A kind of hierarchical and distributed multi-agent proactive security defense framework based on trusted computing is proposed by combining information security with an analysis of business and algorithm.First,the characteristics of network attack and the causes of security threats are analyzed.Then the structure of the security defense framework is given,including the transport layer,access authority layer,platform authentication layer and advanced trusted behavior analysis layer.Some key techniques and strategies are studied,such as the check of user access authority,digital association,behavior analysis of network and business.The trusted system provides control for the suppression of network attacks and other suspicious events.A preliminary security design is implemented for a kind of wide-area backup protection system.The tests on the processing time for encryption algorithms are performed.%将信息安全与系统自身业务及算法相结合,运用可信计算理论,提出了分层分布多Agent主动型通信安全防御框架。首先分析了网络攻击的特点和安全威胁的原因,给出了该防御框架的结构,研究其关键技术和策略,包括加密、签名、用户身份认证、访问权限与角色检查、平台认证、网络可信连接、可疑网络行为检查、加强型数字关联、与业务相关的容错处理和恶意行为分析等不同层次的可信模块。针对一种广域后备保护系统,给出了初步的安全设计,对变电站中多种加密算法的运行性能进行了测试。
展开▼
