| 基于可信计算的密级标识信息控制模型 |
| |
| 引用本文: | 邓子建,谭兴烈,董贵山.基于可信计算的密级标识信息控制模型[J].信息安全与通信保密,2011,9(11):83-85. |
| |
| 作者姓名: | 邓子建 谭兴烈 董贵山 |
| |
| 作者单位: | 成都卫士通信息产业股份有限公司,四川成都,610041 |
| |
| 摘 要: | 借助可信计算的完整性检验、认证及访问控制和密封存储等关键技术,在现有PC体系结构下提出了支持可信计算的密级标识信息控制模型,并提出密级权限域的概念。该模型利用PC机USB接口外接TCM,结合身份认证、基于角色的访问控制和信道加密技术,从不同层次和角度进行涉密文档保护,实现用户细粒度控制和信息流控制。同现有的技术相比较,该模型能够满足国家相关标准的技术要求,实现更灵活、更安全的信息控制,并能够适应新的Cyber Security环境下的安全挑战。
|
| 关 键 词: | 可信计算 密级标识 分级保护 信息控制 |
Classification Identification and Information Control Model based on Trusted Computing |
| |
| DENG Zi-jian,TAN Xing-lei,DONG Gui-shan.Classification Identification and Information Control Model based on Trusted Computing[J].China Information Security,2011,9(11):83-85. |
| |
| Authors: | DENG Zi-jian TAN Xing-lei DONG Gui-shan |
| |
| Affiliation: | DENG Zi-jian,TAN Xing-lei,DONG Gui-shan(Chengdu Westone Information Industry INC.,Chengdu Sichuan 610041,China) |
| |
| Abstract: | With the aid of trusted computing technologies,such as integrity,authentication,access control and sealed storage,the classification identification and information control model in support of trusted computing is proposed under the current PC architecture,including the concept of classification authority domain. This model,by PC USB interface and in combination of identity authentication,role-based access control and channel encryption,could protect the classified documents from different levels and implement information flow control. Compared with the existing technologies,this model could meet the technical requirements of the related national standards,achieve more flexible and secure information control,and adapt to new security challenges in Cyber security environment. |
| |
| Keywords: | trusted computing classification identification gradational security protection information control |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
