可信计算下的信任链传递模型研究

【作者】 林基艳；

【导师】 吴振强；

【作者基本信息】 陕西师范大学 ， 计算机软件与理论， 2010， 硕士

【摘要】 由于传统计算机在体系结构上设计的不足,使得如今的计算机明显缺乏对病毒、黑客和内部窃密者的抵抗能力,为了从根本上解决计算机系统存在的基础性安全缺陷,可信计算组织TCG推出了通过在底层硬件上加入安全芯片架构来提高系统安全的可信计算平台技术,其基本思想是在终端平台中首先建立一个信任根,再建立一条信任链,通过一级度量认证一级,一级信任一级的方式把信任关系扩大到整个平台,从而保证了终端的安全；因此,信任链是可信计算平台技术中的一项重要技术,它的存在确保了终端从开机到应用程序启动整个过程的安全可信。终端平台上的信任链传递分为两个阶段：一个是从平台加电到操作系统启动前的过程,即系统引导阶段；另一个是从操作系统到应用程序过程。系统引导阶段,核心可信度量根CRTM和可信平台模块TPM是信任链传递的起点,但是加入TPM芯片的系统有时会因TPM被烧毁等的故障而使用户丢失一些重要的机密数据,违背了易用性的原则；在操作系统启动的第二阶段,经验证的合法内部用户仍然可以通过简单的人机交互泄露内部机密,破坏操作系统的可信性,且当可信传递到应用层时,为了保证应用层的可信,不仅要对所有待运行的应用程序的可执行文件进行度量,还要对应用程序加载的动态共享库、配置文件等所有可能影响应用程序可信性的组件进行度量,由此带来的时间开销降低了系统运行效率,因此设计一种更加合理高效的信任链传递模型具有重要的意义。论文围绕信任链传递模型展开研究,在分析和总结前人工作的基础上,主要进行了以下几个方面的工作：1)综述了现有信任链传递技术的研究现状及优缺点；提出了改进的系统引导阶段的信任链传递模型,并对模型进行了形式化验证,主要创新点是提出了基于USB KEY和BIOS的TPM故障解决方案；2)为了防止已通过身份验证的合法用户破坏操作系统环境的可信性,提出了一种基于用户提交的访问意图和层次分析法的内部用户行为监管方案,并利用Matlab对方案进行了仿真,实验表明方案可以提高识别的准确性,克服难以对内部用户行为进行定量分析的缺点；3)为了保证操作系统到应用层的安全可信,实现对未授权程序的主动防御,降低系统完整性度量过程中的时间开销,论文利用LSM机制、白名单以及虚拟化技术提出了应用层并行的主动防御信任链传递模型；对模型进行了形式化验证,并利用Cent OS Linux、VMware Workstation、TPM Emulator等软件对模型进行了初步的原型实现。更多还原

【Abstract】 Because of the design deficiencies in the computers’ architecture, the computers can not prevent virus, hackers and insider thieves. In order to solve the insecurity of computers fundamentally, trusted computing group begins to carry out trusted computing platform technology through the way of adding the safe chip. The basic idea of the trusted computing platform is firstly built a root of trust, and then a trusted chain, and in the manner of one level measures another and trusts another to extend the trust relation to the whole computer system which insures the trust of the computer. The chain of trust is an important technology of the trusted computing which ensures the creditability and the safety of the computers.The chain of trust can be divided into two processes:one is the process that from the boot of the platform to the starting of the operating system, the other is from the operating system to the applications starting. In system boot phase, TPM and CRTM play the key role, but the system added TPM can cause the users lose some important cryptographic information which goes against the principle of easy to use. Meantime, when the operating system is started, the users who have already passed the validation can still break the creditability of the system through the way of human-computer interaction, and the present manner can brings extra overhead time, especially when the trusted chain transfers to the application layer because to ensure the safety of the application layer, not only the application program should be measured, but also the dynamic shared library and configuration file and so on that the program loads which brings extra overhead time and pulls down the runtime efficiency of the system. Thus, it is important to design a more reasonable and efficient model of trust chain.This thesis carries out a series of researches about the model of trust chain, and the main tasks are summarized as follows:1) Introducing the current situation of chain of trust, analyzing the advantages and disadvantages of them. Improving the existing solution of the chain of trust form boot-trap to the loading of the operating system and bringing forward the chain of trust model of the system boot phase. Besides, the innovation of the thesis is the proposing of the solution of secure solution based on USB KEY and BIOS under TPM fault.2) In order to prevent the users to break the trustiness of the operating system who have already passed the verified, a solution of monitoring the users’ behavior has been brought forward, at the same time, simulation has been taken to prove that the solution can improve the accuracy and overcome the disadvantage that analysis can’t be done to the insider users.3) Combining the virtualization technology, white lists and LSM technology to bring forward parallel and active defense model of the chain of trust in order to prevent the programs that are not in the list which realizes the active defense, reduce the time spending in the process of measurement. Formal verification is given to the model and basic prototype implementation is carried out with software such as Cent OS Linux, VMware Workstation, and TPM Emulator.更多还原