èŠ‚ç‚¹æ–‡çŒ®

åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°ä½“ç³»ç»“æž„ä¸Žæ¨¡åž‹ç ”ç©¶

Research on Application Security Transparent Supportive Platform Architecture and Model

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ é¾šé›·ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ è§£æ”¾å†›ä¿¡æ¯å·¥ç¨‹å¤§å¦ ï¼Œ å¯†ç å¦ï¼Œ 2013ï¼Œ åšå£«

ã€æ‘˜è¦ã€‘ ä¼´éšç€å…¨çƒä¿¡æ¯åŒ–å»ºè®¾çš„ä¸æ–å‘å±•ï¼Œä¿¡æ¯å®‰å…¨æ—¥ç›Šå¼•èµ·åŒ…æ‹¬ä¸å›½æ”¿åºœåœ¨å†…çš„å„å›½æ”¿åºœçš„é«˜åº¦é‡è§†ã€‚ä»Žä¸Šä¸ªä¸–çºªä¹åå¹´ä»£èµ·ï¼Œæˆ‘å›½é™†ç»å‡ºå°äº†ä¸€ç³»åˆ—æœ‰å…³ä¿¡æ¯å®‰å…¨ç‰çº§ä¿æŠ¤çš„æ¡ä¾‹ã€æ³•è§„å’Œæ ‡å‡†ï¼Œç»è¿‡åå‡ å¹´çš„ä¸æ–å®Œå–„å’Œå‘å±•ï¼Œç›®å‰ç‰çº§ä¿æŠ¤åˆ¶åº¦æ£åœ¨å…¨å›½èŒƒå›´å†…å…¨é¢è´¯å½»å’Œè½å®žã€‚åœ¨ç‰çº§ä¿æŠ¤å·¥ä½œå¼€å±•è¿‡ç¨‹ä¸ï¼Œå¦‚ä½•åœ¨ä¸ä¿®æ”¹çŽ°æœ‰åº”ç”¨ç³»ç»Ÿçš„å‰æä¸‹ï¼Œä¸ºåº”ç”¨ç³»ç»Ÿçš„å®‰å…¨è¿è¡Œæä¾›å¯é è€Œæœ‰åŠ›çš„æ”¯æ’‘ï¼Œæ˜¯ä¿¡æ¯å®‰å…¨ç‰çº§ä¿æŠ¤å·¥ä½œä¸æ‰€è¦è§£å†³çš„æœ€ä¸ºå…³é”®çš„é—®é¢˜ä¹‹ä¸€ã€‚æœ¬æ–‡ä»¥ç‰çº§ä¿æŠ¤å·¥ä½œå®žé™…éœ€æ±‚ä¸ºç‰µå¼•ï¼Œä»Žæž„å»ºåº”ç”¨ç³»ç»Ÿå®‰å…¨è¿è¡ŒçŽ¯å¢ƒçš„è§’åº¦å‡ºå‘ï¼Œç ”ç©¶äº†åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°çš„ä½“ç³»ç»“æž„ä¸Žç›¸å…³å®‰å…¨æ¨¡åž‹ã€‚åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°ä»¥å¯ä¿¡è®¡ç®—æŠ€æœ¯å’Œå®‰å…¨æ“ä½œç³»ç»Ÿä¸ºåŸºç¡€ï¼Œé€šè¿‡ç¡¬ä»¶å¹³å°å’Œç³»ç»Ÿè½¯ä»¶çš„å®‰å…¨å¢žå¼ºï¼Œå®žçŽ°å¯¹ä¸Šå±‚åº”ç”¨çš„å®‰å…¨ã€é€æ˜Žã€å¯é æ”¯æ’‘ã€‚å…·ä½“æ¥è¯´ï¼Œæœ¬æ–‡çš„ç ”ç©¶æˆæžœåŒ…æ‹¬ä»¥ä¸‹å‡ ä¸ªæ–¹é¢ï¼š1.æå‡ºäº†åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°çš„ä½“ç³»ç»“æž„ã€‚è¯¥ä½“ç³»ç»“æž„ä»Žé«˜ç‰çº§ä¿¡æ¯ç³»ç»Ÿä¸‰å±‚é˜²æŠ¤ä½“ç³»æž¶æž„å…¥æ‰‹ï¼Œé’ˆå¯¹åº”ç”¨ç³»ç»Ÿé¢ä¸´çš„å…¸åž‹å®‰å…¨é—®é¢˜ï¼Œé‡ç‚¹ç ”ç©¶å®‰å…¨è®¡ç®—çŽ¯å¢ƒçš„æž„å»ºï¼Œå……å®žå’Œå®Œå–„äº†ä¿¡æ¯ç³»ç»Ÿä¿æŠ¤çŽ¯å¢ƒæ¡†æž¶ã€‚æ–‡ä¸æè¿°äº†åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°çš„å®šä¹‰ï¼Œå¹¶æ·±å…¥åˆ†æžè¯¥å¹³å°çš„ä½“ç³»æž¶æž„ã€‚é€šè¿‡ä¸Žç‰çº§ä¿æŠ¤ç›¸å…³æ ‡å‡†çš„æ¯”å¯¹è¡¨æ˜Žï¼Œåº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°ä½“ç³»ç»“æž„èƒ½å¤Ÿä¸ºåº”ç”¨ç³»ç»Ÿæä¾›å…¨é¢çš„ã€åˆ‡å®žå¯è¡Œçš„å®‰å…¨ä¿éšœã€‚2.ç ”ç©¶äº†é¢å‘å®‰å…¨è®¡ç®—çŽ¯å¢ƒçš„åº”ç”¨éš”ç¦»æ¨¡åž‹ã€‚åº”ç”¨éš”ç¦»æ¨¡åž‹æ ¹æ®æœ€å°æƒé™åŽŸåˆ™ï¼Œå°†ä¸åŒåº”ç”¨ç¨‹åºåŠå…¶å¯¹åº”çš„åº”ç”¨èµ„æºåˆ’åˆ†åˆ°å„è‡ªçš„åŸŸä¸ã€‚é€šè¿‡å¼ºåŒ–å¯¹åº”ç”¨ç¨‹åºå¯åŠ¨è¿‡ç¨‹çš„çº¦æŸï¼Œå®žçŽ°äº†åº”ç”¨ç¨‹åºçš„å¯ä¿¡å¯åŠ¨ï¼›é€šè¿‡åˆ¶å®šåŸŸé—´ä¿¡æ¯éš”ç¦»è§„åˆ™ï¼Œç¡®ä¿äº†åŸŸä¸åº”ç”¨ç¨‹åºåœ¨è¿è¡Œè¿‡ç¨‹ä¸çš„åŠ¨æ€å®‰å…¨ã€‚è¯¥æ¨¡åž‹å…·å¤‡æ²™ç®±æ¨¡åž‹çš„ç‰¹ç‚¹ï¼Œå…¶éš”ç¦»ç›‘è§†å™¨ä½äºŽæ“ä½œç³»ç»Ÿå±‚ï¼Œå…‹æœäº†åº”ç”¨å±‚éš”ç¦»æœºåˆ¶å¯é æ€§ä¸é«˜çš„ç¼ºç‚¹ï¼›åŒæ—¶å……åˆ†åˆ©ç”¨äº†è™šæ‹ŸåŒ–æ¨¡åž‹çš„ä¼˜åŠ¿ï¼Œé’ˆå¯¹éƒ¨åˆ†å…¬å…±èµ„æºè¿›è¡Œè™šæ‹ŸåŒ–ï¼Œåœ¨ä¿è¯ç³»ç»Ÿå®‰å…¨ç¨³å®šè¿è¡Œçš„å‰æä¸‹ï¼Œæé«˜äº†ç³»ç»Ÿè¿è¡Œæ•ˆçŽ‡ã€‚3.