Wuhan University Journal of Natural Sciences

, Volume 11, Issue 6, pp 1819–1822 | Cite as

A behavior-based remote trust attestation model

  • Zhang Huanguo
  • Wang Fan
Security of Network and Communication


While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.

Key words

remote attestation trusted computing trusted platform behavior monitoring agent behavior tree 

CLC number

TP 309 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Staniford S, Moore D, Paxson V,et al. The Top Speed of Flash Worms[C]//Proc 2004 ACM Workshop on Rapid Malcode. Washington D C, USA, ACM Press, 2004:33–42.Google Scholar
  2. [2]
    Vatis M. Combating Cyber Attacks: The Role of the Research Community [EB/OL]. [2002–03].http://www. hpcc-usa. org/pics/02-pres/vatis. ppt.Google Scholar
  3. [3]
    Sekar R, Bowen T, Sega M I. On Preventing Intrusions by Process Behavior Monitorin[C]//Proc of the USENIX Intrusion Petection Workshop. Santaclara, USA: The USENIX Association, 1999:29–40.Google Scholar
  4. [4]
    Sekar R, Bendre M, Dhurjati D,et al. A Fast Automaton-Based for Detecting Anomalous Program Behavior [C]//IEEE Symposium on Security and Privacy. California, USA, May 14–16, 2001.Google Scholar
  5. [5]
    Sailer R, Doorn L V, Ward J P. The Role of TPM in Enterprise Security[J].Datenschutz and Datensicherheit, 2004,28(9):539–547.Google Scholar
  6. [6]
    Oltsik J. Enterprise Strategy Group. Trusted Enterprise Security—How the Trusted Computing Group Will Advance Enterprise Security[EB/OL]. [2006-01-02].https://www. trustedcomputinggroup. org/news/Industry_Data/ESG_White_Paper. pdf.Google Scholar
  7. [7]
    Sailer R, Zhang Xiaolan, Jaeger T,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture [C]//13thUsenix Security Symposium. San Diego, California, USA, Aug 9–13, 2004.Google Scholar
  8. [8]
    Barrett M F. Towards an Open Trusted Computing Framework[EB/OL]. [2005-02].http://www. cs. auckland. ac. nz/research/theses/2005/mbarrettThesis. pdf.Google Scholar
  9. [9]
    Sailer R, Jaeger T, Zhang Xiaolan,et al. Attenstation-Based Policy Enforcement for Remote Access [C]//Proc 11th ACM CCS. Washington DC: ACM Press, 2004:308–317.Google Scholar
  10. [10]
    Haldar V, Chandra D, Franz M. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing[C]//Proceedings of the 3rd USENIX VM Research & Technology Symposium. San Jose, May 6–7, 2004.Google Scholar

Copyright information

© Springer 2006

Authors and Affiliations

  1. 1.School of ComputerWuhan UniversityWuhan, HubeiChina

Personalised recommendations