可信終端在電子政務網中的應用研究
發(fā)布時間:2018-09-17 08:47
【摘要】:近年來,隨著網絡規(guī)模的日益擴大和技術的不斷革新,使得網絡結構變得更加復雜,由此帶來的網絡信息安全問題也日趨突出,網絡防御系統(tǒng)的安全性與可靠性面臨愈來愈嚴峻的挑戰(zhàn)。人們逐漸意識到,防止網絡入侵,數據泄漏要追究其根源——終端,處于網絡邊緣的終端設備是絕大多數安全隱患的始作俑者。因此,,建立一套完整的、兼容性強的終端安全體系具有很大的應用價值和現(xiàn)實意義,特別是對信息安全管理要求較高的專用網絡(如電子政務網),形成一套可靠性高的安全機制顯得更加重要。 本文從當前網絡環(huán)境的基本特征出發(fā),針對傳統(tǒng)安全解決方案大多依靠第三方應用軟件的不足和局限性等問題,在全面分析Xen虛擬化技術、深入研究可信芯片TPM(Trusted Platform Module)工作原理和信任鏈鏈傳遞機制的基礎上,提出了基于虛擬化技術的虛擬客戶系統(tǒng)(終端系統(tǒng))可信引導機制,以此來解決過度依賴第三方安全軟件的局限性問題。 本文在TNC(Trusted Network Connect)架構的基礎上,結合可信計算體系中TPM可信芯片和虛擬化技術的特點,通過對虛擬機特權域和TPM芯片信任鏈傳遞機制的研究,將從TPM硬件到特權域的可信引導過程延伸至虛擬客戶終端,完善了可信引導安全機制,實現(xiàn)了終端的可信安全。 論文的目標旨在健全網絡安全管理體制,確保入網終端的可信性和安全性,實現(xiàn)從終端安全可信到整個網絡安全可信的信任鏈傳遞機制,最終達到網絡信息安全的目的。
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【學位授予單位】:長安大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
本文編號:2245339
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【學位授予單位】:長安大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關期刊論文 前9條
1 張曉菲;許訪;沈昌祥;;基于可信狀態(tài)的多級安全模型及其應用研究[J];電子學報;2007年08期
2 張淼;徐國愛;胡正名;楊義先;;可信計算環(huán)境下基于主機身份的一次性密鑰交換協(xié)議[J];電子與信息學報;2007年06期
3 鄭宇;何大可;何明星;;基于可信計算的移動終端用戶認證方案[J];計算機學報;2006年08期
4 趙波;張煥國;李晶;陳璐;文松;;可信PDA計算平臺系統(tǒng)結構與安全機制[J];計算機學報;2010年01期
5 肖政;韓英;葉蓬;侯紫峰;;基于可信計算平臺的體系結構研究與應用[J];計算機應用;2006年08期
6 譚興烈;可信計算平臺中的關鍵部件TPM[J];信息安全與通信保密;2005年02期
7 孔維廣;可信計算平臺的工作原理與應用研究[J];武漢科技學院學報;2003年06期
8 秦戈;韓文報;;關于可信計算平臺模塊的研究[J];信息工程大學學報;2006年04期
9 肖曦;韓軍;汪倫偉;;可信計算平臺關鍵機制研究[J];信息工程大學學報;2007年02期
本文編號:2245339
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2245339.html
最近更新
教材專著
