基于可信计算平台的静态客体可信验证系统的设计与实现

在安全操作系统中,通常采用了多种访问控制模型来保证静态客体的内容的机密性和完整性.但是,传统的访问控制政策不能保证静态客体内容的真实性.因此,安全操作系统中的客体并不可信.本文首先分析了操作系统中客体的类型,总结了安全操作系统中对静态客体的处理存在的问题,提出可信静态客体的概念并分析其特点.为了保证可信静态客体内容的真实性,提出了基于TPM的静态客体可信验证系统.该系统将生成可信静态客体的映像文件,映像文件记录某可信静态客体的来源、各次处理行为和内容变化的签名并存于TPM中.最后对该可信验证系统进行了安全和性能分析.分析表明,该可信验证系统可以保证可信静态客体内容的真实性,为进一步建立可信计算环境提供了基础.

Design and Implementation of the Trusted Authentication System for the Static Object Based on the TPM

Generally,the security operating system makes use of the multi-mixed access control policies to guarantee the confidentiality and integrity of the static object,but the traditional access control policies still have some deficiencies in accessing the object,and can't guarantee the authenticity of the object.So the object in the security operating system isn't trustworthy.In this paper,the object types in the operating system,which are sorted into the static object and the dynamic object,are analyzed,and some problems for accessing the object in the security operating system are pointed out.Based on that,the conception of the trusted static object,the trusted dynamic object and the trusted object is put forward,and the characters of the trusted object,the relationship between the secure object and the trusted object are addressed.Finally,some requirements for the trusted object,which need to be resolve in the trusted operating system,are presented and discussed.All of these are the foundation for our future works.