Skip to main content
SpringerLink
Log in

BBACIMA: A trustworthy integrity measurement architecture through behavior-based TPM access control

  • Published:
Wuhan University Journal of Natural Sciences

Abstract

Two limitations of current integrity measurement architectures are pointed out: ➀ a reference value is required for every measured entity to verify the system states, as is impractical however; ➁ malicious user can forge proof of inexistent system states. This paper proposes a trustworthy integrity measurement architecture, BBACIMA, through enforcing behavior-based access control for trusted platform module (TPM). BBACIMA introduces a TPM reference monitor (TPMRM) to ensure the trustworthiness of integrity measurement. TPMRM enforces behavior-based access control for the TPM and is isolated from other entities which may be malicious. TPMRM is the only entity manipulating TPM directly and all PCR (platform configuration register) operation requests must pass through the security check of it so that only trusted processes can do measurement and produce the proof of system states. Through these mechanisms malicious user can not enforce attack which is feasible in current measurement architectures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Trusted Computing Group. TCG PC Specific Implementation Specification[EB/OL]. [2008-02-20]. https://www.trustedcomputinggroup.org/groups/pc_client/TCG_PCSpecificSpec-ification_v1_1.pdf.

  2. Trusted Computing Group. TCG PC Client Specific Implementation Specification for Conventional BIOS[EB/OL]. [2008-02-20]. https://www.trustedcomputinggroup.org/specs/PCClient/TCG_PCClientImplementationforBIOS_1-20_1-00.pdf.

  3. Trusted Computing Group. TCG PC Client Specific TPM Interface Specification (TIS)[EB/OL].[2008-02-20]. https://www.trustedcomputinggroup.org/groups/pc_client/TCG_PCClient-TPMSpecification_1-20_1-00_FINAL.pdf.

  4. Trusted Computing Group. TCG Specification Architecture Overviews[EB/OL].[2008-04-20].https://www.Trustedcompu-tinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf.

  5. Shi E, Perrig A, Doorn L. BIND: A Fine-Grained Attestation Service for Secure Distributed Systems[C]// Proceedings of the 2005 IEEE Symposium on Security and Privacy. Washington, D C: IEEE Press, 2005: 154.

    Google Scholar 

  6. Peinado M, Chen Y, England P, et al. NGSCB: A Trusted Open System[C]//Proceedings of 9th Australasian Conference. Sydney: Springer-Verlag, 2004: 86.

    Google Scholar 

  7. Garfinkel T, Pfaff B, Chow J, et al. Terra: A Virtual MachineBased Platform for Trusted Computing[C]//Proceedings of the19th ACM symposium on Operating systems principles. New York: ACM Press, 2003: 193.

    Google Scholar 

  8. Sailer R, Zhang Xiaolan, Jaeger T, et al. Design and Implementation of a TCG-Based Integrity Measurement Architecture[C]//Proceedings of the 13th conference on USENIX Security Symposium. Berkeley: USENIX Association Press, 2004: 16.

    Google Scholar 

  9. Smith W. Outbound Authentication for Programmable Secure Coprocessors[C]//Proceedings of the 7th European Symposium on Research in Computer Security. London: Springer-Verlag, 2003:72.

    Google Scholar 

  10. Jaeger T, Sailer R, Shankar U. PRIMA: Policy-Reduced Integrity Measurement Architecture[C]// Proceedings of the 11th ACM symposium on Access control models and technologies, New York: ACM Press, 2006: 19.

    Google Scholar 

  11. Chou A, Yang J, Chelf B, et al. An Empirical Study of Operating Systems Errors[C]//Proceedings of the 18th ACM symposium on Operating systems principles. New York: ACM Press, 2001:73.

    Google Scholar 

  12. Hohmuth M, Tews H. The Vfiasco Approach for a Verified Operating System[EB/OL].[2008-02-20]. http://wwwtcs.inf.tu-dresden.de/:_tews/Plos-2005/ecoop-plos-05-letter.ps.

  13. Kolanski R, Klein G. Formalizing the L4 Microkernel API [C]//Proceedings of the 12th Computing: The Australasian Theory Symposium. Darlinghurst, Australia: Australian Computer Society, Inc, 2006: 53.

    Google Scholar 

  14. Liedtke J. On Micro-Kernel Construction[C]//Proceedings of the 15th ACM symposium on Operating systems principles, New York: ACM Press,1995: 337.

    Google Scholar 

  15. Liedtke J. L4 Reference Manual [EB/OL]. [2008-02-20]. http://l4ka.org/projects/pistachio/l4-x2-r5.pdf.

  16. Intel Corporation. Intel Trusted Execution Technology [EB/OL].[2008-04-01] http://download.intel.com/technology/security/downloads/315168.pdf.

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences/State Key Laboratory of Information Security, Beijing, 100190, China

    Aimin Yu & Dengguo Feng

Authors
  1. Aimin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dengguo Feng.

Additional information

Foundation item: Supported by the National High Technology Research and Development Plan of China (2007AA01Z412), the National Key Technology R&D Program of China (2006BAH02A02) and the National Natural Science Foundation of China (60603017)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yu, A., Feng, D. BBACIMA: A trustworthy integrity measurement architecture through behavior-based TPM access control. Wuhan Univ. J. Nat. Sci. 13, 513–518 (2008). https://doi.org/10.1007/s11859-008-0501-x

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11859-008-0501-x

Key words

CLC number

Search

Navigation