ç ”ç©¶äº†é¢å‘å®‰å…¨è®¡ç®—çŽ¯å¢ƒçš„ä¿¡æ¯äº¤äº’æ¨¡åž‹ã€‚ä¿¡æ¯äº¤äº’æ¨¡åž‹æ˜¯å¯¹åº”ç”¨éš”ç¦»æ¨¡åž‹ç ”ç©¶çš„æ·±åŒ–ï¼Œè¯¥æ¨¡åž‹ä»¥æ— å¹²æ‰°ç†è®ºä¸ºåŸºç¡€ï¼Œé€šè¿‡ç»†åŒ–åŸŸä¸åº”ç”¨è¿›ç¨‹å¯¹èµ„æºè®¿é—®çš„å®‰å…¨è§„åˆ™ï¼Œå®žçŽ°åŸŸé—´åˆæ³•ä¿¡æ¯çš„æ£å¸¸äº¤äº’ã€‚é’ˆå¯¹æ— å¹²æ‰°ç†è®ºæœ¬èº«å…·æœ‰é«˜åº¦çš„æŠ½è±¡æ€§ï¼Œä¸”å®‰å…¨æ¡ä»¶éš¾ä»¥ç›´æŽ¥æŒ‡å¯¼å®žè·µçš„çŠ¶å†µï¼Œä¿¡æ¯äº¤äº’æ¨¡åž‹å°†æ— å¹²æ‰°ç†è®ºçš„æž„æˆè¦ç´ ç½®äºŽåº”ç”¨ç³»ç»Ÿè®¡ç®—çŽ¯å¢ƒä¸ï¼Œå¼ºåŒ–å…¶ä¸Žè®¡ç®—çŽ¯å¢ƒç»„æˆå…ƒç´ çš„å¯¹åº”å…³ç³»ï¼Œç¡®ä¿åœ¨ä¿¡æ¯äº¤äº’è§„åˆ™çš„çº¦æŸä¸‹ï¼Œåº”ç”¨è¿›ç¨‹å¯¹èµ„æºçš„è®¿é—®ä¸ä¼šå—åˆ°æ¶æ„å¹²æ‰°ã€‚4.ç ”ç©¶äº†é¢å‘å®‰å…¨è®¡ç®—çŽ¯å¢ƒçš„è¯ä¹‰ä¼ é€’æ¨¡åž‹ã€‚è¯ä¹‰ä¼ é€’æ¨¡åž‹å°†åº”ç”¨å±‚è®¿é—®æŽ§åˆ¶è¯ä¹‰æ¸…æ™°æ˜Žç¡®çš„ä¼˜åŠ¿ï¼Œä¸Žæ“ä½œç³»ç»Ÿå±‚å®‰å…¨æœºåˆ¶å¼ºåº¦è¾ƒé«˜çš„ç‰¹ç‚¹ç›¸ç»“åˆï¼Œé€šè¿‡åœ¨åº”ç”¨å±‚ä¸Žå†…æ ¸å±‚å»ºç«‹å®‰å…¨ç®¡é“ï¼Œå®žçŽ°è®¿é—®æŽ§åˆ¶è¯ä¹‰çš„æ— æ§ä¹‰å®‰å…¨ä¼ é€’ã€‚åœ¨æ¤åŸºç¡€ä¸Šï¼Œç”±å†…æ ¸å±‚è®¿é—®ç›‘æŽ§å™¨å¯¹åº”ç”¨å±‚è¯ä¹‰è¿›è¡Œè§£æžï¼Œå°†åº”ç”¨æœåŠ¡å®žé™…ç”¨æˆ·çš„è®¿é—®è¯·æ±‚ä¸Žå†…æ ¸å±‚å®‰å…¨ç–ç•¥ç›¸å…³è”ï¼Œè¿›è€Œåšå‡ºæœ€ç»ˆçš„åˆ¤å†³ã€‚ä¸Žå•ä¸€çš„åº”ç”¨å±‚è®¿é—®æŽ§åˆ¶ç›¸æ¯”ï¼Œåœ¨è¯¥æ¨¡åž‹ä¸ï¼Œå³ä½¿åº”ç”¨å±‚è®¿é—®æŽ§åˆ¶è¢«æ—è·¯æˆ–ç¯¡æ”¹ï¼Œå†…æ ¸å±‚è®¿é—®æŽ§åˆ¶ä»ç„¶èƒ½å¤Ÿå®‰å…¨å¯é åœ°è¿è¡Œã€‚5.è®¾è®¡å¹¶å®žçŽ°äº†åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°åŽŸåž‹ç³»ç»Ÿã€‚è¯¥åŽŸåž‹ç³»ç»Ÿä»¥ä¸Šè¿°ä½“ç³»ç»“æž„å’Œå®‰å…¨æ¨¡åž‹ä¸ºæŒ‡å¯¼ï¼Œé€šè¿‡åœ¨ç¡¬ä»¶å¹³å°å’Œç³»ç»Ÿå¹³å°ä¸Šå¢žåŠ ç›¸åº”çš„å®‰å…¨æ¨¡å—ï¼Œæ¥å®žçŽ°å¯ä¿¡åˆå§‹åŒ–ã€æ¨ªå‘å®‰å…¨ã€çºµå‘å®‰å…¨ä»¥åŠå®‰å…¨é›†ä¸ç®¡ç†ï¼Œä»Žè€ŒéªŒè¯ç†è®ºç ”ç©¶çš„åˆç†æ€§ä¸Žå¯å®žæ–½æ€§ã€‚ç»¼ä¸Šæ‰€è¿°ï¼Œåº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°çš„ç ”ç©¶èƒ½å¤Ÿæ»¡è¶³ç‰çº§ä¿æŠ¤å·¥ä½œçš„å®žé™…éœ€æ±‚ï¼Œä¸ºç‰çº§ä¿æŠ¤å·¥ä½œçš„å…¨é¢ã€æ·±å…¥ã€å¯æŒç»æ€§å¼€å±•ï¼Œæä¾›åˆ‡å®žå¯è¡Œçš„ç†è®ºä¾æ®å’ŒæŠ€æœ¯ä¿éšœï¼Œå¯¹å›½å®¶çš„ä¿¡æ¯å®‰å…¨å»ºè®¾å…·æœ‰é‡è¦çš„çŽ°å®žæ„ä¹‰ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the fast development of informatization construction in the world, information securityproblems are being paid more and more attention by most governments including the Chinesegovernment. Since the1990s, the Chinese government has been issuing a series of ordinances,laws and criteria about information security classified protection. After decades of continuousimprovement and development, information security classified protection scheme is beingcarried out in the whole country nowadays. In the process of that work, it is the most urgent issuethat how to support the application system to operate safely and reliably without modifying