Process Behaviored Mechanism Of Remote Attestation In Trusted Computing Environment

With the rapid development of computer technologies and internet, more and more people cannot live without network. For example, the application of computer and internet has been permeated into all kind of fields such as politics, economy, society, education and military affairs. Whether applications are private or commercial, both of them require IT systems that guarantee confidentiality, authenticity, integrity, privacy, as well as availability become all kinds of attacks such as virus, Trojan Programs and hacker's attacks have made current compute network systems very vulnerable.Trusted Computing is a new security solution proposed by the Trusted Computing Group Trusted Computing (TCG). It aims at providing a framework and effective mechanisms that allow computing platforms and a distributed system to gain assurance about each other's integrity and trustworthiness. It was introduced in TCG specifications to determine whether a remote system is trusted to behave in a particular manner for a specific purpose. However, most of the existing approaches is static, inexpressive and attest only the integrity state of a remote system.Most of the existing remote attestation techniques can be categorized into one of the two types either Static or Dynamic. Static remote attestation techniques rely on the signatures or hashes of the binaries in order to determine the state of the software. As these static remote attestations were developed and deployed in the real world scenarios it soon became evident that these techniques had some flawed. Although static remote attestation techniques are relatively simple and can easily be incorporated in existing operating systems to measure and report the sate of the binaries running on the system. To address the shortcomings of static remote attestation techniques, dynamic remote attestation techniques were developed whereby the runtime behavior of the application is monitored instead of measuring the binary of an application.Take advantage of previous PsycoTrace Model to make monitored system integrate static and dynamic tools for protecting a process from attacks that alter the process self as specified by the program source code. The static tools build a context-free grammar that describes the sequences of system calls the process may issue and a set of assertions on the process state. The dynamic tools analyze the call trace of the process to check that it belongs to the grammar language and evaluate the assertions. My paper mainly completed three aspects of work:First, it rolled out and debugged TPM (Trusted Platform Module) Emulator, then built data interface between TPM Emulator and existed PsycoTrace system. Second, my paper lied on analyzing Behavior-Based remote attestation to modify and improve the system utilized direct system calling sequences as processes running, so made the judgment for system calling sequences legality as behavior-analyzed base much solider. Third, my research took advantage of trusted link supplied by TPM Emulator and dynamic Hash integrity protection to insure platform fully trusted---system calling sequences resisted of modifying for monitoring processes.