中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 基础软件国家工程研究中心  > 学位论文
学科主题: 计算机应用::计算机应用其他学科
题名:
网络安全操作系统关键技术研究
作者: 李尚杰
答辩日期: 2010-11-25
导师: 贺也平
专业: 计算机应用技术
授予单位: 中国科学院研究生院
授予地点: 北京
学位: 博士
关键词: 安全操作系统 ; 安全策略体系结构 ; 可信主体 ; 隐私保护远程证明
摘要:

 本文针对安全操作系统开发和安全操作系统网络适应性方面涉及的关键问题进行研究。从信息系统整体来看,安全操作系统是解决各种安全威胁的基础。在网络环境中,计算机系统面临复杂、多样的安全威胁,尤其是机密信息泄露的威胁。网络环境对安全操作系统的研究和开发实践提出了新的挑战和要求:1) 网络环境中需要多层次安全策略实施框架,而以安全内核为基础的安全操作系统总是将安全功能集中在最小的安全内核中;2) 安全操作系统机密性策略导致的单向信息流动与网络环境下的双向信息交互之间存在冲突,需要引入大量的可信主体;3) 网络环境中独立的节点间缺少必要的信任。

    本文对上述几个方面的关键问题进行研究,并取得如下的创新:

    第一,针对网络环境中多层次安全策略实施要求,探索基于虚拟机环境的安全操作系统体系结构。提出一种基于虚拟机的双内核体系结构,这种体系结构以隔离作为基础,将操作系统分解为可以单独设计、开发、测评的组件。还提出一种基于消息的策略体系结构来约束组件的开发和设计。分析了虚拟机环境下动态内存管理的隔离性问题,提出一种基于BLP模型的安全的内存管理方案。

    第二,对安全操作系统的可信主体进行了研究。 该研究涉及到判定可信主体、确定可信主体的安全需求以及评估可信主体对于整个系统的安全风险等多个方面。本文以信息流分析为基础,利用TE安全规范与MLS策略间的信息流冲突定位可信主体,确定可信主体的安全标签范围,采用风险分析法确定每个可信主体的安全保障级指派。

    第三,针对网络环境中信任缺乏的问题,研究建立远程信任的平台证明技术,尤其关注平台证明的隐私保护问题。本文提出一种隐私隐藏的度量体系结构,并给出了相应的远程平台证明方案,改进了基于TCG的IMA度量体系结构    存在的配置隐私泄露问题。在此基础上,提出一种二进制证明与属性证明结合的混合证明方案。该方案既具有平台配置隐私保护能力又不需要属性证明所必须的在线可信第三方。

    第四,对属性证明的配置隐私保护能力进行研究。本文提出了几种可以被用来攻击属性证明隐私保护的方法:奇异属性法、增量分析法和统计分析法,证实了属性证明并不具有完全的配置隐私保护能力, 需要在设计中满足一定条件才具有隐私保护能力。上述研究也可为属性证明的设计提供参考。

英文摘要:

This thesis focuses on the key problems about the development of a secure operating system and its network adaptability. In general, secure operating systems are the foundations to solve the security threats. In the network environments, computer systems are confronted with complex,various  security threats, especially threats of leaking confidential information.  Network environments have introduced new challenges and requirements to secure operating systems, which are listed as follows:1)network environments need a multiple layered security policy enforcement framework, while traditional operating system depends on a small security kernel which contains all security functions. 2) the classic confidential  policy of a secure operating system imposes one-way information flows,  which conflict with the requirements of interactive information flows; as a result,  a lot of trusted subjects must be introduced. 3) trust is absent among platforms in networks.

    To settle above problems, we conduct studies on the key technologies of  secure operating system  and achieve the following major  achievements:

    Firstly, in order for the multi-layered policy enforcement requirements, we investigate the secure operating system architecture and propose  an architecture with dual kernels  for the secure operating system based on virtual machine. Because this architecture is based on separation, the functions of the operating system can be discomposed into components which can be designed,developed and certified independently. And then, a security policy architecture based on message  is proposed as a means to restrain the developments and designs of the secure operating system. We also analyze the separation of virtual machine dynamic memory management and  present a secure memory management scheme  based on BLP model.

    Secondly, we explore the trusted subjects on the secure operating system.  This work involves finding out trusted subjects, determining their security requirements and assessing overall risk levels due to these trusted subjects. Based on information flows analysis,this thesis finds out trusted subjects by conflicts between the information flows of MLS policy and TE specification. And then security requirements such as security label range and security assurance level are presented according to the risk analysis.

    Thirdly, We investigate the remote attestation in order for the trust absence in network, and especially pay attention to the privacy of remote attestation. A privacy hidden integrity measurement architecture is proposed to improve original IMA for it's privacy disclosure, and then attestation process is enhanced. Based on this work, a hybrid attestation model of binary attestation and property attestation is proposed to provide privacy-preserving in attestation without an online configuration-property translation trusted third party.

    Finally, we discuss the privacy of property-based attestation.  Several methods that attackers can exploit are presented : singular-property method, incremental analysis and statistical analysis. The results demonstrate that property-based attestation isn't privacy preserving intrinsically and that privacy should be taken into consideration too. In addition, these methods provide a guideline for designing property-based attestation.

语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/5553
Appears in Collections:基础软件国家工程研究中心_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
Thesis-Lishangjie.pdf(1405KB)----限制开放 联系获取全文
Thesis(6.2).pdf(1407KB)----限制开放 联系获取全文

Recommended Citation:
李尚杰. 网络安全操作系统关键技术研究[D]. 北京. 中国科学院研究生院. 2010-11-25.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李尚杰]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李尚杰]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace