A New Model for Measuring the Integrity of Trusted Computing Platforms

doi:10.3969/j.issn.1671-1122.2016.06.002

Abstract

Abstract:

The existing chain-style, star-style, and tree-style trust transmission models, which are used for presenting the establishment process of trusted computing platform, can record the measurement results of the entities in the platform. Nevertheless, these models not only have some shortcomings in describing the invoking and dependence relationships between the entities, but also don’t focus on the time limitation of the integrity measurement, which might make the models be suffered from the threats such as TOC-TOU. To overcome these weakness, a new model for describing establishment process of trusted computing platform and integrity measurement is proposed, namely Measured Zone. This model can describe the integrity statuses comprehensively; describe the state transition and trust transmission flexibly; and reduce the time limitation of integrity measurement, which makes the beforehand measurement more secure.

Key words: trusted computing, trust transmission, integrity measurement, measured zone

CLC Number:

TP309

Bin XING, Jiqiang LIU, Zhen HAN. A New Model for Measuring the Integrity of Trusted Computing Platforms[J]. Netinfo Security, 2016, 16(6): 8-14.

Figures/Tables 3

References 10

[1]	Trusted Computing Group.TPM Main Specification Version 1.2, Part 1 Design Principles[EB/OL]. . 2007.
[2]	Trusted Computing Group. TCG Specification Architecture Overview Revision 1.4[EB/OL]. . 2007.
[3]	赵波, 张焕国, 李晶. 可信PDA计算平台系统结构与安全机制[J]. 计算机学报, 2010, 33(1): 82-92.
[4]	LI C, LI R, ZHUANG L, ZHANG X.Formal Analysis of Trust Chain[C]//IEEE. International Conference on Networks Security Wireless Communications and Trusted Computing, April 24-25, 2010, Huazhong University of Science and Technology, Wuhan. Los Alamitos, CA: IEEE Computer Society, 2000: 111-116.
[5]	BISHOP M, DILGER M.Checking for Race Conditions in File Accesses[J]. Computing Systems, 1996, 2(2):131-152.
[6]	DAVI L, SADEGHI A-R, WINANDY M.Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-Oriented Programming Attacks[C]//ACM. Workshop on Scalable Trusted Computing, November 9-13, 2009, Hyatt Regency Chicago,Chicago, IL. New York, NY: ACM, 2009: 49-54.
[7]	古亮, 郭耀, 王华, 等. 基于TPM的运行时软件可信证据收集机制[J]. 软件学报, 2010, 21(2): 373-387.
[8]	RUSSINOVICH M, SOLOMON D A, IONESCU A. Windows Internals, Sixth Edition, Part 2[M]. Redmond, Washington: Microsoft Press, 2012.
[9]	邢彬, 韩臻, 常晓林,等. 基于虚拟机监控技术的可信虚拟域[J]. 信息安全学报, 2016, 1(1): 75-94.
[10]	SAILER R, ZHANG X, JAEGER T, VAN DOORN L.Design and Implementation of a TCG-based Integrity Measurement Architecture[C]//USENIX.Security Symposium, August 9-13, 2004, Town & Country Resort and Convention Center, San Diego, CA. Berkeley, CA: USENIX Association Berkeley, 2004: 223-238.

[1]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[2]	Xiao WANG, Jun ZHAO, Jianbiao ZHANG. Research on Dynamic Monitoring Mechanism for Virtual Machine Based on Trusted Software Base [J]. Netinfo Security, 2020, 20(2): 7-13.
[3]	Hongsheng WU. Intelligent Government System Based on Trusted Computing and UEBA [J]. Netinfo Security, 2020, 20(1): 89-93.
[4]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[5]	Wenli SHANG, Xiule ZHANG, Xianda LIU, Long YIN. Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network [J]. Netinfo Security, 2019, 19(4): 1-10.
[6]	Jin WANG, Xiao YU, Chang LIU, Bo ZHAO. A Remote Attestation Scheme for Intelligent Mobile Terminal Based on SDKey in Smart Grid Environment [J]. Netinfo Security, 2018, 18(7): 1-6.
[7]	Jianbiao ZHANG, Shisong YANG, Shanshan TU, Xiao WANG. Research on vTPCM Trust Management Technology for Cloud Computing Environment [J]. Netinfo Security, 2018, 18(4): 9-14.
[8]	Yong YU, Changgeng CHEN, Qiang LIU, Jiaxi LIU. Trust Chain Model and Trust Relation Analysis of Component-based Software System [J]. Netinfo Security, 2018, 18(3): 8-13.
[9]	Jianbiao ZHANG, Zixiao ZHAO, Jun HU, Xiao WANG. The Design Framework of Reconfi gurable Virtual Root of Trust in Cloud Environment [J]. Netinfo Security, 2018, 18(1): 1-8.
[10]	Bo FAN, Runkai YANG, Lin LI. Research on Establish SSH-based Trusted Channels [J]. Netinfo Security, 2018, 18(1): 45-51.
[11]	ZHANG Jiawei, ZHANG Dongmei, HUANG Siqi. Design and Implementation of Anti APT Attack Trusted Software Base [J]. 信息网络安全, 2017, 17(6): 49-55.
[12]	Qiang HUANG, Gaojian WANG, Wenzhi MI, Lunwei WANG. Centralized and Unified Trusted Computing Platform Management Model and Its Application [J]. Netinfo Security, 2017, 17(4): 9-14.
[13]	HUANG Qiang, KONG Zhiyin, CHANG Le, ZHANG Dehua. Trust Baseline Concept and Management Architecture [J]. 信息网络安全, 2016, 16(9): 145-148.
[14]	HUANG Qiang, CHANG Le, ZHANG Dehua, WANG Lunwei. Research on Trusted Security Host Architecture Based on Trusted Computing Base [J]. 信息网络安全, 2016, 16(7): 78-84.
[15]	Yaqi ZHANG, Yongzhong HE, Aimin YU. A SSH Protocol Based on the Trusted Attestation of a Third Party Platform [J]. Netinfo Security, 2016, 16(12): 34-45.