中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
面向可信计算平台的可信文件系统的研究与实现
作者: 张伟伟
答辩日期: 2007-06-07
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 可信计算平台 ; 可信平台模块 ; 可信文件系统 ; 堆式文件系统
其他题名: Research and Implementation of a Trusted File System in Trusted Computing Platform
摘要: 数据存储的安全是计算机安全的重要组成部分。加密技术是保护数据安全的一种有效方法,通过加密文件和检查文件校验值可以分别保护文件的机密性和完整性。但是,随着计算机安全威胁的日益增多,如何保证加密过程的安全性是一个亟需解决的问题。可信计算技术是解决计算机所面临的安全威胁和信任危机等问题的一项关键技术。本文研究了一种新的可信文件系统(Trusted File System, 简称TrustedFS)结构,并利用可信计算技术保护系统中关键安全组件和数据的安全。 TrustedFS系统主要实现了以下功能: 第一, 堆式文件系统结构。TrustedFS使用堆式文件系统技术堆叠在Ext2文件系统之上,增加了安全处理层,实现了底层文件系统的可信管理。 第二, 保护文件的机密性。TrustedFS在内核层加密文件,扩展了文件安全属性以保存文件的密钥;系统的密钥管理采用可信计算技术来辅助实现;加密的文件对象由系统根据规则自动设定或者由用户手动选择。 第三, 保护文件的完整性。TrustedFS利用内核加密接口校验文件的完整性,使用文件的扩展属性来保存校验值。 第四, 安全的认证和授权。TrustedFS把用户的认证与可信平台模块的认证和授权结合在一起,实现了更安全的用户认证过程。 TrustedFS系统的研究与实现具有以下意义:一方面,TrustedFS系统结合多种安全措施,实现了更全面、更安全的文件保护;另一方面,随着可信计算平台的推广,需要利用其安全特性的可信软件系统与之配合,TrustedFS系统从文件系统角度探讨了如何使用可信计算技术来提高文件的安全性。
英文摘要: The security of data storage is always an important component of computer security. Encryption technology is an efficient method of protecting data security. It can be used to protect the confidentiality and integrity of files through encrypting files or verifying the checksum of files. However, with the increase of computer security threat, how to assure the security of encrypting process becomes a desiderated problem to be resolved. Trusted computing technology is a key technique which is used to solve the matters of secure threat and trust crisis. This paper researches on a new architecture named by Trusted File System (TrustedFS for short), and utilizes the trusted computing technology to protect the key secure components and data in the system. TrustedFS mainly implemented functions as below: First, stackable file system architecture. TrustedFS is stacked on Ext2 file systems through stackable file system technology, and adds new secure transaction layer to carry out trusted management of lower file system. Second, protection of file confidentiality. TrustedFS encrypts files in kernel level and extends file secure attributes to store keys. The key management of the system is assisted by trusted computing technology. And the file objects to be encrypted are selected through default rules by system, or chosen by user itself. Third, protection of file integrity. TrustedFS makes use of Linux kernel CryptoAPI to verify file integrity, and stores the checksums in extended attributes. Fourth, secure authentication and authorization. TrustedFS combines user's authentication and authorization of trusted platform module together, in order to secure the process of user's authentication. The meaning of researching on TrustedFS is described as follows. On the one hand, TrustedFS improves the security of file protection by many security techniques. On the other hand, as the popularization of trusted computing platform, new software systems which work in trusted computing platform are required. TrustedFS probes into how to use the trusted computing technology to enhance the security of file from the view of file systems.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6266
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029060张伟伟_paper.doc(2360KB)----限制开放-- 联系获取全文

Recommended Citation:
张伟伟. 面向可信计算平台的可信文件系统的研究与实现[D]. 软件研究所. 中国科学院软件研究所. 2007-06-07.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[张伟伟]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[张伟伟]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace