Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

谭良,徐志伟

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.10.003

2008-01-01

Computer Science

Abstract:The issue of the transitive trusted chain is the foundation for trusted computing.This paper surveys the technologies and the theories of the transitive trusted chain,including the technology projects of the transitive trusted chain,the technologies of the trust for measurement,the theories of the transitive trusted chain and the trust for measurement.Some fields are worthy to be explored are pointed out including some key technologies,such as the static trust for measurement and the dynamic trust for measurement,and some foundation theories,such as the level model of the trusted chain,the trust loss model and the theory of the dynamic trust for measurement for software,and so on.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Wen Li,Lingdi Ping,Kuijun Lu,Xiaoping Chen

DOI: https://doi.org/10.1109/ICIE.2009.33

2009-01-01

Abstract:As traditional network security cannot meet the security requirements, the international research shows that network security is on the way to Trustworthy Internet and that the trustworthy issue becomes a hot topic in the future Internet. Trust evaluation of users' behavior is an important part of Trustworthy Internet and a rational trust model plays a key role in the evaluation. This paper concludes many principles of the trust model by analyzing existing trust models and proposes a novel trust model including both the direct and indirect trust. In our model, the direct trust is more trustworthy and is weighted more with the more and more interactions and the indirect evaluation becomes less and less important. The subjective factor is considered to make the direct trust obey the principle of "rise-lowly, decline-quickly". Furthermore, recommenders' credibility is taken into account in the indirect trust evaluation, which can avoid the denigration and make indirect trust more objective. We also consider the process of referral of the credibility to gain more information to evaluate the indirect trust effectively. Credibility evaluation is the basis of the filtering of low credibility and the improvement of trust evaluation. Finally, several experiments are shown to illustrate the properties of the model. © 2009 IEEE.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Liang Gu,Xuhua Ding,Robert H. Deng,Yanzhen Zou,Bing Xie,Weizhong Shao,Hong Mei

DOI: https://doi.org/10.1109/icycs.2008.349

2008-01-01

Abstract:Remote attestation was introduced in TCG specifications to determine whether a remote system is trusted to behave in a particular manner for a specific purpose; however, most of the existing approaches attest only the integrity state of a remote system and hence have a long way to go in achieving the above attestation objective. Behavior-based attestation and semantic attestation were recently introduced as solutions to approach the TCG attestation objective. In this paper, we extend behavior-based attestation to a model-driven remote attestation to prove that a remote system is trusted as defined by TCG. Our model-driven remote attestation verifies two compliance requirements to prove the trustworthiness of a remote system: expected behavior compliance and enforced behavior compliance.

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

xuhua ding,liang gu,robert h deng,bing xie,hong mei

DOI: https://doi.org/10.4018/978-1-61520-682-7.ch001

2010-01-01

Abstract:One of the key mechanisms for trust establishment among different platforms is remote attestation, which allows a platform to vouch for its trust related characteristics to a remote challenger. In this chapter, the authors propose a new conceptual model for remote attestation consisting of four basic ingredients: root of trust, attestation objective, object measurement, and attestation process. With this model, they present a systematic study on the remote attestation, including the methodologies applied for implementing the four elements and the principles for designing an attestation scheme. The authors also examine existing remote attestation schemes in the literature by grouping them into two main types: integrity attestation and quality attestation. They discuss both the strength and the limitations of each type of scheme and explain how they can be applied in trust management in distributed environment.

Lewen Zhang,Yong Zhou,Yixiang Chen,Min Zhang,Juyang Zhang

DOI: https://doi.org/10.1109/SERE-C.2013.23

2013-01-01

Abstract:The software trustworthiness is an important feature for the safety and security of cyber-physical system. Therefore, how to assess software trustworthiness is the key issue. Tao has recently given five measurement models of software trustworthiness based on the attributes of software in his Doctoral Dissertation and his publications. After simulating these models with the Monte Carlo method, we find out that these models have a common shortcoming that the trustworthy degree would not be within the same range as the range in which all attributes' values are. In order to solve this problem, this paper introduces the stability rule with which measurement model of software trustworthiness is proposed. According to these rules, this paper proposes two models which are originally based on Tao's models. The succeeding mathematical proof and simulation demonstrate that these models meet all the rules. These two models have been applied to compute the degree of software trustworthiness in the software trustworthy measurement and evaluation tool.

