基于嵌入式可信平台的运行时监控方法

doi:10.11959/j.issn.2096-109x.2017.00209

Abstract

Abstract:

The state-of-art trusted computing platforms fall short of monitoring its own runtime security properties.In order to mitigate these problems,an approach on runtime monitoring for the embedded trusted platforms was proposed.With the automated code instrumentation and the runtime monitoring,that the runtime security functionalities were consistent with the design specifications of trusted computing platforms could be made sure.The system performance and states meet specific constraints could also be ensured.The runtime exceptions on the specific properties were handled in real-time.The experimental results show that with the increase on the number of monitoring nodes,the precision and real-time performance of proposed runtime monitoring increase.Meanwhile,the costs on the monitoring and the exception handling are moderate.

Key words: trusted computing, runtime verification, embedded system, linear temporal logic

CLC Number:

TP393

Zhao-chang SUN,Jian-feng MA,Cong SUN,Di LU. Approach on runtime monitoring based on the embedded trusted platforms[J]. Chinese Journal of Network and Information Security, 2017, 3(10): 44-51.

Figures/Tables 9

References 10

[1]	Trusted computing group.TCG specification architecture overview[EB/OL]. .
[2]	WANG X , MIZUNO M , NEILSEN M ,et al. Secure RTOS architecture for building automation[C]// ACM Workshop on Cyber-Physical Systems-Security and/or Privacy. 2015: 79-90.
[3]	YU Z , WANG Q , ZHANG W ,et al. A cloud certificate authority architecture for virtual machines with trusted platform module[C]// IEEE International Conference on High Performance Computing and Communications. 2015: 1377-1380.
[4]	TIAN J , BUTLER K , MCDANIEL P ,et al. Securing ARP from the ground up[C]// The 5th ACM Conference on Data and Application Security and Privacy. 2015: 305-312.
[5]	SHAO J，QIN Y , FENG D ,et al. Formal analysis of enhanced authorization in the TPM 2.0[C]// The 10th ACM Symposium on Information,Computer and Communications Security. 2015: 273-284.
[6]	WANG W , QIN Y , FENG D . Automated proof for authorization protocols of TPM 2.0 in computational model information security practice and experience[M]. Berlin:Springer. 2014 144-158.
[7]	DELAUNE S , KREMER S , RYAN M D ,et al. A formal analysis of authentication in the TPM[C]// The International Conference on Formal Aspects of Security and Trust. 2010: 111-125.
[8]	BAIER C , KATOEN J . Principles of model checking[M]. London: The MIT PressPress, 2008: 595-663.
[9]	NAVABPOUR S , JOSHI Y , WU W ,et al. RiTHM:a tool for enabling time-triggered runtime verification for C programs[C]// Joint Meeting on Foundations of Software Engineering. 2013: 603-606.
[10]	BIEMAN J M , DREILINGER D , LIN L . Using fault injection to increase software test coverage[C]// The Seventh International Symposium on Software Reliability Engineering,IEEE Computer Society. 1996:166.

Metrics

Recommended 0

No Suggested Reading articles found!

分类	描述	属性公式的模式	属性层次
	密钥合法性	?key:□((result_length == specify_length)∧ (use_duration < specify_duration))	TDDL
功能	度量权限	□((read_measure → level_NORMAL)∧ (write_measure → level_HIGH))	TSP
	认证顺序	□(remote_verify∪self_verify_FINISHED)	TSP
	队列长度	□((queue_length ≤ max_length)∧(queue_length ≥ 0))	TCS
性能	优先级设置	□(∧i∈[1,queue_length](priority_cmd_get ≥ priority_cmd_i))	TCS
	响应时间	□(call_time ≤ specify_max_time)	TDDL
系统状态	线程状态	□(∨i∈[1,state_num](task_state == specify_state_i))	TCS
合法输入	输入参数	□((param_amount == specify_amount) ∧(∧i∈[1,specify_amount](param_type_i== specify_type_i)) ∧(∧i∈[1,specify_amount](param_length_i== specify_length_i)))	TSP

属性层次	安全等级	异常处理机制
TCS	0	挂起系统服务
TDDL	1	重新调用当前接口
TSP	2	终止当前接口调用

工具	监控代码生成	嵌入式系统环境	异常处理代码生成	多配置文件的输入	多属性监控
RiTHM^[9]	支持	不支持	不支持	不支持	不支持
RiTHM extended	支持	支持	支持	支持	支持

[1]	Bo ZHAO, Anqi YUAN, Yang AN. Application progress of SGX in trusted computing area [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 126-142.
[2]	Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI. Research on the trusted environment of container cloud based on the TPCM [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 164-174.
[3]	Guojie LIU,Jianbiao ZHANG. TPCM-based trusted PXE boot method for servers [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 105-111.
[4]	Bo ZHAO, Xiang LI, Fei YAN, Liqiang ZHANG, Huanguo ZHANG. Trusted platform for third-party cloud computing online evaluation and analysis technology [J]. Chinese Journal of Network and Information Security, 2019, 5(5): 90-104.
[5]	Jiyang LI,Pengyuan ZHAO,Zhe LIU. Trusted access scheme for intranet mobile terminal based on encrypted SD card [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 108-118.
[6]	Xiao YU,Li TIAN,Zhe LIU,Jie WANG. Research on key management and authentication protocol of PDA in smart grid [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 68-75.
[7]	Jianbiao ZHANG,Yuanxi ZHU,Jun HU,Xiao WANG. Scheme of virtual machine trusted migration in cloud environment [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 6-14.
[8]	Jun XU. Trusted computing mobile terminal application research based on biometric trusted access protocol [J]. Chinese Journal of Network and Information Security, 2017, 3(2): 66-76.
[9]	Kai WANG,Zhi-hua LI,Fan, HUANG,Fei1 YAN. HyperSpector:VMM dynamic trusted monitor based on UEFI [J]. Chinese Journal of Network and Information Security, 2016, 2(12): 47-55.
[10]	Yu-tao LIU,Hai-bo CHEN. Virtualization security:the good,the bad and the ugly [J]. Chinese Journal of Network and Information Security, 2016, 2(10): 17-28.
[11]	Wei-qi DAI,De-qing ZOU,Hai JIN,Yan XIA. Research on consistency protection mechanism for secure states of virtual domain in cloud environment [J]. Chinese Journal of Network and Information Security, 2016, 2(10): 48-57.

Approach on runtime monitoring based on the embedded trusted platforms

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 10

Related Articles 11

Metrics

Recommended 0