关键词: 可信计算, 使用控制, 决策持续性, 远程证明

Abstract: Usage control (UCON) model enhances traditional access control models by continuous protection of object access. The researches on usage control enforcement mechanism leverage trusted computing techniques to ensure that the enforcement of policy is trusted. But these researches have problems that they lack the support of decision continuity. This paper proposes a novel architecture of trusted usage control system, which supports decision continuity by monitoring system changes continuously and controlling object resources during usage period. This paper also proposes a behavior attestation method to measure the dynamic behavior of usage control system on purpose of ensuring the trustworthy of policy enforcement by leveraging TCM (trusted cryptography module). Finally, this paper builds a system in operation system kernel to control the usage of files. The evaluation shows that the proposed model is feasible to support continuity of access decision evaluation and detect violation.

Key words: trusted computing, usage control, decision continuity, remote attestation