Security Risk Assessment for Trusted Chain Optimizing Based on Grey Fixed Weight Clustering

摘要

Trusted computing has received further attention as an effective technique to safeguard information systems, and it has been widely applied in various fields. Trusted chain establishment, as an essential model of trusted computing technology that ensures the credibility of the computing platform, still brings poor system efficiency due to the complex environment of the platform. To optimize the procedure of trusted chain establishment for trusted computing platforms, our research improved traditional trusted chain establishment from static to dynamic with innovative security risk level assessment step during trusted chain establishment. First, we comprehensively analyzed threats and their source for platforms. Based on the main indicators of the platform, the fixed weight clustering evaluation method in the grey system theory was used to evaluate the security risk level for platforms. With the recorded data of software and hardware changes for the platform, we assessed the security risk level for this platform and demonstrated the clustering results and improved measurement strategy for the platform during trusted chain establishment. It is more systematic and more efficient than the traditional static trusted chain establishment method, which could find more files tampered during the measurement procedure.