可信終端在電子政務(wù)網(wǎng)中的應(yīng)用研究
發(fā)布時(shí)間:2018-09-17 08:47
【摘要】:近年來(lái),隨著網(wǎng)絡(luò)規(guī)模的日益擴(kuò)大和技術(shù)的不斷革新,使得網(wǎng)絡(luò)結(jié)構(gòu)變得更加復(fù)雜,由此帶來(lái)的網(wǎng)絡(luò)信息安全問(wèn)題也日趨突出,網(wǎng)絡(luò)防御系統(tǒng)的安全性與可靠性面臨愈來(lái)愈嚴(yán)峻的挑戰(zhàn)。人們逐漸意識(shí)到,防止網(wǎng)絡(luò)入侵,數(shù)據(jù)泄漏要追究其根源——終端,處于網(wǎng)絡(luò)邊緣的終端設(shè)備是絕大多數(shù)安全隱患的始作俑者。因此,,建立一套完整的、兼容性強(qiáng)的終端安全體系具有很大的應(yīng)用價(jià)值和現(xiàn)實(shí)意義,特別是對(duì)信息安全管理要求較高的專用網(wǎng)絡(luò)(如電子政務(wù)網(wǎng)),形成一套可靠性高的安全機(jī)制顯得更加重要。 本文從當(dāng)前網(wǎng)絡(luò)環(huán)境的基本特征出發(fā),針對(duì)傳統(tǒng)安全解決方案大多依靠第三方應(yīng)用軟件的不足和局限性等問(wèn)題,在全面分析Xen虛擬化技術(shù)、深入研究可信芯片TPM(Trusted Platform Module)工作原理和信任鏈鏈傳遞機(jī)制的基礎(chǔ)上,提出了基于虛擬化技術(shù)的虛擬客戶系統(tǒng)(終端系統(tǒng))可信引導(dǎo)機(jī)制,以此來(lái)解決過(guò)度依賴第三方安全軟件的局限性問(wèn)題。 本文在TNC(Trusted Network Connect)架構(gòu)的基礎(chǔ)上,結(jié)合可信計(jì)算體系中TPM可信芯片和虛擬化技術(shù)的特點(diǎn),通過(guò)對(duì)虛擬機(jī)特權(quán)域和TPM芯片信任鏈傳遞機(jī)制的研究,將從TPM硬件到特權(quán)域的可信引導(dǎo)過(guò)程延伸至虛擬客戶終端,完善了可信引導(dǎo)安全機(jī)制,實(shí)現(xiàn)了終端的可信安全。 論文的目標(biāo)旨在健全網(wǎng)絡(luò)安全管理體制,確保入網(wǎng)終端的可信性和安全性,實(shí)現(xiàn)從終端安全可信到整個(gè)網(wǎng)絡(luò)安全可信的信任鏈傳遞機(jī)制,最終達(dá)到網(wǎng)絡(luò)信息安全的目的。
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【學(xué)位授予單位】:長(zhǎng)安大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類(lèi)號(hào)】:TP393.08
本文編號(hào):2245339
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【學(xué)位授予單位】:長(zhǎng)安大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類(lèi)號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前9條
1 張曉菲;許訪;沈昌祥;;基于可信狀態(tài)的多級(jí)安全模型及其應(yīng)用研究[J];電子學(xué)報(bào);2007年08期
2 張淼;徐國(guó)愛(ài);胡正名;楊義先;;可信計(jì)算環(huán)境下基于主機(jī)身份的一次性密鑰交換協(xié)議[J];電子與信息學(xué)報(bào);2007年06期
3 鄭宇;何大可;何明星;;基于可信計(jì)算的移動(dòng)終端用戶認(rèn)證方案[J];計(jì)算機(jī)學(xué)報(bào);2006年08期
4 趙波;張煥國(guó);李晶;陳璐;文松;;可信PDA計(jì)算平臺(tái)系統(tǒng)結(jié)構(gòu)與安全機(jī)制[J];計(jì)算機(jī)學(xué)報(bào);2010年01期
5 肖政;韓英;葉蓬;侯紫峰;;基于可信計(jì)算平臺(tái)的體系結(jié)構(gòu)研究與應(yīng)用[J];計(jì)算機(jī)應(yīng)用;2006年08期
6 譚興烈;可信計(jì)算平臺(tái)中的關(guān)鍵部件TPM[J];信息安全與通信保密;2005年02期
7 孔維廣;可信計(jì)算平臺(tái)的工作原理與應(yīng)用研究[J];武漢科技學(xué)院學(xué)報(bào);2003年06期
8 秦戈;韓文報(bào);;關(guān)于可信計(jì)算平臺(tái)模塊的研究[J];信息工程大學(xué)學(xué)報(bào);2006年04期
9 肖曦;韓軍;汪倫偉;;可信計(jì)算平臺(tái)關(guān)鍵機(jī)制研究[J];信息工程大學(xué)學(xué)報(bào);2007年02期
本文編號(hào):2245339
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2245339.html
最近更新
教材專著
