本文選題：可信存儲(chǔ) + 訪問控制��； 參考：《河北大學(xué)》2014年碩士論文

【摘要】：隨著計(jì)算機(jī)技術(shù)的發(fā)展，計(jì)算機(jī)網(wǎng)絡(luò)中各種攻擊手段層出不窮，網(wǎng)絡(luò)信息系統(tǒng)的安全性、可靠性和可用性等問題變得越來越重要，，而可信計(jì)算技術(shù)能夠有效的解決這些問題。因此，研究實(shí)現(xiàn)安全可靠的可信存儲(chǔ)機(jī)制，具有良好的理論價(jià)值和實(shí)踐意義。 本文提出了一種TPM和CA相結(jié)合的用戶身份證書管理機(jī)制，基于TPM和CA實(shí)現(xiàn)可信身份認(rèn)證機(jī)制，在屬性認(rèn)證協(xié)議的基礎(chǔ)上，對(duì)屬性證書添加了實(shí)時(shí)的組件完整性度量值，增強(qiáng)了協(xié)議的安全性；基于TPM實(shí)現(xiàn)保密性和完整性兩個(gè)維度以及能力和屬性兩個(gè)方面相結(jié)合的數(shù)據(jù)安全訪問策略，在TPM硬件支持下，利用可信代理對(duì)數(shù)據(jù)訪問的主體和客體分別進(jìn)行量化評(píng)級(jí)，在不可信的服務(wù)器與不可信的用戶之間建立信任關(guān)系，實(shí)現(xiàn)了兩者之間安全可靠的互操作，降低了用戶和服務(wù)器被攻擊的風(fēng)險(xiǎn)，保障了系統(tǒng)的可信運(yùn)行，與現(xiàn)有的訪問控制策略相比具有更高的安全性。 本文以實(shí)現(xiàn)用戶與服務(wù)器間保密性與完整性相統(tǒng)一的訪問控制為目標(biāo)，對(duì)可信訪問控制模型進(jìn)行了研究，提出了更加靈活和安全的可信評(píng)價(jià)體系，為保障信息系統(tǒng)的保密性和完整性提供了一種新思路。
[Abstract]:With the development of computer technology, all kinds of attacks in computer network emerge in endlessly. The security, reliability and usability of network information system become more and more important, and trusted computing technology can effectively solve these problems. Therefore, it has good theoretical value and practical significance to study the secure and reliable trusted storage mechanism. In this paper, a user identity certificate management mechanism combining TPM and CA is proposed. Based on TPM and CA, the trusted identity authentication mechanism is implemented. On the basis of attribute authentication protocol, a real-time component integrity measure is added to the attribute certificate. It enhances the security of the protocol, realizes the data security access policy based on TPM, which combines two dimensions of confidentiality and integrality, ability and attribute, and is supported by TPM hardware. The subject and object of data access are rated quantitatively by trusted proxy, and the trust relationship between the untrusted server and the untrusted user is established, and the secure and reliable interoperation between them is realized. It reduces the risk of users and servers being attacked, ensures the trusted operation of the system, and has higher security compared with the existing access control policies. In order to realize the unified access control of confidentiality and integrity between the user and the server, the trusted access control model is studied, and a more flexible and secure trusted evaluation system is proposed in this paper. It provides a new way to protect the confidentiality and integrity of information system.
【學(xué)位授予單位】：河北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 沈瑛;沈昌祥;;基于格的BLP完整性擴(kuò)展模型[J];北京工業(yè)大學(xué)學(xué)報(bào);2013年03期

2 李益發(fā);沈昌祥;;一種新的操作系統(tǒng)安全模型[J];中國科學(xué)E輯:信息科學(xué);2006年04期

3 沈昌祥;張煥國;馮登國;曹珍富;黃繼武;;信息安全綜述[J];中國科學(xué)(E輯:信息科學(xué));2007年02期

4 黃強(qiáng);沈昌祥;陳幼雷;方艷湘;;基于可信計(jì)算的保密和完整性統(tǒng)一安全策略[J];計(jì)算機(jī)工程與應(yīng)用;2006年10期

5 周正;劉毅;沈昌祥;;一種新的保密性與完整性統(tǒng)一安全策略[J];計(jì)算機(jī)工程與應(yīng)用;2007年34期

6 林闖,彭雪海;可信網(wǎng)絡(luò)研究[J];計(jì)算機(jī)學(xué)報(bào);2005年05期

7 沈昌祥;張煥國;王懷民;王戟;趙波;嚴(yán)飛;余發(fā)江;張立強(qiáng);徐明迪;;可信計(jì)算的研究與發(fā)展[J];中國科學(xué):信息科學(xué);2010年02期

本文編號(hào)：1898609