摘要
为满足特定应用领域的高等级安全需要,基于国产基础软硬件平台,提出一种用户行为度量方法。通过USBKey双因素认证机制与可信密码模块认证授权相结合,实现用户身份的安全授权。根据不同用户创建用户行为控制链,完成指定用户、指定进程、对指定系统资源进行操作的细粒度可信度量,从而实现根据用户行为对系统资源访问行为进行分层次、动态的访问控制。针对不同用户身份提供动态加、解密以保证高级别用户对系统资源操作的安全性。实验结果表明,该方法能够有效提高系统安全性。
In order to meet the high level security requirement of specific application areas, based on domestic basic software and hardware platform,a user behavior measurement method is proposed. Through the combination of USBKey dual factor authentication mechanism and Trusted Cryptography Module (TCM) authentication and authorization, the security authorization of user identity is realized. User behavior control chain is created according to different user identity,and a trust measure of fine grain to specify the user and process and operate the specified system resource is done, so as to realize the hierarchical and dynamic access control of the system resource according to the user' s behavior. Dynamic encryption and decryption for different user identity is provided to ensure the security of high level users while operating system resources. Experimental results show that the method can effectively improve the security of the system.
出处
《计算机工程》
CAS
CSCD
北大核心
2017年第5期121-128,共8页
Computer Engineering
基金
国家"核高基"重大专项(2014ZX01040501-002)
国家自然科学基金青年项目(61402022)
北京市青年英才计划项目(YETP1448)
北京市哲学社科规划项目(14JGB033)
关键词
可信计算
可信度量系统
可信密码模块
信息安全
用户行为信任
trusted computing
trusted measurement system
Trusted Cryptography Module (TCM)
information safety
user behavior trust
