计算机工程 ›› 2008, Vol. 34 ›› Issue (4): 1-3.doi: 10.3969/j.issn.1000-3428.2008.04.001

• 博士论文 •    下一篇

基于可信计算的终端数据分类保护

王 飞1,吕辉军2,沈昌祥 3   

  1. (1. 解放军信息工程大学电子技术学院,郑州 450004;2. 国防科技大学计算机学院,长沙 410073;3. 海军计算技术研究所,北京 100036)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-02-20 发布日期:2008-02-20

Terminal Categorial Data Protection Based on Trusted Computing

WANG Fei1, LV Hui-jun2, SHEN Chang-xiang 3   

  1. (1. School of Electronic Technology, PLA Information Engineering University, Zhengzhou 450004; 2. School of Computer, National University of Defence Technology, Changsha 410073; 3. Naval Institute of Computing Technology, Beijing 100036)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-02-20 Published:2008-02-20

摘要: 根据当前的终端数据保护面临的问题,提出一种基于可信计算和DBLP模型的终端数据分类保护方案。给出在DBLP模型下主体对客体的读、写规则,以及迁移到移动介质上的客体保密原则,避免因无法实现进程隔离而带来的信息泄露。密文集客体的安全由TPM支撑的TSS接口实现密封存储保护。

关键词: 可信计算, BLP模型, 终端, 安全

Abstract: According to the current problems of terminal data protection, this paper puts forward a kind of terminal categorial data protection scheme based on trusted computing and DBLP. It gives some read or write rules based on DBLP, and security principles to the objects which are written in mobile mediums. It can avoid information leak by unimplemented process isolation. The security of objects in cryptograph set is provided by TSS interfaces based on TPM.

Key words: trusted computing, BLP model, terminal, security

中图分类号: