一种面向网络信息系统的TCP应用架构设计

摘要/Abstract

摘要： 针对可信计算平台在网络信息系统中的应用需求,提出了一种面向网络信息系统的TCP应用架构TCPAA。将该架构主要分为访问认证子系统和信息交互子系统两部分来进行设计。在访问认证子系统中,为了增强可信计算应用的灵活性,提出一种基于证明代理的可信验证机制PATAM,并对改进的访问认证模式进行了协议设计和流程说明。在信息交互子系统中,设计了内外网之间数据的可信传输流程,并提出了一种改进的金字塔可信评估模型PTAM。最后通过测试实验验证了该架构的良好性能。研究结果表明,该方案对于网络信息系统环境内可信计算平台的应用开发具有良好的通用性。

关键词: 网络信息系统,可信计算平台,应用架构,可信验证机制,访问认证模式,金字塔可信评估模型

Abstract: According to the application requirements of trusted computing platform in the network-oriented information system,a TCP application architecture TCPAA was proposed for the network-oriented information system.The architecture was designed by dividing it into the access authentication subsystem and the information exchange subsystem two parts.In order to enhance the flexibility of trusted computing applications in the access authentication subsystem,a trust authentication mechanism PATAM based on proof agent was proposed in this paper,and an improved access authentication mode was proposed with a detailed description of its authentication protocol and application process.Beyond that,the trusted information transmission processes inside and outside were designed in the information exchange subsystem,and an improved pyramid trusted assessment model PTAM was proposed.Finally,the test experiments verify the good performance of the architecture.The results show that the application architecture has better support ability for the application development of trusted computing platform in the network-oriented information system environment.

Key words: Network-oriented information system,Trusted computing platform,Application architecture,Trust authentication mechanism,Access authentication mode,Pyramid trusted assessment model

金雷,徐开勇,李剑飞,成茂才. 一种面向网络信息系统的TCP应用架构设计[J]. 计算机科学, 2015, 42(10): 154-158. https://doi.org/

JIN Lei, XU Kai-yong, LI Jian-fei and CHENG Mao-cai. Design of TCP Application Architecture for Network-oriented Information System[J]. Computer Science, 2015, 42(10): 154-158. https://doi.org/

参考文献

[1] 冯登国,秦宇,汪丹,等.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349 Feng D G,Qin Y,Wang D,et al.Research on Trusted Computing Technology[J].Journal of Computer Research and Develo-pment,2011,48(8):1332-1349
[2] McDysan D,Lee T H,Yao Lei.Network Access System Including a Programmable Access Device Having Distributed Service Control 7499458B2[P].2009-03-03
[3] Frias-Martines V,Sherrick J,Stolfo S J.A Network Access Control Mechanism Based on Behavior Profiles[C]∥Annual Computer Security Application Conference(ACSAC’09).Honolulu,2009:03-12
[4] 梅芳,刘衍珩,王健,等.基于可信网络的修复建模与实现[J].计算机研究与发展,2009,46(zl):328-331 Mei F,Liu Y Y,Wang J,et al.Modeling and Realizing of Remediation Based on Trusted Network[J].Journal of Computer Research and Development,2009,46(zl):328-331
[5] 张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010,33(4):706-717 Zhang H Q,Chen L,Zhang L Q.Research on Trusted Network Connection[J].Chinese Journal of Computers,2010,33(4):706-717
[6] 沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166 Shen C X,Zhang H G,Wang H M,et al.Research and Development of Trusted Computing[J].Science China Information Scie-nces,2010,40(2):139-166
[7] 孙守胜.基于国产可信计算平台的可信终端的应用研究[D].北京:北京交通大学,2011 Sun S S.Research on Application of Secrecy-involved Terminal Based on Trusted Computing Platform[D].Beijing:Beijing Jiaotong University,2011
[8] 王浩,陈泽茂,李铮,等.基于可信网络连接的多级涉密网安全接入方案[J].计算机科学,2012,39(12):65-69 Wang H,Chen Z M,Li Z,et al.Secure Access Scheme Based on TNC for Multi-level Classified Network[J].Computer Science,2012,39(12):65-69
[9] 王宇,王飞.涉密信息系统网络安全需求分析与解决方案[J].装备学院学报,2013,24(4):105-109 Wang Y,Wang F.Trusted Security Demand Analysis and Solution of the Secret Information System Network[J].Journal of Academy of Equipment,2013,24(4):105-109
[10] 谷德丽.可信网络接入远程证明方案的研究[D].哈尔滨:哈尔滨工程大学,2013 Gu D L.Research on Trusted Network Access and Remote Attestation and Scheme[D].Harbin:Harbin Engineering University,2013
[11] 刘迎春,郑小林,陈德人.信任网络中基于角色信誉的信任预测[J].北京邮电大学学报,2013,36(1):72-76 Liu Y C,Zheng X L,Chen D R.Trust Predication Based on The Credibility of The Role in Trust Network[J].Journal of Beijing University of Posts and Telecommunications,2013,36(1):72-76
[12] 刘一博,殷肖川,高培勇,等.基于可信计算的网络互联模型[J].计算机应用,2014,34(7):1936-1940 Liu Y B,Yin X C,Gao P Y,et al.Network Interconnection mo-del Based on Trusted Computing[J].Journal of Computer Applications,2014,34(7):1936-1940
[13] 戴桦.基于可信计算技术的信任评估机制研究[D].南京:南京邮电大学,2011 Dai H.Research on Trust Evaluation Mechanism Based on Trusted Computing Technology[D].Nanjing:Nanjing University of Posts and Telecommunications,2011

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed