基于可信计算的CSCW系统访问控制

针对现有的CSCW系统不能有效地保障终端平台的可信性以及安全策略和上层应用实施的完整性等问题,提出了基于可信计算技术的CSCW访问控制架构和协作站点间的基于角色的委托授权策略,分别描述了安全策略与共享对象密钥的分发协议、角色委托协议及策略完整性实施协议等.应用实例表明:该框架基于完整的协作实体-平台-应用信任链的构建,提供了可信的协作实体身份与访问控制平台,依赖平台远程证明和策略分发实现了在本地站点上的完整性实施;同时角色委托提高了协同工作能力,也减轻了服务器端集中式策略执行的负担.

CSCW system access control based on trusted computing

The trustworthiness of terminal platforms was not ensured effectively and the integrity of security policies and upper application was not implemented in existing CSCW systems. Therefore, trusted computing-based access control architecture for CSCW and roles-based delegation policy between collaboration workstations were presented. The security policies and sharing object key dissemination protocol, role delegation one and policy integrity enforcement one were respectively described. An example shows that owing to constructing a general entity platform-application trust chain, the trusted cooperative entity identity and the access control platform were provided in the architecture, and the integrity of policies was implemented on the platform in a local workstation through platform remote attestation and policy distribution. Moreover, the capability of cooperative work was improved and the burden of the centralized policies that was executed on server side is lessened.