BBACIMA: A Trustworthy Integrity Measurement Architecture through Behavior-Based TPM Access Control |
| |
基金项目: | Supported by the National High Technology Research and Development Plan of China (2007AA01Z412), the National Key Technology R&D Program of China (2006BAH02A02) and the National Natural Science Foundation of China (60603017) |
| |
摘 要: | Two limitations of current integrity measurement architectures are pointed out: (1) a reference value is required for every measured entity to verify the system states, as is impractical however; (2) malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures.
|
关 键 词: | 集成度测量 接入控制 TPM 电子技术 |
BBACIMA: A trustworthy integrity measurement architecture through behavior-based TPM access control |
| |
Authors: | Aimin Yu Dengguo Feng |
| |
Institution: | Institute of Software, Chinese Academy of Sciences/ StateKey Laboratory of Information Security, Beijing 100190, China |
| |
Abstract: | Two limitations of current integrity measurement architectures are pointed out: ➀ a reference value is required for every
measured entity to verify the system states, as is impractical however; ➁ malicious user can forge proof of inexistent system
states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access
control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness
of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which
may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation
requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof
of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement
architectures.
Foundation item: Supported by the National High Technology Research and Development Plan of China (2007AA01Z412), the National Key Technology
R&D Program of China (2006BAH02A02) and the National Natural Science Foundation of China (60603017) |
| |
Keywords: | integrity measurement behavior-based access control trusted platform module (TPM) trusted computing remote attestation |
本文献已被 维普 SpringerLink 等数据库收录! |