期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

分布式环境下可信使用控制实施方案 被引量:3

An Approach of Trusted Usage Control in Distributed Environment
下载PDF
导出
摘要 当前分布式环境下,数据分发后产生了多种新的安全需求,传统的访问控制模型早已无法满足实际需要.因此,基于新型的使用控制模型UCON和可信计算技术,针对分布式环境下的信息安全需求,构建了一种通用的、可协商的可信使用控制架构TUC(trusted usage control).该架构利用硬件信任根TPM实施使用控制,引入策略和密钥协商机制,保证数据分发、传输、存储和使用控制过程中的机密性、完整性、可控性.此外,通过使用控制策略与分发数据的绑定,TUC的使用控制实施不会局限于特定的应用环境,增强了方案的通用性.针对原型系统的性能测试表明,TUC的表现达到了预期,为分布式环境下的访问控制实施提供了可行的解决方案. In distributed environment, digital data can be easily distributed and various kinds of security requirements emerge after the data distribution. However, traditional access control solutions suffer from difficulties both in the access rights authorization and the usage policy enforcement, especially under the heterogeneous, distributed network environments. In this paper, a new architecture called TUC (trusted usage control) is proposed against the information security requirements under distributed environment based on usage control model and trusted computing technology. TUC is presented to achieve usage control based upon the hardware trust root TPM. In this way, confidentiality, integrity and controllability of the data are assured not only in distribution, transmission, storage but also in usage control. It is necessary to design TUC as a general access solution by binding policies to the usage-controlled digital content. So TUC isn't limited to the specific application environment. Moreover, TUC is a negotiable solution because of the key and policy negotiation in our design. In this way, both the user's and the owner's requirements are taken into consideration. The design and implementation of TUC is then detailed in this paper. Test results show that the performance of TUC is acceptable for access control in distributed environment.
作者 胡浩 冯登国 秦宇 于爱民
机构地区 中国科学技术大学电子工程与信息科学系 信息安全国家重点实验室(中国科学院软件研究所) 信息安全共性技术国家工程研究中心
出处 《计算机研究与发展》 EI CSCD 北大核心 2011年第12期2201-2211,共11页 Journal of Computer Research and Development
基金 国家科技支撑计划基金项目(2008BAH22B06) 国家"八六三"高技术研究发展计划基金项目(2007AA01Z465) 国家自然科学基金项目(60970028) 中国科学院知识创新工程领域前沿项目(ISCAS2009-DR14 ISCAS2009-GR03)
关键词 可信计算 可信平台模块 UCON模型 分布式访问控制 可信使用控制 trusted computing trusted platform module(TPM) UCON model distributed access control trusted usage control
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1Park J, Sandhu R. Towards usage control models beyond traditional access control [C]//Proc of the 7th ACM Symp on Access Control Models and Technologies. New York: ACM, 2002:57-64.
  • 2Park J, Sandhu R. The UCONABC usage control model [J]. ACM Trans on Information and System Security, 2004, 7 (1): 128-174.
  • 3Alam M, Seifert J P, Li Q, et al. Usage control platformization via trustworthy SELinux [C] //Proc of the 2008 ACM Symp on Information, Computer and Communications Security. New York: ACM, 2008:245-248.
  • 4Mana A, Pimentel E. An efficient software protection scheme [C] //Proc of the 16th Int Conf on Information Security: Trusted Information. Amsterdam, Netherlands: Kluwer Academic, 2001:385-401.
  • 5Kyle D, Brustoloni J C. Uclinux: A linux security module for trusted-computing-based usage controls enforcement[C]//Proc of the 2007 ACM Workshop on Scalable Trusted computing. New York: ACM, 2007:63-70.
  • 6Trusted Computing Group. TPM specification Version 1.2, Revision 103 [OL]. [ 2007-03-03 ]. http://www. trustedeomputinggroup, org.
  • 7Balacheff B, Chen L, Pearson S, et al. Trusted Computing Platforms: TCPA Technology in Context [M]. Englewood Cliffs, NJ: Prentice Hall, 2002.
  • 8Sandhu R, Zhang Xinwen, Peer-to-peer access control architecture using trusted computing technology[C] //Proc of the 10th ACM Symp on Access Control Models and Technologies. New York: ACM, 2005.
  • 9Berthold A, Alam M, Breu R, et al. A technical architecture for enforcing usage control requirements in service-oriented architectures [C] //Proc of the 2007 ACM Workshop on Secure Web Services. New York: ACM, 2007: 18-25.
  • 10Sailer R, Zhang Xiaolan, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture [C] //Proc of the 13th USENIX Security Symposium. Berkeley, CA: USENIX, 2004:223-238.

