B7_B111_Tong - Volume 2 Number 1 June 2011 Journal of Convergence Trusted Computing Dynamic Attestation Using a Static Analysis based Behaviour Model

B7_B111_Tong - Volume 2 Number 1 June 2011 Journal of...

This preview shows page 1 - 2 out of 8 pages.

Volume 2, Number 1, June 2011 Journal of Convergence Copyright 2011 Future Technology Research Association International 61 Trusted Computing Dynamic Attestation Using a Static Analysis based Behaviour Model Tong Li [1] ,Fajiang Yu [1] [2] , Yang Lin* [1] , Xueyuan Kong [1] , Yue Yu [1] [1] School of Computer Science, Wuhan University, Wuhan, Hubei, P.R.C. 430072 [2] Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education in China e-mail: [email protected]/[email protected] Abstract —Current technology in trusted computing cannot comply with the requirement of trusted behaviour. One method for trusted computing dynamic attestation is proposed in this paper. This method uses a behaviour model based on the static analysis of binary code. One same source code may have several different binary versions, therefore one method is proposed for building almost the same core function model for different binary versions. This research also overcame the difficulty where some dynamic behaviours could not be obtained by static analysis. The paper also provides solutions for dynamic attestation of some complex programs, such as recursion, library link and multi threads programs. Keywords- trusted computing; dynamic attestation; behaviour model; static analysis I. Introduction Trusted computing is an information system security solution for basic computing security problems [1] [2]. The technology which trusted computing platforms currently adopts guarantees the integrity of its feature code. Its configuration data is the same as expected, before the components of the computing platform take control of the main CPU, which is called trusted computing static attestation, but which does not comply with the requirements that the behaviours are trusted [3]. We need to verify the dynamic behaviour of components as well, which is termed trusted computing dynamic attestation. The related research mainly includes MCC (Model Carrying Code), PCC (Proof Carrying Code), semantic remote attestation, etc. MCC [4] [5] was proposed by Sekar et al., its key idea is: The code producer generates behaviour information about the program security (model), a consumer receives both the model and the program from the producer. The consumer checks whether the model satisfies the consumer’s security policy by formal reasoning. References [6] and [7] have carried out some implementations of MCC on a JVM (Java Virtual Machine). The MCC developer should know the program’s source code, but this assumption is not always true, and many applications on trusted computing platform do not open their source code. PCC [8] was proposed by Necula et al., its key idea is: The producer carries out analysis on the code and generates formal safety proofs, which are based on the consumer’s policy. In addition, the proofs are bound to the source code, which usually is implemented by the compiler. The consumer uses type-based logic to automatically check the program, which is based on the same policy and refers to the safety proofs. The
Image of page 1
Image of page 2

You've reached the end of your free preview.

Want to read all 8 pages?

  • Spring '08
  • SuryanaS
  • Computer Science, Computer program, Trusted computing, behaviour model, Journal of Convergence, Future Technology Research Association International

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes