Trust-based Platform Integrity Verification Models

To resolve the problem of Internet and Information security, the concept Trust Computing has been proposed by Trusted Computing Group (TCG), adding trust chip similar to the trusted third party on the computer platform, and solving the security problem by using endpoint integrity measurement and remote attestation scheme. However, the research actualities of Trusted Computing is that the technology pulls ahead, thus the theory lags behind, and lack the theory model of Trusted Computing and trust theory, and fusion and extension of the security level and credibility in the trusted operating system; The existing models of Integrity attestation ultimately rely on binary integrity measurement mechanism, which is to compare integrity measurements with reference measurements, if absolutely consistent, the result is completely credible, otherwise completely incredible. That idea does not fit the characters of the trust. Additionally the integrity report protocols of remote attestation have the probability of masquerading and relay attacks.On the basic of studying Trusted Computing technology, existing integrity attestation mechanism of the platform and trust model, contributions made in this thesis are listed as below:1) On the basis of analyzing the defects existing integrity attestation mechanism, the trust degree-based platform integrity attestation model was proposed, which could translate the integrity measurements into trust degree through some evaluate policies. The model employed two attestation protocols. One is based on trust degree attestation protocols, which references to property-based attestation protocol, according to trust degree-based attestation architecture. This protocol was proved to be safely complete data transmission by BAN logical model. The other is still the original remote attestation protocol. Since this protocol was existed defects, improvement was taken on.2) In the evaluation of trust degree, referenced current trust evaluation models, analysis structure characteristics of the initial trust chain and operating system, direct trust degree, indirect trust degree and comprehensive trust degree evaluation mechanism during the initial trust chain and operating system was proposed, which quantified the integrity measurements to accurate trust degree value between 0 and 1, and translated the integrity state of the platform into four trust levels through fuzzy set and membership functions, which provides more precise integrity state the trust region for remote attestor, but not the false or true judgement method in current integrity measurement model. The integrity trust degree evaluation mechanism was proved to the feasibility through simulation experiment. The simulation results show that the model gives more objective integrity information of the initial trust chain and operating system.3) On the prototype implementation, a trusted experiment platform was built with Open-Source TPM Emulator on Linux. A graphical interfaces——TPM interface was developed with Glade, with which partly achieve some functions of the model proposed in this thesis.