Policy Based Semantic Remote Attestation

With the fast development of Internet, it is required safer protection. The traditional safety technologies, such as modifying loopholes, installing firewalls, defending outside attacks, are used to stand against the virus and Hacker attacks, however, But these can not fundamentally solve the security of computer networks.The real reason is that all the attacks are stem from the terminal of personal computer. Therefore, we should solve these problems from other perspectives. We should protect the terminal of personal computers directly, it means that, we use new security technology to protect the terminal to make the whole net safe. As mention above, we concern on the new safety technology in the information security field. Remote attestation which the users are used to identify themselves to connect remote communication is required in the trusted computing. As well as the users require to protect their privacy. They don't want the others know their real identities.Now, In the TCG specification only for the operating system describe the system loads the initial boot phase of confidence-building and transfer. In order to achieve confidence in the system and extend to the application.In this paper, we establish the software part of the chain of trust building process which is basesd on TCG specifications. A whole chain of trust from hardware to software based on java virtual machine is designed, and eventually the trustworthy java application execution environment is realized. In the thesis, current security technology and requirements for its development is analyzed, and the concept, architecture and current research progress of TCG are discussed in details. Another, also introduce the trust JVM, It modified java program's start-up and running procedure, a complete chain of trust is constructed by trustworthy personal computer platform, Linux operation system, and java runtime environment 6. And eventually an authenticated execution of java application is realized by Trusted JVM. Through the use of cryptography services and storage capabilities provided by trusted platform module, inserting control points before application module loading, the integrity information is measured and verified in the process of building, after the chain of trust system is tested under real environment, the trustworthy of this system if proved. In this environment the untrustworthy software or trustworthy software which is illegal tampered can't be executed. And thus malicious attacks or spreading of viruses is avoided.After analyzing the trust JVM, we study remote attestation. Because remote attestation plays an important role in trusted computing, which can provide reliable evidence for existence of a trusted environment. Existing approaches for the realization of remote attestation measure the trustworthiness of a target platform from its binaries, configurations, properties or security policies. All these approaches are static, and none of them define what a trusted behavior actually is and how to specify it. In this paper, we propose a novel attestation policy, which is based on the behavior. This policy associate usage control and behavior. The attestation technology is not static and do not verify once only at the beginning of connection, but dynamic and constant. It assesses the security of every aspect of terminal host. In the design of the remote attestation, in order to ensure the executing environment is trusted, we use trust JVM for experimental platform, so achieve a platform-independent semantic remote authentication.