摘要
现有的文档保护技术大都是依赖于系统中特定的安全保护机制实施边界防御。电子文档作为静态客体,本身只能携带属性权限,而没有任何防护能力,难以同时满足"防外"和"防内"的双重需求。本文以可信计算为基础,借鉴主动存储的思想,将数据的使用隔离与数据存储绑定,提出了一种文档主动防护模型。通过构建从底层硬件到上层应用环境的信任链,确保数据以满足预期的方式被使用,授权用户可以正常使用文档,而不能将其泄露出保护区域。基于该主动模型在Windows系统平台下实现了一个主动安全U盘,可以广泛应用于数字版权保护以及企业和个人敏感数据保护。
The existing document protection technologies were implemented depending on specific mechanisms on the boundary. As static objects, electronic documents could only have data content and attributes without any active protection capability on themselves. It is insufficient to defense threats from both outsider and insider in the open network environment. This paper proposed an active defense model for document protection based on trust-computing which band special isolation mechanism to data storage. The trust chain from hardware to usage environment in operation system confines even authorized users to access the document in expected manners. A kind of active USB disk device is designed and implemented based on the model, which is effective for DRM as well as sensitive data protection for enterprises and personals.
基金
国家自然科学基金青年基金项目[60903204]
关键词
数据安全
主动防护
可信计算
隔离环境
信任链
访问控制
数字版权保护
data security
active defense
trust-computing
isolation environment
trust chain
access control
Digital Rights Management (DRM)