Liu Yanzhao,Zhang Lei,Luo Ping,Yao

DOI: https://doi.org/10.1109/paap.2012.47

2012-01-01

Abstract:This paper first analyzes the credibility of human society issues, gives a credible model, revealing the essence of credibility, that man's morality, competence and confidentiality of three aspects. Based on these we analyze the credible issue of the network software, and establish the credibility of a general model and a utility model, give the definition of software credibility and credible degree, and propose the key attributes or evidence of the software credibility: the identity evidence, the evidence of the basic norms and the capability. And finally with the general reliability, anti-aggressive and the basic norms to measure the software credibility is proposed. The software faults and vulnerabilities are classified in this paper, and an assessment method and a credibility formula to the credibility of the network software are given.

Tong Li,Yang Lin,Xueyuan Kong,Yue Yu,Fajiang Yu

2011-01-01

Abstract:Current technology in trusted computing cannot comply with the requirement of trusted behaviour. One method for trusted computing dynamic attestation is proposed in this paper. This method uses a behaviour model based on the static analysis of binary code. One same source code may have several different binary versions, therefore one method is proposed for building almost the same core function model for different binary versions. This research also overcame the difficulty where some dynamic behaviours could not be obtained by static analysis. The paper also provides solutions for dynamic attestation of some complex programs, such as recursion, library link and multi threads programs.

Liang Gu,Xuhua Ding,Robert Huijie Deng,Bing Xie,Hong Mei

DOI: https://doi.org/10.1145/1456455.1456458

2008-01-01

Abstract:Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a relevant executable is invoked due to the execution of the target program, its state is measured for attestation. Our scheme not only testifies to a program's execution, but also supports fine-granularity attestations and information flow checking.

Shuai Wang,Aiqun Hu,Tao Li,Shaofan Lin

DOI: https://doi.org/10.3390/sym16020249

2024-02-17

Symmetry

Abstract:Industrial control terminals play an important role in industrial control scenarios. Due to the special nature of industrial control networks, industrial control terminal systems are vulnerable to malicious attacks, which can greatly threaten the stability and security of industrial production environments. Traditional security protection methods for industrial control terminals have coarse detection granularity, and are unable to effectively detect and prevent attacks, lacking real-time responsiveness to attack events. Therefore, this paper proposes a real-time dynamic credibility evaluation mechanism based on program behavior, which integrates the matching and symmetry ideas of credibility evaluation. By conducting a real-time dynamic credibility evaluation of function call sequences and system call sequences during program execution, the credibility of industrial control terminal application program behavior can be judged. To solve the problem that the system calls generated during program execution are unstable and difficult to measure, this paper proposes a partition-based dynamic credibility evaluation method, dividing program behavior during runtime into function call behavior and system call behavior within function intervals. For function call behavior, a sliding window-based function call sequence benchmark library construction method is proposed, which matches and evaluates real-time measurement results based on the benchmark library, thereby achieving symmetry between the benchmark library and the measured data. For system call behavior, a maximum entropy system call model is constructed, which is used to evaluate the credibility of system call sequences. Experiment results demonstrate that our method performs better in both detection success rate and detection speed compared to the existing methods.

multidisciplinary sciences

Liang Gu,Guangdong Bai,Yao Guo,Xiangqun Chen,Hong Mei

DOI: https://doi.org/10.1016/j.jnca.2011.03.014

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:As more and more component-based systems (CBS) run in the open and dynamic Internet, it is very important to establish trust between clients and CBS. One of the key mechanisms to establish trust among different platforms in an open and dynamic environment is remote attestation, which allows a platform to vouch for its trust-related characteristics to a remote challenger. This paper proposes a novel attestation scheme for a dynamically reconfigurable CBS to reliably prove whether its execution satisfies the specified security model, by introducing a TPM-based attestation service to dynamically monitor the execution of the CBS. As a case study, we have applied the proposed scheme on OSGi systems and implemented a prototype based on JVMTI for Felix. The evaluation results show that the proposed scheme is both effective and practical.