二级参考文献25

  • 1Trusted Computing Group. TCG Architecture Overview. Specification, Revision 1.2. 28 April 2004
  • 2中国国家密码管理局.可信计算密码支撑平台功能与接口规范.2007年12月
  • 3Trusted Computing Group. TPM Main Part 1, Design Principles. Specification Version 1.2, Revision 62. 2 October 2003
  • 4Sailer Reiner, Zhang Xiao-Lan, Jaeger Trent, van Doorn Leendert. Design and implementation of a TCG-based integrity measurement arehiteeture//Proeeedings of the 13th Usenix Security Symposium. San Diego, California, 2004: 223- 238
  • 5Sailer Reiner, van Doorn Leendert, James P. Ward: The role of TPM in enterprise security. IBM Research Report RC 23368, October 2004
  • 6Poritz Jonathan, Schunter Matthias, van Herreweghen Els, Waidner Michael. Property attestation-Scalable and privacy-friendly security assessment of peer computers. IBM Research Report RZ 3548, October 5, 2004:223-238
  • 7Sadeghi A, Stuble C. Property-based attestation for computing platforms: Caring about properties, not mechanisms// Proceedings of the New Security Paradigms Workshop, 2004:67-77
  • 8Chen Li-Qun, Landfermann Rainer, Lohr Hans et al. A protocol for property-based attestation//Proceedings of the 1st ACM Workshop on Scalable Trusted Computing. Nova Scotia Canada, 2006:7-16
  • 9Kuhn Ulrich, Selhorst Marcel, Stueble Christian. Realizing property-based attestation and sealing with commonly available hard- and software//Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing. Alexandria, Virginia, USA, 2007
  • 10Kuhn Ulrich, Kursawe Klaus, Lucks Stefan, Sadeghi Ahmad-Reza, Sttible Christian. Secure data management in trusted computing//Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES). LNCS 3659. Springer, 2005:324-338

共引文献41

同被引文献29

  • 1郑志蓉,蔡谊,沈昌祥.操作系统安全结构框架中应用类通信安全模型的研究[J].计算机研究与发展,2005,42(2):322-328. 被引量:6
  • 2洪帆,饶双宜,段素娟.基于属性的权限—角色分配模型[J].计算机应用,2004,24(B12):153-155. 被引量:6
  • 3洪帆,崔永泉,崔国华,付才.多域安全互操作的可管理使用控制模型研究[J].计算机科学,2006,33(3):283-286. 被引量:7
  • 4赵勇,刘吉强,韩臻,沈昌祥.信息泄露防御模型在企业内网安全中的应用[J].计算机研究与发展,2007,44(5):761-767. 被引量:29
  • 5Chou Sc.An RBAC-Based Access Control Model for Object-Oriented Systems Offering Dynamic Aspect Features[J].IEICE Transactions on Information and Systems,2005:2143-2147.
  • 6Park J,Sandhu R.Towards Usage Control Models:Beyond Traditional Access Control[C]//Proceedings of the 7th ACM Symposium on Access Control Models and Technologies.SACMAT02.Monterey,California,USA:ACM,2002:57-64.
  • 7Ravi Sandhu,Jaehong Park.Usage Control:A Vision for Next Generation Access Control[J].MMM-ACNS,2003.
  • 8Jawhon Park,Ravi Sandhu.The UCONABCUsage Control Model[J].ACM Transactions on Information and Systems Security,2004,7(1):128-174.
  • 9刘志敏.基于角色的跨域使用控制模型及应用研究[D].南京信息工程大学,2012.
  • 10Katt B, Zhang Xinwen, Breu R, et al. A general obligation model and continuity: enhanced policy enforcement engine for usage control[C]//Proceedings of the 13th ACM Sympo- sium on Access Control Models and Technologies, Estes Park, USA, Jun 11-13, 2008. New York, NY, USA: ACM, 2008: 123-132.

引证文献3

二级引证文献4

计算机研究与发展
2011年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部