计算机工程

• 安全技术 • 上一篇    下一篇

一种基于可信密码模块的用户行为度量方法

胡计鹏 1,谭励 1,杨明华 2,张亚明 1   

  1. (1.北京工商大学 计算机与信息工程学院,北京 100048;2.火箭军装备研究院 第四研究所,北京 100094)
  • 收稿日期:2016-06-12 出版日期:2017-05-15 发布日期:2017-05-15
  • 作者简介:胡计鹏(1988—),男,硕士研究生,主研方向为可信计算、网络安全;谭励,副教授、博士;杨明华,高级工程师;张亚明,硕士研究生。
  • 基金项目:
    国家“核高基”重大专项(2014ZX01040501-002);国家自然科学基金青年项目(61402022);北京市青年英才计划项目(YETP1448);北京市哲学社科规划项目(14JGB033)。

A User Behavior Measurement Method Based on Trusted Cryptography Module

HU Jipeng  1,TAN Li  1,YANG Minghua  2,ZHANG Yaming  1   

  1. (1.School of Computer and Information Engineering,Beijing Technology and Business University,Beijing 100048,China; 2.The 4th Research Institute,Rocket Force Equipment Academy,Beijing 100094,China)
  • Received:2016-06-12 Online:2017-05-15 Published:2017-05-15

摘要: 为满足特定应用领域的高等级安全需要,基于国产基础软硬件平台,提出一种用户行为度量方法。通过USBKey双因素认证机制与可信密码模块认证授权相结合,实现用户身份的安全授权。根据不同用户创建用户行为控制链,完成指定用户、指定进程、对指定系统资源进行操作的细粒度可信度量,从而实现根据用户行为对系统资源访问行为进行分层次、动态的访问控制。针对不同用户身份提供动态加、解密以保证高级别用户对系统资源操作的安全性。实验结果表明,该方法能够有效提高系统安全性。

关键词: 可信计算, 可信度量系统, 可信密码模块, 信息安全, 用户行为信任

Abstract: In order to meet the high level security requirement of specific application areas,based on domestic basic software and hardware platform,a user behavior measurement method is proposed.Through the combination of USBKey dual factor authentication mechanism and Trusted Cryptography Module(TCM) authentication and authorization,the security authorization of user identity is realized.User behavior control chain is created according to different user identity,and a trust measure of fine grain to specify the user and process and operate the specified system resource is done,so as to realize the hierarchical and dynamic access control of the system resource according to the user’s behavior.Dynamic encryption and decryption for different user identity is provided to ensure the security of high level users while operating system resources.Experimental results show that the method can effectively improve the security of the system.

Key words: trusted computing, trusted measurement system, Trusted Cryptography Module(TCM), information safety, user behavior trust

中图分类号: