基于TCB子集的访问控制信息安全传递模型

综合考虑应用层向内核层传递访问控制信息的安全需求,提出了一种基于TCB子集的访问控制信息安全传递模型。应用层安全管理器与内核层安全管理器通过安全通路相联,安全通路为已加密状态,密钥存放在可信平台模块TPM(trusted platform model)中,访问控制信息进入安全通路前必须通过TPM的控制处理;安全通路解密后应用层安全通路接口把访问控制信息和校验标签传到内核层安全通路接口,随后应用层接口进行随机抽查,内核层接口返回验证证据并由应用层接口判断数据真实性和有效性。安全传递模型不仅可以有效地保证访问控制信息的安全性,还可以抵抗恶意欺骗和恶意攻击从而提高了访问控制的可靠性与有效性。

Security transfer model of access control information based on TCB subsets

A security transfer model of access control information based on TCB subsets was proposed by taking a comprehensive consideration of the security requirements for the application layer transferring the access control information to the kernel layer. One security manager in the application layer and the other security manager in the kernel layer are connected by security channel, which has been encrypted. The key is stored in the trusted platform module. The access control information must be managed by the trusted platform module before passing through the security channel. The application layer interface of the security channel transfers the access control information and the labels to the kernel layer interface of the security channel and then does random check, after the security channel has been encrypted. The kernel layer interface returns the proofs and the application layer interface judges the result. The security transfer model can not only ensure the security of the access control information, but also resist the spiteful cheat and the hostile attack, thus improving the reliability and valid of the access control.