Shulou(Shulou.com)06/01 Report--

Research and Application of centralized and Unified trusted Computing platform Management Model

Http://kns.cnki.net/KCMS/detail/detail.aspx?dbcode=CJFQ&dbname=CJFDLAST2017&filename=XXAQ201704003&uid=WEEvREcwSlJHSldRa1FhcTdWajFuai9HOHBDdWU0d3Y2UkFiTEtTWXp1bz0=$9A4hF_YAuvQ5obgVAqNKPCYcEjKensW4ggI8Fm4gTkoUKaID8j8gFw!!&v=MTc1Njl1WnNGeXZrVzc3UFBUWEtmN0c0SDliTXE0OUZaNFI4ZVgxTHV4WVM3RGgxVDNxVHJXTTFGckNVUkxLZlo=

The architecture of trusted computing platform proposed by TCG is relatively simple and can not meet the increasing development of information technology. the main work is to introduce TPM module into hardware, and the research on TSB software support and management support needed to establish a complete trusted computing environment is not enough, and there are many imperfections in management schemes and management standards. The management model of TCG starts from TPM hardware devices. Management is autonomous / non-mandatory, and it also depends on PKI, the infrastructure that supports trusted computing technology. So there are many cases that are equipped with TPM but not enabled, or only use TPM devices to realize the application of smart card devices, or only use TPM hardware, users do not install the corresponding trusted management / application software.

The management model of TCG can be summarized as taking the platform owner (platform owner) as the core and characterized by autonomy and decentralization. There is no manager role defined in the TCG specification, only the concept of platform owner, who has the privilege to implement TPM management operations. Taking PKI, an infrastructure that supports trusted computing, as the trusted side, TCG designs a series of processes and security protocols for the interaction between TPM and trusted CA. Based on this, CA that supports trusted computing can issue AIK certificates for trusted computing platforms, and the AIK certificates obtained through the interaction between TPM and CA can be used to achieve functions such as trusted reporting.

A centralized and Unified trusted Management Model for High Security level Information system

Generation of whitelist for trusted platform

The process of determining the trusted baseline is mainly the process of generating the whitelist of the trusted platform, which is a key step. Because of the advantages provided by centralized policy management, it can be generated by a special acquisition platform, which collects the expected values of executable files / hardware eigenvalues related to software and hardware that need to be installed on each trusted computing platform. After the policy is collected, it is imported into the security management system through the management interface, and the system administrator first reviews and approves the expected value based on the system configuration information. Then the expected value information is further reviewed and approved by the security administrator. Finally, a unified execution control whitelist strategy available to the trusted computing platform is formed and sent to each trusted host through the management interface.

Extraction logic:

(1) determining the trusted baseline requires a whitelist of trusted platforms.

(2) the acquisition platform collects the expected values of hardware and hardware under soft monitoring, and introduces the acquisition strategy into the security management system.

(3) the system administrator continues to work to review and approve these expected values and the actual system configuration information.

(4) the security administrator further reviews and approves the expected value information

(5) form a unified execution control whitelist policy, and then send these policies to each trusted host through the management interface.

After the trusted baseline is determined, all trusted hosts in the system can run under the unified control of the management system.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.