Science China Information Sciences

, Volume 53, Issue 3, pp 434–453 | Cite as

Research on theory and key technology of trusted computing platform security testing and evaluation

  • HuanGuo Zhang
  • Fei Yan
  • JianMing Fu
  • MingDi Xu
  • Yang Yang
  • Fan He
  • Jing Zhan
Research Papers

Abstract

Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.

Keywords

information security trusted computing trusted computing platform testing and evaluation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Trusted Computing Group. TCG Specification Architecture Overview. 2007Google Scholar
  2. 2.
    Kuhlmann D, Landfermann R, Ramasamy H. An open trusted computing architecture secure virtual machines enabling user defined policy enforcement. Open Trusted Computing (OpenTC) Consortium Technical Report. 2006Google Scholar
  3. 3.
    State Cryptography Administration. Functionality and Interface Specification of Cryptographic Support Platform for Trusted Computing (in Chinese). 2007Google Scholar
  4. 4.
    Shen C, Zhang H, Feng D, et al. Survey of information Security. Sci China Ser F-Inf Sci, 2007, 50: 273–298MATHCrossRefGoogle Scholar
  5. 5.
    Zhang H, Luo J, Jin G, et al. Development of trusted computing research (in Chinese). J Wuhan Univ (Nat Sci Ed), 2006, 52: 513–518MATHGoogle Scholar
  6. 6.
    State Bureau of Quality and Technical Supervision. Rules on Administration of Information Security Product Testing and Certification (in Chinese), 1999Google Scholar
  7. 7.
    Wu S. Ten years’ exploration for test, evaluation and certification of information security (in Chinese). Inf Secur Comm Priv, 2007, 6: 5–8Google Scholar
  8. 8.
    Zhan J, Zhang H. Automated testing of the trusted platform module (in Chinese). J Comp Res Develop, 2009, 48: 1839–1846Google Scholar
  9. 9.
    Luo J. Research on testing and evaluating technology of trusted computing platform (in Chinese). PHD Thesis. Wuhan: Wuhan University, 2008Google Scholar
  10. 10.
    Li H, Hu H, Chen X. Research on compliant testing method of trusted cryptography module (in Chinese). J Comput, 2009, 32: 654–663Google Scholar
  11. 11.
    Cui Q, Shi W. An approach for compliance validation of TPM through applications. J Graduate School Chinese Acad Sci. 2008, 25: 649–656Google Scholar
  12. 12.
    Anupam D, Jason F, Deepak G, et al. A logic of secure systems and its application to trusted computing. In: Pandey C S, ed. 30th IEEE Symposium on Security & Privacy. Oakland: IEEE Computer Society Press, 2009. 221–236Google Scholar
  13. 13.
    Xu M, Zhang H, Yan F. Testing on trust chain of trusted computing platform based on labeled transition system (in Chinese). J Comput, 2009, 32: 635–645Google Scholar
  14. 14.
    Sadeghi A, Selhorst M, Stueble C, et al. TCG inside?-a note on TPM specification compliance. In: Mitchell C, ed. The First ACM Workshop on Scalable Trusted Computing. New York: Association for Computing Machinery, 2006. 47–56CrossRefGoogle Scholar
  15. 15.
    Lin A H. Automated analysis of security APIs. Master Thesis. Cambridge: Massachusetts Institute of Technology, 2005Google Scholar
  16. 16.
    Gurgens S, Rudolph C, Scheuermann D, et al. Security evaluation of scenarios based on the TCG’s TPM specification. In: Biskup J, Lopez J, eds. Proceedings of 12th European Symposium on Research In Computer Security. Dresden: Springer, 2007. 438–453Google Scholar
  17. 17.
    Luo J, Yan F, Yu F, et al. Research on cryptology mechanism of trusted computing platform module (in Chinese). J Comput Appl, 2008, 28: 1907–1915MATHGoogle Scholar
  18. 18.
    Chen X. The formal analysis and testing of trusted platform module (in Chinese). J Comput, 2009, 32: 646–653CrossRefGoogle Scholar
  19. 19.
    Li H, Feng D. Compliant testing method of trusted cryptography module (in Chinese). J Wuhan Univ (Nat Sci Ed), 2009, 55: 31–34Google Scholar
  20. 20.
    Gergely T, Koszegi G, Hornák Z. Case study: automated security testing on the trusted computing platform. In: Mitchell C, ed. Proceedings of the 1st ACM SIGOPS European Workshop on System Security, New York: Association for Computing Machinery, 2008. 35–39Google Scholar
  21. 21.
    Millen J, Guttman J, Ramsdell J, et al. Analysis of a Measured Launch. The MITRE Corporation Technical Report. 2007Google Scholar
  22. 22.
    Chen S, Wen Y, Wen H. Formal analysis of secure bootstrap in trusted computing. In: Xiao B, Yang L T, Ma J H, eds. Proceedings of 4th International Conference on Autonomic and Trusted Computing. Berlin: Springer, 2007. 352–360CrossRefGoogle Scholar
  23. 23.
    Deepak G, Jason F, Dilsun K, et al. Towards a Theory of Secure Systems. Technical Report CMU-CyLab-08-003. 2008Google Scholar
  24. 24.
    Focardi R, Gorrieri R. Classification of security properties (Part I: information flow). In: Focardi R, Gorrieri R, eds. Foundations of Security Analysis and Design-Tutorial Lectures, LNCS, Vo1. 2171. Franconia: Springer-Verlag, 2001. 331–396CrossRefGoogle Scholar
  25. 25.
    Zhou W, Yin Q, Guo J. Non-interference models in computer security (in Chinese). Comput Sci, 2005, 32: 159–165Google Scholar
  26. 26.
    Xu M. Security analysis for chain of trust of trusted computing platform (in Chinese). PHD thesis. Wuhan: Wuhan University, 2009Google Scholar
  27. 27.
    Shi E, Perrig A, Doorn L V. BIND: A fine-grained attestation service for secure distributed systems. In: Pandey C S, ed. 24th IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society Press, 2005. 154–168Google Scholar
  28. 28.
    Sutherland D. A model of information. In: Merwin R E, ed. Proceedings of the 9th National Computer Security Conference. Gaithersburg: IEEE Computer Society, 1986. 175–183Google Scholar
  29. 29.
    Wittbold J T, Johnson D M. Information flow in nondeterministic systems. In: Landwehr C E, ed. Proceedings of the IEEE Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1990. 144–161Google Scholar
  30. 30.
    Piazza C, Pivato E, Rossi S. CoPS-checker of persistent security. In: Jensen K, Podelski A, eds. Tools and Algorithms for the Construction and Analysis of Systems, 10th Int. Conf., TACAS’04. LNCS, Vol. 2988. Berlin: Springer-Verlag, 2004. 144–152CrossRefGoogle Scholar
  31. 31.
    Hamlet R. Random testing. In: Marciniak J, ed. Encyclopedia of Software Engineering, 1994. 970–978Google Scholar
  32. 32.
    Rainer G, Ralf G, Thomas B. Random testing: from the classical approach to a global view and full test automation. In: Wong E, ed. Proceedings of the Second International Workshop on Random Testing. New York: Association for Computing Machinery, 2007. 30–37Google Scholar
  33. 33.
    Chen T Y, Leung H, Mak I K. Adaptive random testing. In: Maher M J, ed. Proceedings of 9th Asian Computing Science Conference. Hongkong: Springer-Verlag, 2004. 77–89Google Scholar
  34. 34.
    Chen T Y, Robert M. Quasi-random testing. In: Cheung S C, ed. Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering. New York: Association for Computing Machinery, 2005. 309–312CrossRefGoogle Scholar
  35. 35.
    Csallner C, Smaragdakis Y. JCrasher: an automatic robustness tester for Java. Softw: Pract Exp, 2004, 34: 1025–1050CrossRefGoogle Scholar
  36. 36.
    Baresi L, Michal Y. Test Oracles. Technical Report CIS-TR-01-02. 2001Google Scholar
  37. 37.
    Yang Y. Research on defects oriented automated software testing (in Chinese). PHD thesis. Wuhan: Wuhan University, 2009Google Scholar
  38. 38.
    Yan F. Research on some theory and technology of trusted computing (in Chinese). PHD thesis. Wuhan: Wuhan University, 2007Google Scholar
  39. 39.
    Mao W, Yan F, Chen C. Daonity: grid security with behaviour conformity from trusted computing. In: Mitchell C, eds. The First ACM Workshop on Scalable Trusted Computing. New York: Association for Computing Machinery, 2006. 43–46CrossRefGoogle Scholar

Copyright information

© Science China Press and Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • HuanGuo Zhang
    • 1
    • 2
  • Fei Yan
    • 1
    • 2
  • JianMing Fu
    • 1
    • 2
  • MingDi Xu
    • 1
    • 2
  • Yang Yang
    • 1
    • 2
  • Fan He
    • 1
    • 2
  • Jing Zhan
    • 1
    • 2
  1. 1.School of ComputerWuhan UniversityWuhanChina
  2. 2.Key Laboratory of Aerospace Information Security and Trusted ComputingMinistry of EducationWuhanChina

Personalised recommendations