Creditability Evaluation Model Of Software Based On Simplified Behavior Trace

With the rapid development of information technology and information industry, the incidents harming information security often happen, and trusted computing emerged as the times require. Though technical route of TCG is able to insure the static credibility of computer at initialization phase, it may cause security risks without considering the dynamic credibility problem in the course of software running. So the dynamic credibility evaluation of software has become a hot issue in information security field. Ensuring the dynamic credibility is to keep that the software always behaves in the expected way and realizes the expected purpose. Therefore, it is meaningful to research credibility evaluation based on software behavior. With the emergence of mimicry attack, software behavior model should not only contain operation sequences, but also record sequences of the corresponding scenes, and then it can detect most of the attacks.In order to improve the accuracy of evaluation, a creditability evaluation model of software based on simplified behavior trace (CEMSBT) is demonstrated in this paper. We introduce behavior trace (BT) to describe the software behavior. Given that the operational process and background of running software are key factors in creditability evaluation, BT consists of operation trace and function trace. Operation trace is the operation sequences of the running software, which can be denoted by ordered check point vectors. Function trace is depicted by a series of scenes which have the ability of characterizing the software functions. With the purpose of reducing time and space overheads of creditability evaluation, we give reduction rules of BT. We apply identification evaluation rule and scene evaluation rules to check the practical behavior of software. The branch point brings software some randomness which can be used by intruders, so it is necessary to judge which branch will be run next. We propose the scene similarity method to determine the direction of the branch, which can improve the accuracy. The simulation results indicate the accuracy, efficiency and detect ability of CEMSBT.