| TSS (TCG Software Stack) defined by TCG (Trusted Computing Group) is the core software in Trusted Computing Platform, as well as the implementation of the Trusted Mechanism on the operating system level, whose performance could directly influence security of the trusted applications, even of the trusted platform. Considering the importance of TSS, it is of great significance to take reverse analysis and security detection towards TSS.Through the research on reverse analysis of executable code, this dissertation proposes a method to design and implementation reverse analysis platform for Trusted Computing Mechanism based on the Abstract Interpretation theory. The main content of the dissertation are explained as follows:1. In order to take accurate reverse analysis to the Trusted Computing Mechanism, the functional structure and hierarchy structure as well as Trusted Computing Mechanism key functions in TSS are deeply studied. Then the results are saved in the Trusted Computing Mechanism characteristics'library.2. To reduce the complexity of assembly language results, and cut down the massive instruction systems from various CPUs and their addressing mechanisms, an intermediate language method (Assembly language Intermediate Representation, SAIR) is proposed to meet the need of semantics analyzing and security analyzing.3. An abstract domain is established for X86 executable code analyzing based on Abstract Interpretation theory, on which the run-time environment expression form and the instruction abstract semantics is also defined. Then the algorithms that to analyze the run-time environment is proposed to automatically extract executable code properties such as the value rang of variables, data dependences, the complete access information for the memory, the maximal counts of iterations of the loops and the infeasible paths identified.4. To recover the complex data structures from the executable codes, two methods that based on the trusted function interface and the instruction semantics are suggested respectively which could improve the ability to identify data structures.In the end, the prototype system is tested and the results indicated that: Using the reverse analysis platform for Trusted Computing Mechanism, the SAIR is fully realized and the data dependences, control flow, memory access information could be completely extracted. Comparing with other common reverse analysis tools, this platform can obtain more information about data structure and the control structure. In brief, the platform achieved the goal of providing data for the trusted mechanism security analysis, the dynamic test as well as vulnerability discovery. |
PDF Full Text Request