AN ENHANCED SCHEME OF ENFORCING DTE SECURITY POLICY BASED ON TRUSTED COMPUTING TECHNOLOGY
As a classical security policy, DTE (Domain and Type Enforcement) is usually used to protect the integrity of information and implemented in many famous security operating systems. But there arc three main questions for most systems that have implemented DTE security policy as follows: 1) security policy enforcing module is easy to be tampered and bypass before loaded; 2) The content of security policy file is easily to be disclosed and modified; 3) The system is prone to suffer from changed-name attack. Trusted computing provides novel ideas and methods to solve the question of information security. The paper presents an enhanced scheme of enforcing DTE security policy based on trusted computing technology, it is scalable and can deal with the questions mentioned above well. It analyses the whole design of scheme in details and implements a prototype system to demonstrate the feasibility. Experiment results show that it has accepted performance overhead.
DTE Trusted computing Security operating system Security module
WEI-PENG LIU XIAO-DONG ZUO QIANG HUANG
The State Key Laboratory of Information Security of Graduate School of Chinese Academy of Science, B China Information Security Certification Center, Beijing, 100020, China Naval Institute of Computing Technology, Beijing, 100841, China
国际会议
2008 International Conference on Machine Learning and Cybernetics(2008机器学习与控制论国际会议)
昆明
英文
3657-3662
2008-07-12(万方平台首次上网日期,不代表论文的发表时间)