层次化软件可信度量模型研究与设计
发布时间:2019-05-24 10:04
【摘要】:信息时代,网络软件安全事件层出不穷,传统威胁逐渐向工控系统蔓延,给工业生产造成极大的损失,现如今工控系统面临前所未有的安全挑战。目前的信息安全技术主要是对软件运行进行安全防御,在软件运行出现问题时再来处理,缺乏对软件整体运行过程的预测和判定。可信计算是解决信息安全问题的核心技术之一,但是目前的可信计算技术大多局限于系统开机时对系统资源的完整性验证上,未对系统运行时软件的动态行为进行度量验证。软件的可信性度量成为可信计算一个亟待解决的关键问题。分析软件的运行背景和运行流程,本文设计了一个层次化软件可信度量模型。该模型从操作系统环境可信性、软件静态完整性和软件动态行为可信性三个层次对软件进行可信度量。度量操作系统环境可信性时,研究分析可信计算组建立信任链的过程,基于USBKEY依次度量OS Loader,OS的完整性,对操作系统加载过程进行可信性度量。度量软件静态完整性时,以软件执行代码、数字签名和出版商信息组合的摘要值作为软件的完整性度量基准,基于WMI机制监控软件启动过程,截获软件的相关信息,计算实际摘要值与完整性度量基准进行比较从而得出软件的完整性度量结果。度量软件动态行为可信性时,使用系统调用序列刻画软件的动态行为,对软件进行静态分析和动态分析,获取系统调用、系统调用短序列和系统调用时间偏移量作为软件动态行为度量基准;监控软件运行的实际行为,拦截软件运行时的系统调用信息,依据动态行为度量基准制定严格的判定规则,从软件控制流、数据流和时序流三个方面来综合判定软件的动态可信性。本文实验测试表明,层次化软件可信度量模型具有较高的准确性、效率和检测能力,有较好的应用价值。
[Abstract]:In the information age, the network software security events emerge in endlessly, and the traditional threat gradually spreads to the industrial control system, which causes great losses to the industrial production. Nowadays, the industrial control system is facing unprecedented security challenges. At present, the information security technology is mainly to defend the software from running, and then deal with it when there are problems in the software operation, and lacks the prediction and judgment of the whole running process of the software. Trusted computing is one of the core technologies to solve the problem of information security, but most of the current trusted computing technologies are limited to the integrity verification of system resources when the system is started, and do not measure and verify the dynamic behavior of the software when the system is running. The measurement of software credibility has become a key problem to be solved in trusted computing. The running background and running flow of the software are analyzed, and a hierarchical software trusted measurement model is designed in this paper. The model measures the credibility of the operating system environment, the static integrity of the software and the dynamic behavior of the software from three levels: the credibility of the operating system environment, the static integrity of the software and the credibility of the dynamic behavior of the software. When measuring the credibility of operating system environment, the process of establishing trust chain by trusted computing group is studied and analyzed. Based on USBKEY, the integrity of OS Loader,OS is measured in turn, and the credibility of operating system loading process is measured. When measuring the static integrity of the software, the summary value of the combination of software execution code, digital signature and publisher information is used as the integrity measurement benchmark of the software. Based on the WMI mechanism, the software startup process is monitored and the relevant information of the software is intercepted. The actual summary value is compared with the integrity measurement benchmark, and the integrity measurement results of the software are obtained. When measuring the credibility of the dynamic behavior of the software, the system call sequence is used to depict the dynamic behavior of the software, the static analysis and dynamic analysis of the software are carried out, and the system call is obtained. The short sequence of system call and the time offset of system call are used as the benchmark of software dynamic behavior measurement. Monitor the actual behavior of the software, intercept the system call information when the software is running, make strict decision rules according to the dynamic behavior measurement benchmark, and control the flow from the software. Three aspects of data flow and sequence flow are used to judge the dynamic credibility of the software. The experimental results show that the hierarchical software trusted measurement model has high accuracy, efficiency and detection ability, and has good application value.
【学位授予单位】:北京工业大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP311.5;TP309
,
本文编号:2484776
[Abstract]:In the information age, the network software security events emerge in endlessly, and the traditional threat gradually spreads to the industrial control system, which causes great losses to the industrial production. Nowadays, the industrial control system is facing unprecedented security challenges. At present, the information security technology is mainly to defend the software from running, and then deal with it when there are problems in the software operation, and lacks the prediction and judgment of the whole running process of the software. Trusted computing is one of the core technologies to solve the problem of information security, but most of the current trusted computing technologies are limited to the integrity verification of system resources when the system is started, and do not measure and verify the dynamic behavior of the software when the system is running. The measurement of software credibility has become a key problem to be solved in trusted computing. The running background and running flow of the software are analyzed, and a hierarchical software trusted measurement model is designed in this paper. The model measures the credibility of the operating system environment, the static integrity of the software and the dynamic behavior of the software from three levels: the credibility of the operating system environment, the static integrity of the software and the credibility of the dynamic behavior of the software. When measuring the credibility of operating system environment, the process of establishing trust chain by trusted computing group is studied and analyzed. Based on USBKEY, the integrity of OS Loader,OS is measured in turn, and the credibility of operating system loading process is measured. When measuring the static integrity of the software, the summary value of the combination of software execution code, digital signature and publisher information is used as the integrity measurement benchmark of the software. Based on the WMI mechanism, the software startup process is monitored and the relevant information of the software is intercepted. The actual summary value is compared with the integrity measurement benchmark, and the integrity measurement results of the software are obtained. When measuring the credibility of the dynamic behavior of the software, the system call sequence is used to depict the dynamic behavior of the software, the static analysis and dynamic analysis of the software are carried out, and the system call is obtained. The short sequence of system call and the time offset of system call are used as the benchmark of software dynamic behavior measurement. Monitor the actual behavior of the software, intercept the system call information when the software is running, make strict decision rules according to the dynamic behavior measurement benchmark, and control the flow from the software. Three aspects of data flow and sequence flow are used to judge the dynamic credibility of the software. The experimental results show that the hierarchical software trusted measurement model has high accuracy, efficiency and detection ability, and has good application value.
【学位授予单位】:北京工业大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP311.5;TP309
,
本文编号:2484776
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2484776.html
