Trust Baseline Concept and Management Architecture

doi:10.3969/j.issn.1671-1122.2016.09.029

Abstract

Abstract:

Based on the review of research history on security baseline and not only data but also system integrity protection ability provided by trusted computing platform, trust baseline concept was proposed to promote the traditional security baseline construction procedure and resolve actual problems of trust policy management in trusted computing platform deployment. Trust baseline concept is defined by the minimal guarantee of certain trust degree of information system. We emphasis the necessity of promotion of this concept with shortcoming of trust evaluation and analogy of security mechanism. On the basis of comparison of security baseline and trust baseline, the relationship of them is discussed and the function of trust baseline for providing system TCB assurance is presented. The trust baseline management structure was designed to contribute to trusted computing platform’s usage, arrangement and administration, combining trust and security mechanisms and policies and trust level evaluation.

Key words: trusted computing, trusted computing base, security baseline, trusted baseline, trust management

CLC Number:

TP309

Qiang HUANG, Zhiyin KONG, Le CHANG, Dehua ZHANG. Trust Baseline Concept and Management Architecture[J]. Netinfo Security, 2016, 16(9): 145-148.

Figures/Tables 2

References 19

[1]	刘彤. 构造复杂信息系统安全基线的研究[J]. 中国管理科学,2000(11):636-644.
[2]	National Security Agency. SSE-CMM Model Description Document Version2.0[EB/OL]. , 2000-9-10.
[3]	钱钢, 达庆利. 基于SSE-CMM模型的信息系统安全工程管理. 东南大学学报(自然科学版), 2002,32(1):32-36.
[4]	孙学宝. 安全基线检查系统研究[J]. 贵州电力技术,2014(2): 60-62.
[5]	刘兰,朱程荣. 政务终端安全基线管理系统的设计与实现[J]. 计算机与现代化,2013(2):173-176.
[6]	邱岚,宁建创,梁业裕,等. 自评估系统研究与应用[J]. 计算机安全,2012(5):22-27
[7]	桂永宏. 业务系统安全基线的研究及应用[J]. 计算机安全,2011(10):23-27.
[8]	严玉婷,戴明,成瑾,等. 基于基线理论的信息安全监管平台的设计[J]. 信息安全与通信保密,2012(8):90-92.
[9]	沈昌祥,张焕国,王怀民,等. 可信计算的研究与发展[J].中国科学:信息科学,2010(2):139-166.
[10]	ZHANG H G, HAN W B,LAI X J, et al.Survey on Cyberspace Security[J]. Science China Information Sciences, 2015, 58(11):1-43.
[11]	范冠男,董攀. 基于TrustZone的可信执行环境构建技术研究[J]. 信息网络安全,2016(3):21-27.
[12]	沈玲玲,盛荷花,钱钢. 可信安全体系实施的工程化途径[J].南京师范大学学报(工程技术版),2010,10(9):69-73.
[13]	赵章界,刘海峰. 美国联邦政府云计算安全策略分析[J]. 信息网络安全,2013(2):1-4.
[14]	Trusted Computing Group. Virtualized Trusted Platform Architecture Specification[EB/OL].,2016-1-15.
[15]	刘川意,王国峰,林杰,等. 可信的云计算运行环境构建和审计[J]. 计算机学报,2016,39(2): 339-350.
[16]	凌斯齐,谭成翔. 全基线上的企业服务迁移机制[J]. 计算机系统应用,2013,22(3):140-143.
[17]	王冠,袁华浩. 基于可信根服务器的虚拟TCM密钥管理功能研究[J]. 信息网络安全,2016(4):17-22.
[18]	Trusted Computing Group. TCG Specification Architecture Overview[EB/OL]., 2007-8-8.
[19]	BROHI S N,BAMIAH M A,BROHI M N,et al.Identifying and Analyzing Security Threats to Virtualized Cloud Computing Infrastructures[C]//IEEE.Cloud Computing Technologies, Applications and Management (ICCCTAM), 2012 International Conference,December 8-10,2012, Dubai, United Arab Emirates.NJ:IEEE,2012:151-155.