计算机应用 ›› 2011, Vol. 31 ›› Issue (04): 970-974.DOI: 10.3724/SP.J.1087.2011.00970

• 信息安全 • 上一篇    下一篇

面向测量应用的软件保护模型

徐钦桂1,2,刘桂雄2,高富荣3   

  1. 1. 东莞理工学院 计算机学院, 广东 东莞523808
    2. 华南理工大学 机械与汽车工程学院, 广州 510640
    3. 广东省计量科学研究院,广州 510405
  • 收稿日期:2010-08-06 修回日期:2010-09-25 发布日期:2011-04-08 出版日期:2011-04-01
  • 通讯作者: 徐钦桂
  • 作者简介:徐钦桂(1967-),男,湖南长沙人,副教授,博士研究生,CCF会员,主要研究方向:计算机系统结构、信息安全、测量控制;
    刘桂雄(1968-),男,广东揭阳人,教授,博士生导师,主要研究方向:智能传感器、智能化检测;
    高富荣(1961-),男,广东广州人,高级工程师,主要研究方向:计量检测。
  • 基金资助:
    广东省科技攻关重点项目(2007A060304003);广东省科技计划项目(2008B021300002)

Software protection model for measurement applications

Qin-gui XU1,2,Gui-xiong LIU2,Fu-rong GAO3   

  1. 1. College of Computer, Dongguan University of Technology, Dongguan Guangdong 523808,China
    2. School of Mechanical and Automotive Engineering, South China University of Technology, Guangzhou Guangdong 510640, China
    3. Guangdong Institute of Metrology, Guangzhou Guangdong 510405, China
  • Received:2010-08-06 Revised:2010-09-25 Online:2011-04-08 Published:2011-04-01
  • Contact: Qin-gui XU

摘要: 贸易结算等测量应用要求计量软件及运行环境能有效防范包括管理员在内的各类用户的非授权篡改,但难以得到现有安全模型的有效支持。为此提出面向测量应用的软件保护模型MBSPM,基于角色—域—型访问控制策略分配数据访问权限,利用强制访问控制实施数据分级保护和法制相关软件隔离,依靠防篡改存储防止计量参数的非授权修改,基于可信平台模块(TPM)保护运行环境的完整性。基于虚拟称重系统的应用实例表明,MBSPM可支持计量应用所要求的软件保护特性,与不实施MBSPM的情况相比较,除系统启动时间增加大约50%之外,文件打开和应用启动等操作的速度下降均不超过20%。

关键词: 软件保护, 安全模型, 可信计算, 计量测控, 越权操作

Abstract: Measurement applications such as trade settlement require their metrological software and running environment protected against unauthorized modifications from attackers including management user, which is nevertheless not fully supported by the existing secure models. A measurement-oriented software protection model named MBSPM was proposed. Role-domain-type access control strategy was adopted to support authorization of data access permissions to software modules. Mandatory access control was employed to enforce multi-level data protection and separation of legal relevant software. Integrity of system software was validated by use of Trusted Platform Module (TPM). And unauthorized modification on metrology parameters was prevented with tamper-proof storage. The experimental results with a virtual weighing system show that MBSPM supports software protection features required by metrological applications. Compared with the situation without enforcing MBSPM, except for that the startup time increases by about 50%, execution speed of opening files and starting application drops by no more than 20%.

Key words: software protection, security model, trusted computing, metrology and measurement control, operation beyond authority

中图分类号: