| Hyposys represents a special distributed network system, which is composed of many network notes who locate in different places in a country. Firstly, a lot of important data, which must be kept secret, is produced by different bossiness software that is running in Hyposys. Secondly, Hyposys is required to connect to external network though its internal security level is very high. Accordingly, Hyposys may face many potential threats from external penetration attacks and internal compromise. To deal with these threats, a lot of security mechanisms have been deployed on BIOS, Operating System, PCs, Servers and network. However, there are still many security incidents such as internal illegal tampering and external interfering by viruses. To meet this security requirement, this paper mainly discusses the Trusted Computing technology and proposes a trusted platform model and architecture to guarantee the S is running under expectations.Firstly, this paper proposes a theoretical model named non-interference trusted model (NITM) which uses the non-interference security policy model for reference and is suitable for designing trusted computing platform. This model abstracts the system as: process, action, state and output, and gives the formal definition of the trusted of process. Through analysis of this model, three important characters for trusted running are acquired by reasoning method, which are Output Consistency, Local Consistency, Single-step Consistency. These characters can help to conveniently map the model to actual system and valid whether the practice is trusted or not.Based on NITM, this paper proposes trusted platform architecture and practical framework which is established on the root of trust. The basic idea is to support trusted functions by cryptography and support system trusted running without interference by trusted functions. Trusted Platform Control Model (TPCM), acting as the root of trust, achieves three important roots RTM, RTS and RTR to support a trusted tunnel for communication between applications and TPCM. Furthermore, the engineering model of trusted tunnel is proposed, the composing of which is discussed, and whose definition is described by formal method. The proposition that the trusted tunnel is an instance of intransitive no interference trusted model is proved, and the probability of the interference trusted tunnel subjecting to interference can be come down to cryptogram decryption, which is proved by computing undistinguished, thereby, the theory of no interference is advanced to engineering furthermore. The main parts of trusted platform architecture is described in this paper, including the cryptogram scheme of trusted platform, Trusted Platform Control Module, Trusted Platform Base Support Software and Trusted Platform Trusted Chain, the compatibility is discussed in the final of the paper. The basic idea of this paper is to taking trusted computing functions as the core to guarantee system trusted running and security. TPCM acts as the root of trust, extending the trust chain to form TCB. TCB in different layers can achieve seamless connection by using trusted pipeline, which makes TCB independence from other entities. The extension of TCB realized the security function of system based on trusted root, which greatly reduced the scale of TCB, easy to describe, validate by formal method, and can be implemented.This paper is based on a lot of trusted computing research projects that the author has participated in, including researching and setting trusted computing standards which is assigned by Information Security Standard Committee, 973 technology plan 2007CB311100, and 863 general project 2006AA01Z44 etc. The above-mentioned works take the important application as background, corresponding theoretical model is researched, engineering model is bring forward, a number of key technologies of trusted computing platform is breakthrough, the major innovation is as follows:Firstly, in theoretical model aspect, No Interference Trusted Model based on process is proposed, the determine conditions of the trust of system operation is advanced, the trust of system operation is researched by logic reasoning and formal methods. The model is based on strict logic reasoning, independence of security mechanisms and implements. Any implement in line with the model can achieve the purpose of system operation trust.Secondly, in engineering model aspect, No Interference Trusted Pipeline Model, trusted pipeline is described as instance of intransitive no interference trusted model by formal methods, and the proposition that the model cannot be interfered by other entities is proved by computing undistinguished, towards the design of trusted computing platform architecture.Thirdly, trusted computing platform cryptogram model is proposed, the cryptogram implement scheme is improved, double-certificate management solution is advanced, platform key migration scheme is simplified; a new authorization protocol is presented whose security is analyzed by BAN logic method.Fourthly, the design scheme of Trusted Platform Control Model (TPCM) is proposed, the problem of trusted root has been solved, the traditional thought that trusted platform module is considered as passive device has been changed, trusted platform module is designed as an active device, the active control of TPCM chip to the whole platform has been achieved. All of the trusted roots are imbed into the chip, which is subjected higher physical protection.Finally, Trusted Basic Support Software design scheme is researched, Trusted Reference monitor (TRM) Model is proposed, the three cryptogram pipelines constituted by the three trusted roots is described. TCB is extended from hardware to system, until the key components of application by using the extension of trusted chain. All TCB communicate with each other through the "trusted pipe" which constituted by three trusted roots of Trusted Platform Module, the function such as system integrity measurement, platform attestation and external entities access to TPCM etc. are achieved by using of the pipelines, which can make TCB not to be tampered and interfered by other entities.
|
PDF Full Text Request