| Trusted computing platform provides a kind of terminal active protection means to enhance security of the information system, although the current research on trusted computing platform has made some achievements, information security incidents still occurred frequently in the application process. The root cause of this situation is that there isn’t a systematic application framework to guide the application of trusted computing platform in the information system, in particular, it lacks the dynamic security controls to related entities during the interaction, such as users, the terminal and the server, and it leads that the various parts are difficult to interact and be managed coordinately in the information system. At the same time, the advantages and the role of trusted computing platform in information systems security system is difficult to give full play. Aiming at above problems, the trusted computing platform application of information system is studied deeply and the work in this paper mainly includes the following three aspects:1. An information system security management framework(TSSMF) based on trusted computing platform is proposed aimed at the requirement of unified security control of the user, the terminal and the application in the application process of the trusted computing platform. A third-party manager is designed to implement unified trust authentication and security management of user’s access to terminal, terminal’s network access and interaction between terminals based on trusted network connection, which achieves overall security and trust of information system and dynamic security control of the terminal. The support protocol of user authentication, bidirectional authentication of users and servers and network access are designed in detail to ensure the effectiveness of control mechanism in this frame.2. An Inter-Domain Security Interconnection Framework (IDSIF) is proposed based on trusted computing platform aimed at security interconnection requirement of different management domains in the information system. The framework mainly consists of each management domain of information system and security management center of interconnection wherein the security control hierarchy of each management domain is constructed based on ISSMF and the security management center of interconnection is responsible of implementing trust authentication and security control of interconnected entities based on trusted computing platform, which achieves overall security and control management of interconnection between information system. A pyramid trust assessment model (PTAM) in this framework is designed to enhance trust verdict of interconnected terminal combined with trust evaluation theory, and a comprehensive trust assessment of interconnected terminal based on historical behavior is implemented in this model, which ensures the security and trust of interconnected terminal.3. The experiment is carried out in this paper aimed at the user authentication mechanism in the ISSMF framework and the PTAM model in the IDSIF framework. A prototype system for user authentication is designed wherein the function of registration and bidirectional authentication of users and servers is achieved in this prototype system, which verifies the feasibility of user authentication in ISSMF framework; The weight assessment of evidence factor of the PTAM model in the IDSIF framework is made combined with fuzzy hierarchy analytic theory, and the simulation experiment is carried out which verifies the rationality and effectiveness of PTAM model. |
PDF Full Text Request