A behavior-based remote trust attestation model
- 81 Downloads
While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.
Key wordsremote attestation trusted computing trusted platform behavior monitoring agent behavior tree
CLC numberTP 309
Unable to display preview. Download preview PDF.
- Staniford S, Moore D, Paxson V,et al. The Top Speed of Flash Worms[C]//Proc 2004 ACM Workshop on Rapid Malcode. Washington D C, USA, ACM Press, 2004:33–42.Google Scholar
- Vatis M. Combating Cyber Attacks: The Role of the Research Community [EB/OL]. [2002–03].http://www. hpcc-usa. org/pics/02-pres/vatis. ppt.Google Scholar
- Sekar R, Bowen T, Sega M I. On Preventing Intrusions by Process Behavior Monitorin[C]//Proc of the USENIX Intrusion Petection Workshop. Santaclara, USA: The USENIX Association, 1999:29–40.Google Scholar
- Sekar R, Bendre M, Dhurjati D,et al. A Fast Automaton-Based for Detecting Anomalous Program Behavior [C]//IEEE Symposium on Security and Privacy. California, USA, May 14–16, 2001.Google Scholar
- Sailer R, Doorn L V, Ward J P. The Role of TPM in Enterprise Security[J].Datenschutz and Datensicherheit, 2004,28(9):539–547.Google Scholar
- Oltsik J. Enterprise Strategy Group. Trusted Enterprise Security—How the Trusted Computing Group Will Advance Enterprise Security[EB/OL]. [2006-01-02].https://www. trustedcomputinggroup. org/news/Industry_Data/ESG_White_Paper. pdf.Google Scholar
- Sailer R, Zhang Xiaolan, Jaeger T,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture [C]//13thUsenix Security Symposium. San Diego, California, USA, Aug 9–13, 2004.Google Scholar
- Barrett M F. Towards an Open Trusted Computing Framework[EB/OL]. [2005-02].http://www. cs. auckland. ac. nz/research/theses/2005/mbarrettThesis. pdf.Google Scholar
- Sailer R, Jaeger T, Zhang Xiaolan,et al. Attenstation-Based Policy Enforcement for Remote Access [C]//Proc 11th ACM CCS. Washington DC: ACM Press, 2004:308–317.Google Scholar
- Haldar V, Chandra D, Franz M. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing[C]//Proceedings of the 3rd USENIX VM Research & Technology Symposium. San Jose, May 6–7, 2004.Google Scholar