Dissertation > Excellent graduate degree dissertation topics show

The Security Architecture and Practical Model for Important Information System

Author: ZhaoYong
Tutor: ShenChangXiang
School: Beijing Jiaotong University
Course: Applied Computer Technology
Keywords: Important information system security architecture trusted computing trusted application environment task isolation confidentiality protection integrity protection key management scheme identity-based crypto system
CLC: TP393.08
Type: PhD thesis
Year: 2008
Downloads: 1020
Quote: 8
Read: Download Dissertation

Abstract


A system is defined as an important information system when its security grade is above the third grade in the national classified information system protection in China. Any security destroying has an impact on social order, public benefit, even the national security and stability. Thus, the important information system must be protected in a high level. In China, Professor Shen Changxiang, a famous information security expert who is the academic member of Chinese Academy of Engineering, proposed the idea of using the platform security as the key to solve the security problem in important information system. This idea is consistent with "trusted computing", which was put forward by TCG. Trusted computing assures the information system security by improving platform security.However, the information system security evolution shows that there still exists some important security problems: 1) lacking a security architecture that is fit for important information system. It is known that the security defense intensity of the information system depends on the weakest part of Maginot line. If there is no appropriate security architecture as a guide, it is difficult for the various security components in the information system to coordinate with each other and to work in order. Then, it often appears the "safety shortcomings" phenomenon, resulting in the vulnerability in the security and all the protection efforts in the information system are in vain. 2) Trusted computing and security mechanisms come apart. The complexity of important information system increases the difficulty in implementing trusted computing. As a result, it is difficult to provide a good assurance service for upper applications. At the same time, most of the current secure operating systems are still using the traditional security architecture before trusted computing. Thus, the current OSes do not take full advantage of the credible function provided by trusted computing to enhance their own safety, making the trusted computing exist in name only. 3) Security and usability are insufficient. To some extent, security and usability are contradictory, and sometimes it’s necessary to reduce the usability to enhance the security. For example, in order to reduce the risk of destroying system confidentiality, most of the current important information systems prohibit using mobile storage devices and prohibit terminals from accessing the public network, which reducing the seriously. Therefore it’s extremely necessary to enhance the system’s security without reducing its usability. With the guideline of "three vertical and three horizontal safeguard system" architecture, from the information system application environment security angle, this dissertation tightly focuses on the problems mentioned above and studies the security architecture and practical models of important information system systematically and comprehensively, and made the following contributions:Firstly, a security architecture for important information system is proposed, which is composed of trusted application environment, trusted boundary control and trusted network transmission. On this architecture, the trusted application environment architecture is refined, fully reflecting the idea of organic integration for trusted computing and security, namely the trusted computing is the basic assurance for security, and security mechanism is helpful for trusted computing in providing better service for upper application.Secondly, an isolation model based on trusted application environment is proposed, which provides a theoretical guidance for shielding and eliminating the harmful interference among tasks, and therefore maintaining the task behavior’s dynamic trust ability. According to the behavior characters of applications in information system, this model sets up a correlation between the application and resource, which are strongly related to each other, through the partition of resources in information system. Also, the model assumes that it is impossible for a trusted task to send out information flows to interfere with other task’s normal operation. Thus, in the model the task can only communicate with the environment by reading the other application’s correlative resource and the first task in the information flow must be trusted, eliminating harmful interference among tasks. Then the model is more practical.Thirdly, the thesis proposes a system security model based on trusted application environment. The model takes the mode of "three entities", which restricts the user’s permission by defining what application he can run, and to restrict the task’s permission by limiting the resources it can accesses. In order to make sure that an access control mechanism can take full use of the context task running in to check the safety of information flow and to give more accurate access control decision, this model has extended the system TCB to application level with the support of trust train transmission mechanism. In addition, the model defines that the task integrity level is related to user confidence level, application confidence level and the task’s running state. This avoids the disadvantage that the confidential level is equal to the integrity level of entity in traditional BLP and BIBA model, making it easy for two-way information flow.Finally, this thesis proposes a key management scheme for important information system, which is especially secure and easy to use and update. Taking full advantage of the identity-based code system, this scheme effectively integrates identification authentication with storage protection and avoides the security flaws existing in the authentication module. In addition, the scheme uses the idea of digital envelope to get the real storage protection key encapsulated with valid user’s public key. Only the authenticated users in terminal can get the correct key with their own private key. This idea does not expose the storage protection key to user, which reduces the risk of leaking storage protection key to unauthenticated users. The scheme makes full use of the encryption storage functions provided by trusted computing to store the encapsulated key in TPM. Thus, only after providing the valid authentication information, the user can get the proper key, which improves the security of this scheme.

Related Dissertations

  1. The Design of Computer Forensics Model Based on Windows Log,D918.2
  2. The special trusted computing research and design of the network,TP393.08
  3. File Protection System Research Based on Hardware Assisted Virtualization,TP309
  4. Trusted Platform on Research and Implementation of copyright protection model,TP309
  5. Design and Implementation of a Bytecode-based Software Monitoring and Trusted Evolution Framework,TP311.52
  6. Hard security access control Research and Implementation,TP333.35
  7. Udisk trust chain dynamic tracking technology research and implementation,TP309
  8. Safety -oriented cloud computing terminal key technologies,TP309
  9. Research and Implementation of PrivacyCA System in Trusted Computing,TP393.08
  10. Based on Trusted Computing intranet information security research,TP393.08
  11. Design and Analysis of Some Security Protocols Based on CPK in Trusted Computing Environment,TP309
  12. TCG Software Stack (TSS) Specification Analysis and Implementation,TP309
  13. The Design and Implementation of China Mobile Phone Tongbao Certification and Authentication Service Platform,TP311.52
  14. Research and Realization on Security Mechanism of Embedded Rtos VxWorks,TP316.2
  15. Research and Application of Trust Computing in Direct Power Purchase for Large Consumers,F426.61
  16. Policy-based grid security architecture,TP393.08
  17. The Research and Implementation of Trusted Security Enchancement System Based on USBKey,TP393.08
  18. Perfection and improvement of the e-commerce security issues in research -SET protocol,TP393.08
  19. Design and Implementation of Testing System for Trusted Computing Platform,TP311.53
  20. Design and Implementation of Testing System for Trusted Platform Module,TP309
  21. Research on Function Model of Trusted Computing Mechanism in Vista,TP309

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile