JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2016, Vol. 51 ›› Issue (7): 98-106.doi: 10.6040/j.issn.1671-9352.0.2015.571

Previous Articles     Next Articles

Security transfer model of access control information based on TCB subsets

TANG Qian1, YANG Fei1, HUANG Qi2, LIN Guo-yuan1,3   

  1. 1. School of Computer Science and Technology, China University of Mining and Technology, Xuzhou 221116, Jiangsu, China;
    2. Beijing China-Power Information Technology Co., Ltd., Beijing 100192, China;
    3. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093, Jiangsu, China
  • Received:2015-11-27 Online:2016-07-20 Published:2016-07-27

Abstract: A security transfer model of access control information based on TCB subsets was proposed by taking a comprehensive consideration of the security requirements for the application layer transferring the access control information to the kernel layer. One security manager in the application layer and the other security manager in the kernel layer are connected by security channel, which has been encrypted. The key is stored in the trusted platform module. The access control information must be managed by the trusted platform module before passing through the security channel. The application layer interface of the security channel transfers the access control information and the labels to the kernel layer interface of the security channel and then does random check, after the security channel has been encrypted. The kernel layer interface returns the proofs and the application layer interface judges the result. The security transfer model can not only ensure the security of the access control information, but also resist the spiteful cheat and the hostile attack, thus improving the reliability and valid of the access control.

Key words: security channel, security, TCB subset, access control information, valid

CLC Number: 

  • TP309
[1] MOHAN C.Survey of recent operating systems research,designs and implementations[J].ACM SIGOPS Operating Systems Review, 1978, 12(1):53-89.
[2] KRISTAL T P, SCOTT A B. Efficient access control for distributed hierarchical file systems[C] //Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies.Washington: IEEE Computer Society, 2005:253-260.
[3] LOSCOCCO P, SMALLEY S. Integrating flexible support for security policies into the Linux operating system[C] //Proceedings of USENIX Annual Technical Conference.New York: ACM, 2001:29-42.
[4] 蔡谊.支持可信操作平台的安全操作系统研究[D].武汉:海军工程大学,2005. CAI Yi.Research on secure operating system supporting trusted operating platform[D].Wuhan: Naval University of Engineering, PLA, 2005.
[5] 郑志蓉,沈昌祥.支持应用类安全的操作系统安全结构框架设计[J].计算机工程与应用,2002,38(22):45-47. ZHENG Zhirong, SHEN Changxiang.The design of operating system security framework supporting application class security[J].Computer Engineering and Applications, 2002, 38(22):45-47.
[6] 李勇,王飞,胡俊,等.TCB可信扩展模型研究[J].计算机工程与应用,2010,46(13):1-3,50. LI Yong, WANG Fei, HU Jun, et al. Research of trusted expand model of TCB[J].Computer Engineering and Applications, 2010, 46(13):1-3,50.
[7] 沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学, 2010,40(2):139-166. SHEN Changxiang, ZHANG Huanguo, WANG Huaimin, et al.Research and development of trusted computing[J]. Science China: Information Science, 2010, 40(2):139-166.
[8] Trusted Computing Group. TPM main specification version 1.2 revision 116 parts 1-3.[2015-04-10]. http://www.trustedcomputinggroup.org.Accessed 14 Sept 2013.
[9] 陈旭东,曹斌,闾凡兵,等.基于X.509标准的证书交换接口的安全性研究[J].贵州大学学报(自然科学版),2013,30(1):84-87. CHEN Xundong, CAO Bin, LÜ Fanbing, et al. Certificates exchange interface security based on the X. 509 standard[J]. Journal of Guizhou University(Natural Science Edition), 2013, 30(1):84-87.
[10] SYVERSON P F, VANOORSCHO P C. An unified cryptographic protocol logic[R].Washington:Naval Research Lab, 1996.
[11] BURROWS M, ABADI M, NEEDHAM R. A logic of authentication[J]. ACM Transactions on Computer Systems, 1990, 8(1):18-36
[12] CHANG E-C, JIA X. Remote integrity check with dishonest storage server[C] //Proceedings of the 13th European Symposium on Research in ComputerSecurity. Berlin: Springer-Verlag, 2008: 223-237.
[13] 曹夕,许力,陈兰香.云存储系统中数据完整性验证协议[J].计算机应用,2012,01:8-12. CAO Xi, XU Li, CHEN Lanxiang. Data integrity verification protocol in cloud storage system[J].Journal of Computer Applications, 2012, 01:8-12.
[14] 冯登国.安全协议—理论与实践[M].北京:清华大学出版社,2011. FENG Dengguo. Security protocols-theory and practice[M].Beijing: Tsinghua University Press, 2011.
[15] EASTLAKE D, JONES P. RFC 3174: US secure hash algorithm1(SHA1)[EB/OL].[2015-04-06]. http://www.faqs.org/rfcs/rfc3174.html.
[1] CUI Zhao-yang, SUN Jia-qi, XU Song-yan, JIANG Xin. A secure clustering algorithm of Ad Hoc network for colony UAVs [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 51-59.
[2] LIU Li-zhao, YU Jia-ping, LIU Jian, LI Jun-yi, HAN Shao-bing, XU Hua-rong, LIN Huai-chuan, ZHU Shun-zhi. Secure storage addressing algorithm for large data based on quantum radiation field [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 65-74.
[3] RUAN Shu-hua, WENG Jun-hao, MAO Hui, CHEN Xue-lian. Metric model for cloud computing security risk assessment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 71-76.
[4] MENG Bo, LU Jin-tian, WANG De-jun, HE Xu-dong. Survey of security analysis of security protocol implementations [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 1-18.
[5] TAN Ren, YIN Xiao-chuan, JIAO Xian-long, LIAN Zhe, CHEN Yu-xin. Software defined APT attack moving target defense network architecture [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 38-45.
[6] ZHU Dan, XIE Xiao-yao, XU Yang, XIA Meng-ting. Evaluation method for network security level based on cloud model and Bayesian feedback [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 53-62.
[7] LI Yang, CHENG Xiong, TONG Yan, CHEN Wei, QIN Tao, ZHANG Jian, XU Ming-di. Method for threaten users mining based on traffic statistic characteristics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 83-88.
[8] LIANG Xiao-lin, GUO Min, LI Jing. Parametric estimations for renewal-geometric process [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(8): 53-57.
[9] DING Yi-tao, YANG Hai-bin, YANG Xiao-yuan, ZHOU Tan-ping. A reversible image data hiding scheme in Homomorphic encrypted domain [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(7): 104-110.
[10] YANG Shu-mian, WANG Lian-hai, ZHANG Shu-hui, XU Shu-jiang, LIU Guang-qi. A real-time monitoring and forensics method under the IaaS model [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 84-91.
[11] WU Di, WANG Li-na, YU Rong-wei, ZHANG Xin, XU Lai. Multidimensional data visualization in cloud platform security monitoring [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 56-63.
[12] KANG Hai-yan, MA Yue-lei. Survey on application of data mining via differential privacy [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 16-23.
[13] SU Bin-ting, XU Li, FANG He, WANG Feng. Fast authentication mechanism based on Diffie-Hellman for wireless mesh networks [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 101-105.
[14] ZHU Zhi-qiang, MA Ke-xin, SUN Lei. A zero-knowledge proof based remote desktop authentication protocol [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 47-52.
[15] WU Huan, ZHAN Jing, ZHAO Yong, TAO Zheng, YANG Jing. An efficient multilevel interconnection network security mechanism based on virtualization [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(3): 98-103.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!