Research Of Dynamic Integrity Measurement In Trusted Computing

Trusted computing is an effective technique about information security currently, and integrity measurement is the basis of trusted computing. The platform can detect whether the loaded components or the running applications are tampered through integrity measurement. However, existing research conditions are: (1) theory research lags behind product development, and there is no accepted measurement model; (2) trusted computing product can implement static measurement when the system is started, but it cannot implement dynamic measurement when the system is running; (3) there are some deficiencies such as limited function, complicated architecture and difficult implementation in available dynamic measurement models.This thesis makes some research into the problems mentioned above, and the main results can be summarized as follows:(1) A dynamic integrity measurement model is designed based on memory paging. This model takes application pages as measuring object, inserts measurement points when the application pages scheduled into memory, calculates and verifies integrity by authorized measuring program, so it can make sure the integrity of each page is not destroyed, thereby the integrity of the whole application is not destroyed.(2) A trusted computing platform based on XEN architecture is designed for the measurement model. Furthermore, the trust chain and the measuring procedure for the platform are designed correspondently. XEN manages and operates memory pages instead of OS, so the measurement model can insert measurement points through hypercall, and can be implemented eventually.(3) An implement mechanism is presented based on XEN hypercall. This mechanism can effectively implement the key idea of the measurement model above, and it acquires application pages scheduled into memory through XEN hypercall mechanism, puts calculating and verifying codes into hypercall handle function, so it can implement dynamic integrity measurement against applications.(4) Integrity measurement mechanism between platforms is presented as addition. This mechanism describes how the platform reports its integrity to another entity, and the entity verifies the platform's integrity. This mechanism makes platforms in network can verify each other, and interact securely as a result.