| Ensuring the security of computing platform is the most important issue in Mobile Office field. The reason is that enterprises use SOA, Web Services, and other online service platforms to provide mobile office for employees in different workplaces.In such workplaces, a secure and trusted platform is the prerequisite for providing mobile office. In addition, due to the diversity and independence between different computing platforms, certain required software applications may be missing and hinder the smooth provisioning of Mobile Office. Hence, a well-equipped, secure, and trusted platform is the prerequisite for providing Mobile Office. Based on the preceding considerations, we propose the Trusted Portable Computing Environment (TPCE) derived from Trusted Computing Theory, Virtual Machine Technology, and Secure Virtual Execution Environment (SVEE).TPCE is composed of trusted hardware, virtual execution environment, and trusted applications. TPCE, whose implementation does not leave any traces on the host PC, ensures the security of user operation and data resources, achieves the mobility of applications and personal settings, and protects against the attacks from untrusted host environments. The layered architecture and the trust model of TPCE are advanced, whose corresponding key technologies are analyzed elaborately.Hardware-level security policy guarantees the security and credibility of computing environments fundamentally. Hence, the smart card technology is adopted to build a Trusted Portable Security Base (TPSB) focusing on the characteristics of small mobile intelligent devices, thus enhancing the security and credibility of TPCE architecture. Based on TPSB, we establish the trust model of TPCE Drawing on Trusted Computing Theory and noninterference model of information flow. Then, the essential components, management of keys, measurement, and transmission mechanism evolved in this trust model are analyzed in detail. This paper focuses on security features and mechanisms of hardware virtualization-based isolation model, application virtualization-based SVEE, and file management in zero-start state. We propose a trusted virtual machine monitor (TVMM), a BLP-based access control model, and a theoretical model of the SVEE. We also put forward a Dynamic Trusted Protection System to ensure the dynamic credibility and security of TPCE and to implement its applications according to dynamic trusted isolation model of threads.Ensuring the security of mobile storage devices have always been the focus in the information security field. Hence, a data ferrying security model is presented to ensure the security of confidential documents in the zero-start state of TPCE, based on the TNC and GAP theory. Meanwhile, aiming at the security of PIN's I/O and authentication using smart cards, we propose a PIN authentication method based on Graphics Interference to protect against malicious attacks on PINs. We also design a transmission method and protocol of control instruction on standard data interfaces for smart cards to address compatibility issues between different Trusted Portable Computing Devices (TPCD). In this manner, TPCD is easily identified and works smoothly on common USB2.0 interfaces.In the end, a prototype system for TPCE is initially completed based on the above theory and methods.
|
PDF Full Text Request