Runtime Software Trustworthiness Evidence Collection Mechanism Based on TPM: Runtime Software Trustworthiness Evidence Collection Mechanism Based on TPM

This paper extends the software trustworthiness evidence framework to include the runtime software trustworthiness evidence. To collect software trustworthiness evidence in an objective, genuine and comprehensive way, it proposes a runtime software trustworthiness evidence collection mechanism based on trusted computing technology. Based on the features provided by TPM (trusted platform module), as well as the late launch technology, a trusted evidence collection agent is introduced in an operating system kernel. The agent can securely monitor executing programs and collect their trustworthiness evidence accordingly. The agent also provides some trusted services for programs to collect application specific evidences and guarantees the trustworthiness of these evidences. This mechanism has good scalability to support various applications and software trustworthiness evaluation models. This paper also implements a prototype for the agent based on Linux security model in Linux. Based on the prototype, it studies the trustworthiness evaluation for executing a client program in a distributed computing environment. In this application, the performance of prototype is studied, and the feasibility of this approach is demonstrated.

[1]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[2]  Tang Yang-bin,et al.  Trustworthiness of Internet-based software , 2006 .

[3]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[4]  Xu Feng Research and Development of Trust Management in Web Security , 2002 .

[5]  J-C. Laprie,et al.  DEPENDABLE COMPUTING AND FAULT TOLERANCE : CONCEPTS AND TERMINOLOGY , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[6]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[7]  Xiaoyong Li,et al.  An Efficient Attestation for Trustworthiness of Computing Platform , 2006, 2006 International Conference on Intelligent Information Hiding and Multimedia.

[8]  Wang Ji,et al.  High Confidence Software Engineering Technologies , 2003 .

[9]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Zhenfu Cao,et al.  Survey of information security , 2007, Science in China Series F: Information Sciences.

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[13]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[14]  Brian Randell,et al.  Fundamental Concepts of Dependability , 2000 .

[15]  Jin Zhi Some Discussion on the Development of Software Technology , 2002 .