可信终端在电子政务网中的应用研究
发布时间:2018-09-17 08:47
【摘要】:近年来,随着网络规模的日益扩大和技术的不断革新,使得网络结构变得更加复杂,由此带来的网络信息安全问题也日趋突出,网络防御系统的安全性与可靠性面临愈来愈严峻的挑战。人们逐渐意识到,防止网络入侵,数据泄漏要追究其根源——终端,处于网络边缘的终端设备是绝大多数安全隐患的始作俑者。因此,,建立一套完整的、兼容性强的终端安全体系具有很大的应用价值和现实意义,特别是对信息安全管理要求较高的专用网络(如电子政务网),形成一套可靠性高的安全机制显得更加重要。 本文从当前网络环境的基本特征出发,针对传统安全解决方案大多依靠第三方应用软件的不足和局限性等问题,在全面分析Xen虚拟化技术、深入研究可信芯片TPM(Trusted Platform Module)工作原理和信任链链传递机制的基础上,提出了基于虚拟化技术的虚拟客户系统(终端系统)可信引导机制,以此来解决过度依赖第三方安全软件的局限性问题。 本文在TNC(Trusted Network Connect)架构的基础上,结合可信计算体系中TPM可信芯片和虚拟化技术的特点,通过对虚拟机特权域和TPM芯片信任链传递机制的研究,将从TPM硬件到特权域的可信引导过程延伸至虚拟客户终端,完善了可信引导安全机制,实现了终端的可信安全。 论文的目标旨在健全网络安全管理体制,确保入网终端的可信性和安全性,实现从终端安全可信到整个网络安全可信的信任链传递机制,最终达到网络信息安全的目的。
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【学位授予单位】:长安大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2245339
[Abstract]:In recent years, with the increasing expansion of network scale and the continuous innovation of technology, the network structure becomes more complex, and the network information security problems become increasingly prominent. The security and reliability of network defense system are facing more and more serious challenges. People gradually realize that to prevent network intrusion, data leakage should be investigated for its root cause-terminal, and terminal equipment on the edge of network is the initiator of most security hidden trouble. Therefore, the establishment of a complete and compatible terminal security system has great application value and practical significance. Especially, it is more important to form a set of high reliability security mechanism for the special network (e-government network) which requires high information security management. Based on the basic characteristics of the current network environment, this paper analyzes the Xen virtualization technology in allusion to the shortcomings and limitations of the traditional security solutions, which mostly rely on the third party application software. On the basis of deeply studying the working principle of trusted chip TPM (Trusted Platform Module) and the mechanism of chain of trust transfer, a virtual client system (terminal system) trusted booting mechanism based on virtualization technology is proposed. In order to solve the problem of excessive reliance on third-party security software limitations. On the basis of TNC (Trusted Network Connect) architecture, combining the characteristics of TPM trusted chip and virtualization technology in trusted computing system, this paper studies the privilege domain of virtual machine and the transfer mechanism of trust chain in TPM chip. The trusted boot process from TPM hardware to privilege domain is extended to the virtual client terminal, which improves the trusted boot security mechanism and realizes the trusted security of the terminal. The aim of this paper is to perfect the network security management system, to ensure the credibility and security of the terminal, to realize the trust chain transfer mechanism from the terminal security to the whole network security trust, and finally to achieve the goal of network information security.
【学位授予单位】:长安大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前9条
1 张晓菲;许访;沈昌祥;;基于可信状态的多级安全模型及其应用研究[J];电子学报;2007年08期
2 张淼;徐国爱;胡正名;杨义先;;可信计算环境下基于主机身份的一次性密钥交换协议[J];电子与信息学报;2007年06期
3 郑宇;何大可;何明星;;基于可信计算的移动终端用户认证方案[J];计算机学报;2006年08期
4 赵波;张焕国;李晶;陈璐;文松;;可信PDA计算平台系统结构与安全机制[J];计算机学报;2010年01期
5 肖政;韩英;叶蓬;侯紫峰;;基于可信计算平台的体系结构研究与应用[J];计算机应用;2006年08期
6 谭兴烈;可信计算平台中的关键部件TPM[J];信息安全与通信保密;2005年02期
7 孔维广;可信计算平台的工作原理与应用研究[J];武汉科技学院学报;2003年06期
8 秦戈;韩文报;;关于可信计算平台模块的研究[J];信息工程大学学报;2006年04期
9 肖曦;韩军;汪伦伟;;可信计算平台关键机制研究[J];信息工程大学学报;2007年02期
本文编号:2245339
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2245339.html