theexisting application system itself.According to the actual requirement of information security classified protection scheme,the paper researches on the Application Security Transparent Supportive Platform (or ASTSP forshort) architecture and related security models from the perspective of constructing a safeoperation environment for the application system. ASTSP is based on trusted computingtechnology and security operating system, which enhances the safety of hardware platform andsystem software. ASTSP is capable of giving safe, transparent and reliable support to theapplication system. Specifically, some research results have been achieved as follows:1. Propose the ASTSP architecture. In order to solve the typical security problems ofapplication systems, ASTSP architecture focuses on how to establish security computingenvironment which origins from three arrangements protection architecture for high levelinformation system. The definition of ASTSP is described and the ASTSP architecture is givenout, which enriches and perfects the information system protection environment framework.Compared with some related information security classified protection criteria, ASTSParchitecture is able to provide comprehensive and practical safeguard for application systems.2. Study the application isolation model oriented to security computing environment. Themodel is based on the least privilege principle and separates different programs and relatedresources into their own domains. The model sets application program starting rules so that thestartup process can be trusted, and sets isolation rules so that the dynamic security for applicationprogram can be ensured. Compared with typical isolation models, the application isolation modelhas many advantages. On one hand, application isolation model has the feature of sandboxmodel, but the isolation monitor which is built on operating system layer has better reliability.On the other hand, the model uses the merit of virtualization model to virtualize some publicresources in order to satisfy the security requirement, but it has better operation efficiency.3. Study the information interaction model oriented to security computing environment. The model, which deepens the research on application isolation model, is based on non-interferencetheory. The model refines security rules between application process and resource in domains, sothat legitimate information can be transferred among domains. Although non-interference theoryis very abstract and its security conditions are not