Researches On Dynamic Trusted Theories And Models Of Software Behavior

In the information age, as an important strategic resource, information is facing an increasingly serious security situation. Information security is related to national security and social stability, and ensuring information security is significant.Trusted computing technology takes integrated measures from hardware and operating system, and then effectively improve the security of computing platforms. Although trusted computing technology is becoming a new trend of information security area, there are still some problems need to solve. Firstly, the theoretical researches of trusted computing are behind of technical practice, and there is no generally accepted theoretical models founded. Secondly, there lacks effective theories and methods of software dynamic trusted evaluation. Current trusted evaluation models only implement static integrity measurement, and can not ensure the dynamic trust of systems.In order to solve above problems, an agent-based hierarchical trusted architecture is proposed. With the base of trusted computing platform, a concept architecture of software behavior semantic distance and an idea of multi-dimensional dynamic expansion of subjective logic are introduced separately from the objective and subjective points of view angle of software behavior trust. In accordance with the research method of "theoretical model→prototype system→experimental verification→theoretical model", dynamic trusted theories and models of software behavior are conducted. The followings are main research results and innovations:1) The existing trusted models have complex structures and cannot guarantee the security of themselves. The agent-based hierarchical trusted architecture, which named MMA, has a simple structure and good expandability because MMA distributes analyzer agent, monitor agent and manager agent into the feature acquisition layer and the behavior evaluation layer above on the trusted foundamental layer. Based on the hierarchical trust expansion mechanism of trusted chain and the random theory, a dynamic verification model of integrity is proposed based on the "challenge-response" authentication mechanism, and an agent trusted authentication mechanism is implemented by the combination of static measurement and dynamic verification with TPM. The MMA architecture ensure the security of trusted evaluation system by extending the system trust chain to the agents. 2) In order to build the theoretical foundation of dynamic trusted evaluation model based on software behavior trust, the concepts of behavior trace, checkpoint scene, time stamp, et al., which characterize the properties and features of software behavior, are proposed from the objective point of view angle of software behavior trust, and a tree model of integrated features of software behavior is built. With the support of the trusted foundamental layer and TPM, an analyzing mechanism of expected software behavior and a monitoring mechanism of actual software behavior are implemented to ensure the feature information of software behavior. The concept of behavior semantic distance is proposed and an integrated measurement mechanism of behavior semantic distance is founded based on the membership function of the fuzzy theory, by defining a series of related measurement functions of software behavior properties, such as matching function of behavior trace, similarity function of checkpoint scene, and difference function of time stamp. Finally a software behavior automaton model based on software behavior semantic distance is proposed, and the experimental results show that the dynamic measurement ability of the SBA model is better than some existing dynamic trusted evaluation models of software behavior.3) The traditional theory of subjective logic does not consider the fact that the subjective evaluation results change with the time. A new idea of extending subjective logic theory is proposed from the subjective point of view angle of software behavior trust, while the traditional two-dimensional opinion space is extended to multi-dimensional dynamic opinion space. A dynamic trusted evaluation model of entity behavior based on extended subjective logic is proposed, which is implemented by the reputation and risk evaluation mechanism. The experimental results show that the model can process malicious behavior with more sensitive reaction, more accurate detection, and more effective suppression.The researches on software dynamic trusted theories and models based on software behavior can promote a healthy development of trusted computing, especially dynamic trusted evaluation technology. The research works have not only great theoretical value, but also good guided significence to technical practice.