【作者】 胡浩；

【导师】 冯登国；

【作者基本信息】 中国科学技术大学 ， 信息安全， 2010， 博士

【摘要】 分布式环境下数据不可避免的要在大量分散节点间分发与流动,而在这种跨平台甚至跨域的分布式交互中,节点的可信性是分布式访问控制最重要的安全需求之一。可信计算技术以可信平台模块TPM为硬件信任根,从体系架构上解决了信任建立的问题,为分布式环境下平台节点的信任建立提供了新的解决途径。本文从上述背景出发,基于可信计算和使用控制模型等关键技术对分布式访问控制进行理论研究和工程实践：(1)针对现有研究中分布式访问控制的粒度过粗、动态性不足等问题,研究更适合于分布式访问控制实施的体系架构和相关机制。(2)鉴于分布式系统的终端平台信任机制缺失,定义了终端平台的四类安全属性,在此基础上研究分布式环境下有效的终端平台信任建立方案。(3)总结了分布式访问控制架构中远程证明的隐私性保护、访问控制策略执行证明等特殊需求,分析了基于XACML的使用控制策略组织规范,在此基础上对现有远程证明方案进行扩展研究。(4)基于上述工作,我们实现了一个分布式访问控制架构原型系统——可信使用控制,并讨论了其在三种特定场景下的应用。本文的贡献主要包括：(1)从信息流完整性出发扩展传统完整性模型Biba,提出了一种新颖的终端平台完整性保护和信任建立方案,该方案保留了Biba的进程间依赖语义但改善了Biba模型的单调性缺陷,解决了终端平台信任链构建问题。(2)设计了一种新颖的信任度评估方案,从主观行为和客观属性两方面量化终端平台信任度,并基于量化的信任实施远程证明和访问控制,解决了它们的粒度粗放、动态性不足等问题,并一定程度上保护了终端平台的隐私。据我所知,该信任评估方案及其在基于可信计算的分布式访问控制中的应用研究,尚属首次。(3)提出一种基于行为的使用控制策略执行证明方案,扩展了传统的远程证明,解决了策略执行行为的信任建立问题,增强了分布式访问控制架构的可验证性。(4)从使用控制及其实施的一般性进行研究,总结了分布式环境下终端平台的安全属性、使用控制策略的语意及分类等,丰富了分布式访问控制架构的设计理论,支持了分布式访问控制应用实践。本文侧重于分布式访问控制的应用研究,针对复杂的实际需求建立应用模型并展开讨论,而不局限于使用控制模型的形式化语意,拓展了分布式访问控制研究的外延,对后继相关应用研究具有一定的启发和借鉴意义。更多还原

【Abstract】 In highly distributed environments, data distribution and flow are inevitable between network nodes. Thus trustworthiness of the network nodes is one of the key security requirements for distributed access contrl in such cross-platform or even cross-domain interactions. Trusted computing takes TPM as its hardware root of trust and solves trust establishment from architectural view, which presents a new solution for trust establishment on network nodes platform.Based on the abovebackground, this thesis proceeds the theoretical research and engineering practice of distributed access control with trusted computing and usage control model:(1) For the current research problems of distributed access control, such as too coarse granularity, lack of dynamic, proceed research on the architecture and related mechanisams which are more suitable for distributed access control. (2) According to lack of trust on the terminal platform in distributed system, define four security attributes of the terminal platform and research on the effective trust establishment approach in distributed environments. (3) Summarize special requirements in distributed access control architecture, such as privacy protection in remote attestation, enforcement attestation to access control policies ananlyze the specifications of XACML based usage control policies. On this basis above, proceed extend research on traditional remote attestation. (4) Based on the above-mentioned, we implement a prototype of distributed access control architecture:Trust Usage Control, and apply it in three specific scenarios.Our contributions in this thesis are summarized as follow:(1) Propose a novel integrity protection and trust establishment approach from the view of information flow and extended Biba model, which keep the inter-process dependency semantics of Biba but ameliorates its monotonic behavior, which solve the problem of trust chain estabulishment on the terminal platform. (2) Design a novel trust evaluation mechanism, which evaluates from both the subjective behavior and the objective attributes. Evaluated trust is applied to remote attestation and access control to solve their problem of too coarse granularity and lack of dynamic. Besides, privacy protection is achieved to a certain extent. As far as I know, it is the first tentative research on this trust evaluation mechanism and its application in distributed access control based on trusted computing. (3) Propose a policy enforcement attestation approach which extends traditional remote attestation, so that the problem of trust establishment on the policy enforcement behavior of the terminal platform is solved and makes the distributed access control architecture more provable. (4) Conclude platform security attributes in distributed environments from the generality of usage control and its enforcement, as well as the semantics and classification of usage control policies, so that the design theory of distributed access control architecture is enriched and the application practice of distributed access control is supported.This thesis focuses on the practical application research to distributed access control. We build our application model against complicated practical requirements, which is not restricted to the formal semantics of usage control model. As a result, we enlarge the research extension of distributed access control, so that it could be a inspiration and reference to relative subsequent application research.更多还原