practical, the model reasonably combines theelements of non-interference theory with that of security computing environment. Therefore,under the restricted conditions of the information interaction rules, application process couldaccess resources without evil interference.4. Study the semantic transmission model oriented to security computing environment. Themodel utilizes merits that the access control semantic on application layer is very clear and thesecurity mechanism on operating system layer is much stronger. Then the model establishessecurity pipe between application layer and operating system kernel, which is used to transmitaccess control semantic unambiguously. After that, access control monitor in the kernel parsesthe semantic, associates the real user request for application server with the security policy andfinally make a judgment. Compare with the single access control mechanism on the applicationlayer, which could easily be bypassed or tampered, the access control mechanism in the kernelimplements more reliably.5. Design and realize the ASTSP prototype system. With the help of ASTSP architecture andsecurity models, the prototype adds some corresponding security modules to hardware andsoftware platform. The prototype realizes trusted initialization, landscape orientation security,portrait orientation security and security centralized management, which validates the rationalityand practice of ASTSP architecture and security models.In conclusion, ASTSP can meet the requirement of classified protection work and providethe work with practical theory basis and technical support. The research on ASTSP has realisticmeaning to the information security construction in our country.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ ä¿¡æ¯å®‰å…¨ç‰çº§ä¿æŠ¤ï¼› åº”ç”¨å®‰å…¨ï¼› å®‰å…¨ä½“ç³»ç»“æž„ï¼› å¯ä¿¡è®¡ç®—ï¼› å®‰å…¨æ“ä½œç³»ç»Ÿï¼› å®‰å…¨éš”ç¦»ï¼› æ— å¹²æ‰°ï¼› å®‰å…¨ç®¡é“ï¼›
ã€Key wordsã€‘ Information Security Classified Protectionï¼› Application Securityï¼› SecurityArchitectureï¼› Trusted Computingï¼› Security Operating Systemï¼› Security Isolationï¼› Non-Interferenceï¼› Security Pipeï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ è§£æ”¾å†›ä¿¡æ¯å·¥ç¨‹å¤§å¦

ã€åˆ†ç±»å·ã€‘TP309
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘321
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°ä½“ç³»ç»“æž„ä¸Žæ¨¡åž‹ç ”ç©¶

Research on Application Security Transparent Supportive Platform Architecture and Model

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åº”ç”¨å®‰å…¨é€æ˜Žæ”¯æ’‘å¹³å°ä½“ç³»ç»“æž„ä¸Žæ¨¡åž‹ç ”ç©¶