中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
基于可信计算的策略标签保护架构
Alternative Title: a trusted computing-based security architecture for policy-label protection
Author: 刘孜文 ; 冯登国 ; 于爱民
Keyword: 策略标签保护 ; 可信计算 ; 访问控制 ; 加密文件系统 ; 完整性度量
Source: 计算机研究与发展
Issued Date: 2011
Volume: 48, Issue:12, Pages:2219-2226
Indexed Type: CNKI ; EI ; WANFANG
Department: 中国科学技术大学电子工程与信息科学系;信息安全国家重点实验室(中国科学院软件研究所);
Sponsorship: 国家科技支撑计划基金项目(2008BAH22B06)|国家“八六三”高技术研究发展计划基金项目(2007AA01Z412,2007AA01Z465)|国家自然科学基金项目(60970028)
Abstract: 策略和标签是访问控制技术中的核心内容,决定了一个访问控制系统的实施内容.现今的大部分安全系统对策略的保护较为严格,但对标签的保护却缺乏一个完善、系统的保护方案,这导致即使策略本身是安全的、完备的,恶意者仍然可以通过篡改用作策略实施判断的标签来危害系统,系统安全仍然无法保证.为此提出了一个保护架构,着重保护系统中的安全标签.它通过使用加密文件系统、完整性度量等机制扩展可信计算芯片的控制范围,将标签置于可信计算的保护范围内,从而防止标签遭受篡改,确保其安全性.最后给出其基于Linux操作系统的原型实现.
English Abstract: Policies and labels are the most important parts in access control technique. Labels present some security properties of the subject and the object, meanwhile policies present some logical algorithms based on the security properties carried by labels. The enforcement of access control system can be mainly decided by these two factors. Nowadays most security systems can give a well protection to the policies, but almost none of them have systemic and well-defined methods to protect labels. They just believe that the operation system can do the work itself. The lack of label protection leads to a result that even the policies are secure and well-defined, malwares can still do harms to the system by tempering the labels. Then the system is unsafe in the end. An architecture mainly to protect the security labels in the system by using TPM (trusted computing module) chip is proposed. TPM chip is a kind of hardware provided by TCG (Trusted Computing Group). It can be used to build a TCB (trusted computing base) in a secure system. But the TCB here is too small to hold labels. By using some mechanisms such as encrypting file system and integrity measurement, we extend the edge of the TPM chip's control area and keep the labels into this area in order to enhance the safety of access control system. Implementation of a prototype system on the Linux OS is given and the experiments show the security and efficiency of our implementation.
Language: 中文
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16131
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
刘孜文,冯登国,于爱民. 基于可信计算的策略标签保护架构[J]. 计算机研究与发展,2011-01-01,48(12):2219-2226.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[刘孜文]'s Articles
[冯登国]'s Articles
[于爱民]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[刘孜文]‘s Articles
[冯登国]‘s Articles
[于爱民]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace