Static analysis-based behavior model building for trusted computing dynamic verification

Article

Abstract

Current trusted computing platform only verifies application’s static Hash value, it could not prevent application from being dynamic attacked. This paper gives one static analysis-based behavior model building method for trusted computing dynamic verification, including control flow graph (CFG) building, finite state automata (FSA) constructing, ɛ run cycle removing, ɛ transition removing, deterministic finite state (DFA) constructing, trivial FSA removing, and global push down automata (PDA) constructing. According to experiment, this model built is a reduced model for dynamic verification and covers all possible paths, because it is based on binary file static analysis.

Key words

trusted computing dynamic verification behavior model finite-state automata (FSA) push down automata (PDA) 

CLC number

TP 391 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Shen Changxiang, Zhang Huanguo, Wang Huaimin, et al. Trusted computing research and development [J]. Science China: Information Sciences, 2010, 40(2): 139–166 (Ch).Google Scholar
  2. [2]
    Shen Changxiang, Zhang Huanguo, Feng Dengguo, et al. Survey of information security [J]. Science China: Information Sciences, 2007, 37(2): 1–22 (Ch).Google Scholar
  3. [3]
    Zhang Huanguo, Luo Jie, Jin Gang, et al. Development of trusted computing research [J]. Wuhan University Journal of Natural Sciences, 2006, 11(6): 1407–1413.CrossRefGoogle Scholar
  4. [4]
    Trusted Computing Group. TCG Specification Architecture Overview Specification Revision 1.4 [EB/OL]. [2010-03-10]. http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf
  5. [5]
    Trusted Computing Group. TCG Design, Implementation, and Usage Principles Version 2.0 [EB/OL]. [2009-12-16]. http://www.trustedcomputinggroup.org/files/resource_files/59C26E CB-1D09-3519-AD469EA7AFBD2E91/Best_Practices_Principles_Document_V2_0.pdf
  6. [6]
    Wagner D, Dean D. Intrusion detection via static analysis[C]//Proceedings of 2001 IEEE Symposium on Security and Privacy, Oakland: IEEE Computer Society, 2001: 156–168.Google Scholar
  7. [7]
    Giffin J T, Jha S, Miller B P. Detecting manipulated remote call streams [C]//Proceedings of the 11th USENIX Security Symposium. San Francisco: USENIX Association, 2002: 61–79.Google Scholar
  8. [8]
    Giffin J T, Dagon D, Jha S. Environment- sensitive intrusion detection[C]//Proceedings of 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005) LNCS3858. Seattle: Springer-Verlag, 2005: 185–206.Google Scholar
  9. [9]
    Feng H H, Giffin J, Huang Y, Jha S, et al. Formalizing sensitivity in static analysis for intrusion detection [C]//Proceedings of 2004 IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society, 2004: 194–208.Google Scholar
  10. [10]
    Gopalakrishna R, Spafford E, Vitek J. Efficient intrusion detection using automaton inlining [C]//Proceedings of 2005 IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society, 2005: 18–31.Google Scholar
  11. [11]
    Li Wen, Dai Yingxia, Lian Yifeng, et al. Context sensitive host-based IDS using hybrid automaton [J]. Journal of Software, 2009, 20(1): 138–151 (Ch).CrossRefGoogle Scholar

Copyright information

© Wuhan University and Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.School of ComputerWuhan UniversityWuhanHubei, China
  2. 2.Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of EducationWuhan UniversityWuhanHubei, China

Personalised recommendations