Xiaofei He,Xinyu Yang,Rui Li,Qingyu Yang

DOI: https://doi.org/10.1007/978-3-642-39701-1_8

2013-01-01

Abstract:Smart measurement devices play an important role in smart grid and might always be connected through open network interfaces. In this scenario, the adversary could launch code injection attacks to compromise these measurement devices and gain benefits by these compromised devices. To deal with this issue, a number of attestation schemes have been designed to defense the malicious attacks in the past. However, because the detection methods of these schemes are based on extra CPU clock cycles, they could be ineffective when the network delivery delay is significant. To address this problem, in this paper we propose a novel Delay-resilient Remote Memory Attestation scheme (DRMA), which can eliminate the impact of network delivery delay in the multi-hop networks and achieve great accuracy on compromised measurement devices detection. Specially, without sending beacon packets periodically, the proposed scheme can not only get the real-time end-to-end delay via evaluating the time difference reported by the relay nodes in the challenge-response attestation process, but also reduce the network load and achieve great accuracy of network delay. Via extensive theoretical analysis and experiments, our scheme shows better performance and less computing overhead in comparison with existing schemes.

Anbang Ruan,Qingni Shen,Li Wang,Chao Qin,Liang Gu,Zhong Chen

2009-01-01

China Communications

Abstract:The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can deter-mine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.

Zhi-yong TAN,Duo LIU,Tian-ge SI,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.08.029

2008-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A multilevel security (MLS) model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corresponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

SHEN Guohua,HUANG Zhiqiu,QIAN Ju,XU Yongjun,HAO Jin,ZHAO Wenyun,PENG Xin

DOI: https://doi.org/10.3778/j.issn.1673-9418.2011.06.008

2011-01-01

Abstract:Software trustworthiness evaluation is an important aspect of software quality assurance.There are some weaknesses in the current research,such as facing special software modality,fixed trustworthiness attribute,lack of software trustworthiness evaluation tools.This paper presents a general model of software trustworthiness evalua-tion,discusses its implementation process systematically,develops a trustworthiness evaluation management system based on this model,and verifies the feasibility of the model by analyzing a detailed case in a real taxation domain.This approach will be beneficial to trustworthiness evaluation practices by using the evaluation system.

Xi Yang,Gul Jabeen,Ping Luo,Xiao-Ling Zhu,Mei-Hua Liu

DOI: https://doi.org/10.1007/s11390-018-1843-2

2018-01-01

Abstract:As trust becomes increasingly important in software domain, software trustworthiness - as a complex high-composite concept, has developed into a big challenge people have to face, especially in the current open, dynamic and ever-changing Internet environment. Furthermore, how to recognize and define trust problem from its nature and how to measure software trustworthiness correctly and effectively play a key role in improving users' trust in choosing software. Based on trust theory in the field of humanities and sociology, this paper proposes a measurable S2S (Social-to-Software) software trustworthiness framework, introduces a generalized indicator loss to unify three parts of trustworthiness result, and presents a whole metric solution for software trustworthiness, including the advanced J-M model based on power function and time-loss rate for ability trustworthiness measurement, the fuzzy comprehensive evaluation advanced-model considering effect of multiple short boards for basic standard trustworthiness, and the identity trustworthiness measurement method based on the code homology detecting tools. Finally, it provides a case study to verify that the solution is applicable and effective.