中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
高等级安全操作系统中可信恢复关键技术研究
作者: 袁春阳
答辩日期: 2007-06-04
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 安全操作系统 ; 可信恢复 ; 可信计算 ; 形式化规范与验证 ; 安全审计
其他题名: Research on Key Technologies of Trusted Recovery in High-Level Secure Operating System
摘要: 可信恢复结合了安全操作系统的可用性和安全性需求,强调了系统失效后进行安全无损的恢复,它也是对高等级安全操作系统的重要要求。本文以SECIMOS和CAS-EARTH两个安全操作系统的实际开发过程为基础,从基本定义和要求、可信恢复系统模型、可信恢复方法类型、恢复保证和触发时机等方面入手,对可信恢复的关键技术开展研究,为高等级安全操作系统的研发提供了参考。本文所取得的主要成果有: 第一,围绕操作系统恢复,总结了现有恢复技术和方法的特点,分析目前操作系统恢复技术的研发趋势。从安全相关性和可信赖性,对可信恢复的基本性质进行了深入研究,说明了可信恢复的目的和方法,阐明了可信恢复与其他安全组件之间的相互关系。给出了一个具体的可信恢复定义,全面地概括了可信恢复的基本性质,为设计和实现可信恢复机制与过程提供坚实的理论指导。 第二,由可信恢复的定义延伸,提出了一种基于动作时序逻辑的可信恢复系统模型TLA-TRM,刻画了恢复过程中状态转换的时序逻辑关系,明晰了可信恢复系统的基本内容和要求。 第三,根据可信恢复系统模型,通过IBAC,TE,RBAC和PCW模型的融合,在乐观安全策略下,利用补偿性良构事务,提出了对恶意偏构事务的完整性可信恢复监控机模型。在撤销偏构事务对文件完整性的恶意操作时,为追踪受其影响的数据和操作,提出了两种不同的恢复算法。该模型既结合了安全监控机实施访问控制的要求,又满足了对完整性进行可信恢复的要求。 第四,为保证安全操作系统恢复后初始状态的安全性,本文结合可信计算平台,采用了利用TPM和非对称加密算法进行可信启动的方法。针对目前常见的备份/恢复方式,借助可信计算对平台的可信认证,提出恢复数据的远程可信备份和获取框架及相关协议,保证了系统能够使用可信的备份数据进行恢复。 第五,采用轻量级形式化方法,通过在设计阶段对可信恢复机制的形式化规范和验证,来保证其能够达到可信恢复的目的。提出了以安全策略核心,围绕可信恢复对安全审计系统的要求,设计与实现了一安全审计系统,为检测安全策略违反,触发可信恢复机制奠定了基础。
英文摘要: Integrating the availability and security requirements of Secure Operating System, trusted recovery assures that recovery without a protection compromise is obtained after system failure or other discontinuity. It is also one of important requirements of high-level secure operating system. With the experiments of implementing two secure operating systems, SECIMOS and CAS-EARTH, research on the key technologies of trusted recovery is conducted in this dissertation from following prospective: the basic definition, requirements, system model, methods and trigger time of trusted recovery. These works provide a useful reference for researching and developing high-level secure operating system. As a result, the main achievements that have been obtained are as follows: First, surrounding in operating system recovery, this dissertation has summarized the characteristics of current recovery technologies and methods. The analysis of future trend of recovery technologies in the operating system is given. From the properties of security-relevant and survivability, the fundamental properties of trusted recovery has been researched thoroughly. And the target and the methods of trusted recovery, and the relationship between trusted recovery and other secure components are described. A new concrete definition of trusted recovery is presented in this dissertation, which includes the basic property comprehensively. It provides a stable theoretical basis for design and implantation of trusted recovery. Second, from the definition of trusted recovery, a system model based on temporal logic of actions, TLA-TRM, is given. It can depict the temporal logic relationship between state transitions during the recovery procedure. The contents and requirements of trusted recovery are described more clearly. Third, according to the trusted recovery system model, a trusted integrity recovery model for malicious partial-formed transaction is presented under the optimistic security policy. It combines the security model of IBAC, TE, RBAC, and PCW, in which compensating well-formed transaction is used. When undo the malicious operations of partial-formed transaction on file integrity, two different recovery algorithms are given to trace the affected data and operations. This model not only integrates the access control requirement of secure monitor, but also meets the requirements of trusted recovery for integrity. Fourth, in order to ensure the security of operating system’s initial state after trusted recovery, a kind of secure operating system booting integrity verification model can be used, in which Trusted Platform Module and asymmetric encryption algorithm is combined. For frequent backup/recovery, adopting the platform attestation in trust computing, the framework and protocols of backup and restore data remotely are presented. It assures that the system can use the trusted backup data to recovery. Fifth, using light-weight formal method, the formal specification and verification of trusted recovery mechanisms in the design phase is used to guarantee that the goal of trusted recovery can be achieved. And according to the trusted recovery requirements to audit system, a security audit system has been designed and implemented, surrounding the security policies. It provides the basis for detecting the security policy violation and triggering trusted recovery mechanisms.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6192
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200318015001005袁春阳_paper.pdf(2014KB)----限制开放-- 联系获取全文

Recommended Citation:
袁春阳. 高等级安全操作系统中可信恢复关键技术研究[D]. 软件研究所. 中国科学院软件研究所. 2007-06-04.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[袁春阳]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[袁春阳]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace