Research On Virtual Trusted Platform And Data Leak Prevention

With the rapid development and increasingly fusion of computer technology and network technology,the information security problem becomes more and more serious.During the storage,processing and exchange process,the issues of leaks,theft and destruction occur undermining the losses of the individual and enterprises.In order to solve the problem of data leakage,researchers come up with the solution from different point of views of technology based on the combination of data encryption,access control,content monitoring and virtualization technology.However,data leakage incidents still occur.The reason is that the existing platform is an open structure,fundamentally unable to avoid security threats,and traditional security measures are not sufficient to protect the security of the data,lack of the credible good environment and a safety verification mechanism.Trusted computing platform provides a security enhancement hardware base,and in such a platform build a trusted environment with the combination of software and hardware.Trusted computing environment ensures on which the calculation conducted has the characteristics of authenticity,confidentiality and controllability,with these features making up for the inadequate problem caused single prevention methods,providing a new method for data leakage protection technology.And with the combination of virtualization technology,making full use of virtualization excellent encapsulation,isolation,hardware independence and privilege function,greatly improve the security of the data.Based on the trusted computing and virtualization thought and technology,firstly refine the existing virtual trusted computing platform system structure and then propose the trusted chain measurement scheme on the platform,and through the analysis of the operating system startup process,integrity measurement factors and start process,using Trusted GRUB to achieve this program trust chain construction process.Then,using the feature of the trusted platform module,combine the data encryption technology with the traditional method of seal combination,put forward a local storage of data leakage protection model and improve the sealing algorithms on the platform.Meanwhile,in the network storage process,using the above proposed data protection idea,form a client data protection model and a server data protection model to ensure the safety of the data when stored in the network.The main research results and innovations are as follows:(1)Refine the virtual trusted platform system structureFor the advantage brought by the mixture of the trusted computing and virtualization technology to the data leakage protection as well as the disadvantage existing in the integrity verification of the platform,improve the existing virtual trusted platform system structure,setting up a credible storage environment for the sensitive data in the platform.TVP,a whole solution of constructing a trusted chain,is proposed to measure the bootstrap program of the physical machine,VMM,virtual machine privileged domain and non-privileged domain in this platform system structure.In order to ensure the safety delivery of the trust chain,design the TPRTM,a trusted program recording management algorithm using non-volatile memory stored program reference value and the ability of encryption and decryption of the TPM,to protect the measurement of the trust chain.(2)Propose a virtual trusted platform trust chain measurement algorithmIn view of the incompletion of the trust chain on the current virtual trusted platform,this paper proposes the construction and measurement algorithm of the virtual trusted platform trust chain.Based on the construction of the above-mentioned virtual trusted platform,form a whole trust chain according to the systematic completion measurement elements and crucial content needed to be measured in the process of start-up,and design a benchmark measure calculation algorithm to realize the integrity verification of the platform.Use Trusted GRUB to expand the original GRUB bootstrap program,completed the construction process from the start-up of the hardware platform to that of the virtual client.And in the process of start-up,measure the specified referred key documents and expand its integrity measurement results to the corresponding PCR,to achieve the integrity of the platform verification.Experimental results show that if the platform trust chain was tampered with or damaged,the system will issue a warning signal at the start-up,to guarantee the credibility of the platform.(3)Propose a data leakage protection model and sealing algorithm for local storage data protectionAiming at the problems existing in the local storage of data leakage protection technology,data leakage protection model is put forward.The research is conducted mainly on the local storage data protection scheme,in which combination of the computing technology and traditional data encryption method is made to form a local storage protection model of which the encrypted data is bond with the platform condition,which can prevent the combination from the maliciously damaging and stealing from the virus or Trojan horse,and can protect the user against the loses caused by the breaches of the essential data.And refine the data encryption method used in the model and resolve the problem of re-decryption and re-encryption due to the update of the platform.Experiments show that compared with the traditional data leakage protection method,the security of the local data storage is strengthened and the leakage risk result from the internal threat is declined.During the data encryption process,although using the refined algorithm the time of encryption for the first time is longed,the secondly encryption time is better than others.(4)Put forward a network storage data leakage protection modelPut forward a network storage data leakage protection model in the view of the data security during the network storage.The method mixed with the trust computing,Virtualization technology and encryption technology,is divided into the user side data protection model and the service side data protection model,ensuring the security of the combination meanwhile guaranteeing the network data storage security.Through security evaluation,the method not only improves the network data storage security and presents an influence of high-encryption with inertia.In conclusion,after the research conducted on the trust chain of virtual trusted computing platform,a reliable executable environment is constructed,where the research done to study the data leakage protection can perform efficiently and can guarantee the security and stability of the data and the combination on the platform.