Windows环境下信任链传递及其性能分析

动态多路径信任链(DMPTC)是一个基于软件类型特点的系统可信验证和保证机制.DMPTC对静态的系统软件和动态的应用软件加以区分,并采用不同的方式和策略对软件的装载运行加以控制,使得计算平台只运行那些有可信来源的可执行代码,从而确保平台的可信和安全.DMPTC可以用来防范各种已知和未知的恶意代码,并可以用来加强对生产信息系统中应用软件的管理和控制.DMPTC可以克服传统的静态单路径信任传递在系统灵活性和实用性层面的缺陷,并且在系统性能方面进行了深入的考虑和深层的优化.系统性能分析和实际测试结果都表明,在Windows系统平台上实现的DMPTC对系统运行带来的性能损失小于1%.

Transitive Trust and Performance Analysis in Windows Environment

Dynamic multi-path trust chain (DMPTC) is a software type and character based mechanism to assure system trustworthiness. DMPTC differentiates static system software and dynamic application software and takes different ways and policies to control the loading and running of various executable codes. The goal of DMPTC is to build a trusted computing platform by making computing platform only load and run trustworthy executables. DMPTC can be used to: 1) resist malicious codes (including known and unknown virus) which are the most serious threats to information systems, so as to improve system continuity of operation; and 2) help to manage and control what applications can be executed in business systems, improve their cost-effectiveness and productivity efficiency. DMPTC mainly uses the hash value of executables to verify their authenticity and integrity which is always a time-exhausted process; However, DMPTC gives great consideration to the impact it causes to system performance. Based on the attributes of various executables and by taking advantage of Windows interior security mechanisms, DMPTC reduces the time cost of the executables verification process greatly. The testing of DMPTC implemented on Windows platform shows that the performance loss caused by DMPTC is lower than 1%, and it is this optimization result that ultimately assures the flexibility and utility of DMPTC.