Abstract
While remote trust attestation is a useful concept to detect unauthorized changes to software, the current mechanism only ensures authenticity at the start of the operating system and cannot ensure the action of running software. Our approach is to use a behavior-based monitoring agent to make remote attestation more flexible, dynamic, and trustworthy. This approach was mostly made possible by extensive use of process information which is readily available in Unix. We also made use of a behavior tree to effectively record predictable behaviors of each process. In this paper, we primarily focus on building a prototype implementation of such framework, presenting one example built on it, successfully find potential security risks in the run time of a ftp program and then evaluate the performance of this model.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Staniford S, Moore D, Paxson V,et al. The Top Speed of Flash Worms[C]//Proc 2004 ACM Workshop on Rapid Malcode. Washington D C, USA, ACM Press, 2004:33–42.
Vatis M. Combating Cyber Attacks: The Role of the Research Community [EB/OL]. [2002–03].http://www. hpcc-usa. org/pics/02-pres/vatis. ppt.
Sekar R, Bowen T, Sega M I. On Preventing Intrusions by Process Behavior Monitorin[C]//Proc of the USENIX Intrusion Petection Workshop. Santaclara, USA: The USENIX Association, 1999:29–40.
Sekar R, Bendre M, Dhurjati D,et al. A Fast Automaton-Based for Detecting Anomalous Program Behavior [C]//IEEE Symposium on Security and Privacy. California, USA, May 14–16, 2001.
Sailer R, Doorn L V, Ward J P. The Role of TPM in Enterprise Security[J].Datenschutz and Datensicherheit, 2004,28(9):539–547.
Oltsik J. Enterprise Strategy Group. Trusted Enterprise Security—How the Trusted Computing Group Will Advance Enterprise Security[EB/OL]. [2006-01-02].https://www. trustedcomputinggroup. org/news/Industry_Data/ESG_White_Paper. pdf.
Sailer R, Zhang Xiaolan, Jaeger T,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture [C]//13thUsenix Security Symposium. San Diego, California, USA, Aug 9–13, 2004.
Barrett M F. Towards an Open Trusted Computing Framework[EB/OL]. [2005-02].http://www. cs. auckland. ac. nz/research/theses/2005/mbarrettThesis. pdf.
Sailer R, Jaeger T, Zhang Xiaolan,et al. Attenstation-Based Policy Enforcement for Remote Access [C]//Proc 11th ACM CCS. Washington DC: ACM Press, 2004:308–317.
Haldar V, Chandra D, Franz M. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing[C]//Proceedings of the 3rd USENIX VM Research & Technology Symposium. San Jose, May 6–7, 2004.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (90104005, 60373087, 60473023)
Biography: ZHANG Huanguo (1945-), male, Professor, research direction: information security.
Rights and permissions
About this article
Cite this article
Huanguo, Z., Fan, W. A behavior-based remote trust attestation model. Wuhan Univ. J. Nat. Sci. 11, 1819–1822 (2006). https://doi.org/10.1007/BF02831883
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02831883