| In the information age, the network and software events emerge one after another incessantly. The traditional threatens spread to the industrial control system gradually and cause great losses to the industrial production. Nowadays the industrial control system is facing the unprecedented security challenge. At present, the information security technologies mainly carry on the security defense, and then deal with when the problems arise in the software running, and lack of the prediction and judgment of the whole operation process of the software. Trusted computing is a new key technology to solve the problem of information security, but most of the current trusted computing technologies are limited to the integrity verification of the system resources at the boot time while these technologies don't measure the dynamic credibility in the course of software running. The credibility measurement of software becomes a core problem of trusted computing.Based on the analysis of the running background and operation process of the software, this paper presents a hierarchical software credibility measurement model. The model is based on three levels: the integrity of the operating system environment, the static integrity of the software and the credibility of the dynamic behavior of the software. When measuring the credibility of the operating system environment, analyze the process of establishing the trust chain of trusted computing group and measure the integrity of OS Loader?OS in order based on USBKEY to measure the credibility of the operating system loading process. When measuring the static integrity of the software, choose the abstract value of the combination of the software implementation code? digital signature and publisher information as the metric benchmark of integrity of the software. Then monitor the startup of the software based on the WMI mechanism and capture the information of the software to calculate the actual abstract value to measure the static integrity of the software.While measuring the credibility of the dynamic behavior of the software, choose the system call sequences to depict the behavior of the software, through the static analysis and dynamic analysis of the software to get the system calls?the short sequence of system calls and the time offset as the metric benchmark of software dynamic behavior. Monitor the running process of software to intercept the related information and set strict criterion rules according to the metric benchmark.Judge the credibility of software dynamic behavior from three aspects: software control flow, data flow and timing.The experimental results show that the hierarchical software credibility measurement model has high accuracy, efficiency, detection capability and good application value. |
PDF Full Text Request