【作者】 张兴；

【导师】 沈昌祥；

【作者基本信息】 解放军信息工程大学 ， 密码学， 2009， 博士

【摘要】 Hyposys系统。是一个分布式的计算机信息系统,由分布很广的若干个网络节点组成,上面运行着多个专用业务软件,这些业务软件运行过程中,生成大量的文件和数据库需要进行严格的访问控制,该系统内部安全程度要求很高,但又不得不连接到互联网,这样,系统成为攻击和渗透的重点对象,因此系统从BIOS、操作系统到终端、服务器,再到网络采用了种种安全措施解决系统的安全问题,即便如此,系统依然面临着来自内部的非法篡改和来自外部病毒木马干扰等一系列重大安全问题。针对这一应用背景,本文主要探讨利用可信计算达到系统运行可信目标,研究保障系统安全运行的可信平台的模型和体系结构。首先借鉴无干扰安全策略模型,提出了一种适用于可信计算平台系统设计的理论模型----基于进程的无干扰可信模型(NITM),该模型将系统抽象为进程、操作、状态和输出,形式化地定义了进程运行可信,利用逻辑推理方法获得了系统达到运行可信所需满足的三条性质,结果隔离性、单步隔离性和无干扰隔离性,便于将模型映射到实际系统。依据无干扰可信模型,提出了以可信根为核心支撑的可信平台体系结构,将密码机制融入到计算机体系结构的设计之中,给出可信计算平台体系结构的总体实现框架。基本思路是以密码为基础实现可信功能,以可信功能支撑系统平台的无干扰可信运行,保障系统运行安全。以可信平台控制模块为信任根,实现可信度量根、可信报告根和可信存储根,以这三个信任根为基础实现可信管道,实现应用与TPCM之间的交互,在此基础上,利用密码协议和相关命令形成一个不受其它进程干扰的运算管道,保证经过管道的输出结果预期,由此提出无干扰可信管道的工程模型,并用计算不可区分性证明了无干扰可信管道被干扰的概率可以归结为密码破译,从而将无干扰理论向工程应用推进了一步。然后分章节描述了可信平台体系结构的各个关键部分,包括可信平台密码方案、可信平台控制模块、可信平台基础支撑软件。本文基本思路是以密码为基础实现可信计算功能,支撑系统可信运行,保障系统安全。以可信平台控制模块为可信根,由信任链扩展形成TCB(Trusted Computing Base),由可信管道实现不同层面TCB无缝连接,使TCB不受其它实体干扰。TCB扩展实质上将系统与安全相关的功能基于可信根实现,从而大大减少了TCB的规模,更便于形式化描述、验证,并且可实现。本文是笔者参加多项可信计算科研项目基础上完成的,项目包括全国信安标委下达的可信计算标准研究制定任务,国家科技计划2007CB311100、2006AA01Z440等,所述工作以重大应用为背景,研究相应理论模型,提出工程模型,突破多项可信计算平台的关键技术,主要创新点如下:第一、在理论模型方面提出了系统运行可信的判定条件,用逻辑推理和形式化方法研究系统运行可信,提出了基于进程的无干扰可信模型,该模型建立在严格的逻辑推理基础上,不依赖于安全机制和实现.任何一种符合这个模型的实现,都可以达到系统运行可信的目标。第二、在工程模型方面提出了无干扰可信管道模型,用形式化方法描述可信管道是非传递无干扰可信模型的实例,并用计算不可区分性证明了可信管道模型被干扰的概率可以归纳为密码破译,达到无干扰要求,该工程模型可以用于可信平台体系结构的设计。第三、改进了可信平台密码实现方案,提出双证书的平台证书管理方案,简化了平台密钥迁移;提出授权数据复用的授权数据管理方法和统一的授权协议,解决了大量授权数据管理中的同步问题,并用BAN逻辑方法分析了授权协议的安全性。第四、提出可信平台控制模块(Trusted Platform Control Model,TPCM)设计方案,解决可信根问题。改变了TCG规范中的可信平台模块作为被动设备的思路,将可信平台模块设计为主控设备,实现了TPCM芯片对整个平台的主动控制作用。将可信根全部设计在芯片内部,使其受到强度更高的物理保护。第五、研究可信平台基础支撑软件设计方案,提出可信监控器(TRM)模型,描述了由三个可信根为基础构成的三个可信管道,利用这些管道完成系统完整性度量、平台证实,外部实体对TPCM访问等功能,使得TCB不被篡改,不受其它实体运行干扰。更多还原

