitability, in order to improve the overall safety level of computing information systems based on trusted Computing platform, meet the growing demand for information security.Aiming at the security demand for the software distribution and features of the information systems built on trusted computing platform, a software distribution scheme for trusted computing platform is proposed and designed, providing support to software distribution and use. It is based on researching and analyzing existing software distribution systems and integrated using of trusted computing platform authentication, integrity measurement and other security mechanisms. The main work of this paper includes the following 4 points:1. Based on researching and analyzing trusted computing platform security mechanisms and application demands. Framework with software security checks, identity formation, intelligent distribution is proposed.System components, functions and the overall workflow are designed in details.2. For the functional and security requirements of distribution, on the basis of analyzing of existing software description language, the description content and methods for software security, functional properties and software dependencies, platform constraints and user privileges are studied, we propose a DSD-improved software distribution description language SDDL (Software Distribution Description Language), and using SDDL implement the intelligent strategy for distribution based on user permissions and platform constraints.3. There may be viruses, redundancy functions and other security risks before the software is distributed, so we put forward a software declaration-based inspection strategy, implementing dynamic judgment of software credibility by comparing the declaration that developers submitted and software behaviors of system runtime information extraction; To ensure the security between software distribution system and user platforms, a third-party mutual authentication protocol based on trusted computing platform certification (AIK credential) is designed, it can negotiate the key for encryption transmission of sensitive information. The security of distribution process model is certified based on the judgment conditions of trusted system.4. Based on theoretical research, we detailed design the distribution server and client; The algorithms of software inspection and distribution strategies are implemented, experiments prove that the scheme of this paper ensures software credibility and improve the distribution efficiency compared with the traditional distribution systems.