DOI: 10.3724/SP.J.1146.2009.00408

Journal of Electronics & Information Technology (电子与信息学报) 2010/32:4 PP.875-879

TPM-Based Dynamic Integrity Measurement Architecture

This paper presents a TPM-based architecture DIMA (Dynamic Integrity Measurement Architecture), which helps the administrators check the integrity of the processes and modules dynamically. Compares with other measurement architectures, DIMA uses a new mechanism to provide dynamic measurement of the running processes and kernel modules. Some attacks to running processes which use to be invisible to other integrity measurement architectures can be now detected. In this case, DIMA solves the TOC-TOU problem which always bothers others before. In addition, instead of measuring the whole file on the hard disk, the object is divided into some small pieces: code, parameter, stack and so on to make a fine-grained measurement result. Finally, the DIMA implementation using Trust Computing Module (TPM) is discussed and the performance data is presented.

Key words:Trusted Computing Module (TPM),Integrity measurement,Dynamic Integrity Measurement Architecture (DIMA)

ReleaseDate:2014-07-21 15:17:46

[1] Trusted Computing Group. TCG PC client specific implementation specification for conventional bios version 1.2, July 2005.

[2] Apvrille A, Gordon D, Hallyn S, Pourzandi M, and Roy V. DigSig: Run-time authentication of binaries at kernel Level[C]. Proceedings of LISA '04 Eighteenth Systems Administration Conference. Atlanta, GA, USENIX Association November, 2004: 59-66.

[3] Petroni N Jr and Fraser T, et al. Copilot A coprocessor -based kernel runtime integrity monitor[C]. Proceedings of the 13th conference on USENIX Security Symposium. San Diego, CA, 2004, Vol. 13: 13-13.

[4] Sailer R, Zhang Xiao-lan, Jaeger T, and Van Doorn L. Design and implementation of a TCG-based integrity measurement architecture[C]. Proceedings of USENIX Security Symposium. Lake Tahoe, California, USA, ACM Press, Aug. 2004: 223-238.

[5] Jaeger T, Sailer R, and Shankar U. PRIMA: Policy-reduced integrity measurement architecture[C]. Proceedings of the eleventh ACM symposium on Access control models and technologies. Lake Tahoe, California, USA, 2006: 19-28.

[6] Shi E, Perrig A, and Van Doorn L. BIND: A fine-grained attestation service for secure distributed systems[C]. Proceeding of the IEEE Symposium on Security and Privacy. Oakland, CA, USA, IEEE Press, 2005: 154-168.

[7] Loscocco P A, Wilson P W, Pendergrass J A, and McDonell C D. Linux kernel integrity measurement using contextual inspection[C]. Proceedings of the 2007 ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA, 2007: 21-29.

[8] Thober M and Pendergrass J A. McDonell C D: Improving coherency of runtime integrity measurement[C]. Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA, 2008: 51-60.

[9] Gu Liang, Ding Xu-hua, Deng R H, Xie Bing, and Mei Hong. Remote attestation on program execution[C]. Conference on Computer and Communications Security Proceedings of the 3rd ACM workshop on Scalable trusted computing. Alexandria, Virginia, USA, 2008: 11-20.

[10] Wu Yong-dong, Zhao Zhi-gang, and Chui Tian-wei. An attack on SMC-based software protection[M]. Springer Berlin / Heidelberg. 2007: 232-248.

[11] 徐震, 沈丽红, 汪丹. 一种可配置的可信引导系统. 中国科学院研究生院学报, 2008, 25(5): 626-630. Xu Zhen, Shen Li-hong, and Wang Dan. LOIS grub: A configurable trusted booting system[J]. Journal of the Graduate School of the Chinese Academy of Science, 2008, 25(5): 626-630.