【Abstract】 Hyposys represents a special distributed network system, which is composed of many network notes who locate in different places in a country. Firstly, a lot of important data, which must be kept secret, is produced by different bossiness software that is running in Hyposys. Secondly, Hyposys is required to connect to external network though its internal security level is very high. Accordingly, Hyposys may face many potential threats from external penetration attacks and internal compromise. To deal with these threats, a lot of security mechanisms have been deployed on BIOS, Operating System, PCs, Servers and network. However, there are still many security incidents such as internal illegal tampering and external interfering by viruses. To meet this security requirement, this paper mainly discusses the Trusted Computing technology and proposes a trusted platform model and architecture to guarantee the S is running under expectations.Firstly, this paper proposes a theoretical model named non-interference trusted model (NITM) which uses the non-interference security policy model for reference and is suitable for designing trusted computing platform. This model abstracts the system as: process, action, state and output, and gives the formal definition of the trusted of process. Through analysis of this model, three important characters for trusted running are acquired by reasoning method, which are Output Consistency, Local Consistency, Single-step Consistency. These characters can help to conveniently map the model to actual system and valid whether the practice is trusted or not.Based on NITM, this paper proposes trusted platform architecture and practical framework which is established on the root of trust. The basic idea is to support trusted functions by cryptography and support system trusted running without interference by trusted functions. Trusted Platform Control Model (TPCM), acting as the root of trust, achieves three important roots RTM, RTS and RTR to support a trusted tunnel for communication between applications and TPCM. Furthermore, the engineering model of trusted tunnel is proposed, the composing of which is discussed, and whose definition is described by formal method. The proposition that the trusted tunnel is an instance of intransitive no interference trusted model is proved, and the probability of the interference trusted tunnel subjecting to interference can be come down to cryptogram decryption, which is proved by computing undistinguished, thereby, the theory of no interference is advanced to engineering furthermore. The main parts of trusted platform architecture is described in this paper, including the cryptogram scheme of trusted platform, Trusted Platform Control Module, Trusted Platform Base Support Software and Trusted Platform Trusted Chain, the compatibility is discussed in the final of the paper. The basic idea of this paper is to taking trusted computing functions as the core to guarantee system trusted running and security. TPCM acts as the root of trust, extending the trust chain to form TCB. TCB in different layers can achieve seamless connection by using trusted pipeline, which makes TCB independence from other entities. The extension of TCB realized the security function of system based on trusted root, which greatly reduced the scale of TCB, easy to describe, validate by formal method, and can be implemented.This paper is based on a lot of trusted computing research projects that the author has participated in, including researching and setting trusted computing standards which is assigned by Information Security Standard Committee, 973 technology plan 2007CB311100, and 863 general project 2006AA01Z44 etc. The above-mentioned works take the important application as background, corresponding theoretical model is researched, engineering model is bring forward, a number of key technologies of trusted computing platform is breakthrough, the major innovation is as follows:Firstly, in theoretical model aspect, No Interference Trusted Model based on process is proposed, the determine conditions of the trust of system operation is advanced, the trust of system operation is researched by logic reasoning and formal methods. The model is based on strict logic reasoning, independence of security mechanisms and implements. Any implement in line with the model can achieve the purpose of system operation trust.Secondly, in engineering model aspect, No Interference Trusted Pipeline Model, trusted pipeline is described as instance of intransitive no interference trusted model by formal methods, and the proposition that the model cannot be interfered by other entities is proved by computing undistinguished, towards the design of trusted computing platform architecture.Thirdly, trusted computing platform cryptogram model is proposed, the cryptogram implement scheme is improved, double-certificate management solution is advanced, platform key migration scheme is simplified; a new authorization protocol is presented whose security is analyzed by BAN logic method.Fourthly, the design scheme of Trusted Platform Control Model (TPCM) is proposed, the problem of trusted root has been solved, the traditional thought that trusted platform module is considered as passive device has been changed, trusted platform module is designed as an active device, the active control of TPCM chip to the whole platform has been achieved. All of the trusted roots are imbed into the chip, which is subjected higher physical protection.Finally, Trusted Basic Support Software design scheme is researched, Trusted Reference monitor (TRM) Model is proposed, the three cryptogram pipelines constituted by the three trusted roots is described. TCB is extended from hardware to system, until the key components of application by using the extension of trusted chain. All TCB communicate with each other through the "trusted pipe" which constituted by three trusted roots of Trusted Platform Module, the function such as system integrity measurement, platform attestation and external entities access to TPCM etc. are achieved by using of the pipelines, which can make TCB not to be tampered and interfered by other entities.更多还原