摘要： 提出一种终端数据可信迁移方案以解决数据无防护地流入/流出终端所带来的安全问题。根据“全程BLP规则”对待流入/流出的数据进行安全检查，只允许符合安全策略的数据迁移，由TPM负责将其加密/解密。介绍实现框架并分析其安全性。该方案可以保证迁移数据的机密性和可控性。

关键词: 可信计算, 可信平台模块, 终端数据, 可信迁移

Abstract: This paper presents a method of terminal data trusted transfer to solve the security problems, which are caused by data flowing in or out of terminals. According to “overall BLP model”, the data to flow in or out of terminals are checked, and only those matching the security policies can be transferred, which are encrypted or decrypted by TPM at the same time. It gives an implementation framework of the method, and analyzes its security. The method can insure that transferred data is confidential and controllable.

Key words: trusted computing, Trusted Platform Module(TPM), terminal data, trusted transfer

中图分类号: 

• TP316