摘要
针对传统基于USB接口的监控系统存在的诸如缺乏介质身份认证手段,难以有效地对各等级进行隔离,可信度低等问题,一种基于可信机制的数据传输监控系统被提出以解决上述问题。系统应用动态口令与指纹识别相结合的双向身份认证方案及文件过滤驱动技术,以"可信构件"为根构建系统内部的可信链模型,通过驱动层与应用层相结合的多级安全策略加强对机密信息的访问控制。通过分析并测试系统,表明方案是可行的且系统达到了"证实"的可信等级。
A data transmission monitoring system based on trusted mechanism is proposed in this paper, which is targeting at the problems in traditional monitoring system based on USB interface, such as the lack of medium identity authentication methods, the difficulty for conducting effective isolation of each grades, and the low credibility. In the proposed system, a two-way identity authentication scheme of combining dynamic password with fingerprint identification and a file filtering drive technology are applied, and a trusted chain model is built within the system in which "trustworthy components" are as trusted root, and a kind of multi-level security policy which combined security policies of driver layer with application layer is implemented to enhance access control of confidential information. By analyzing and testing the system, the results showed that the system was feasible and met to the "confirmed" trustworthiness level.
出处
《广西大学学报(自然科学版)》
CAS
CSCD
北大核心
2011年第A01期93-99,共7页
Journal of Guangxi University(Natural Science Edition)
关键词
信息安全
USB接口
可信软件
动态口令
指纹识别
过滤驱动
information security
USB interface
trustworthy software
dynamic password
fingerprint recognition
filtering drive
