Abstract: According to the current problems of terminal data protection, this paper puts forward a kind of terminal categorial data protection scheme based on trusted computing and DBLP. It gives some read or write rules based on DBLP, and security principles to the objects which are written in mobile mediums. It can avoid information leak by unimplemented process isolation. The security of objects in cryptograph set is provided by TSS interfaces based on TPM.

Key words: trusted computing, BLP model, terminal, security

摘要： 根据当前的终端数据保护面临的问题，提出一种基于可信计算和DBLP模型的终端数据分类保护方案。给出在DBLP模型下主体对客体的读、写规则，以及迁移到移动介质上的客体保密原则，避免因无法实现进程隔离而带来的信息泄露。密文集客体的安全由TPM支撑的TSS接口实现密封存储保护。

关键词: 可信计算, BLP模型, 终端, 安全

CLC Number: 

• TP316