位置:成果数据库 > 期刊 > 期刊详情页
一种可信软件设计方法及可信性评价
  • 期刊名称:计算机研究与发展
  • 时间:0
  • 页码:1447-1454
  • 语言:中文
  • 分类:TP393.08[自动化与计算机技术—计算机应用技术;自动化与计算机技术—计算机科学与技术]
  • 作者机构:[1]河北大学数学与计算机学院,河北保定071002, [2]河北大学计算中心,河北保定071002
  • 相关基金:国家自然科学基金项目(60873203);河北省杰出青年基金项目(F2010000317);河北省自然科学基金项目(F2010000319);空天信息安全与可信计算教育部重点实验室开放基金项目(AISTC2009-03)
  • 相关项目:基于实体行为特征的动态信任关系管理模型
中文摘要:

针对可信计算组织TCG(Trusted Computing Group)的信任链无法保障软件运行时动态可信的问题,对该信任链进行扩充,引入对软件运行时动态可信性的检测,提出了可信引擎驱动的可信软件信任链模型,并在此基础上提出了一种可信软件设计方法及可信性评价策略.通过引入描述软件可信行为轨迹的可信视图,在可信软件检查点处植入检查点传感器,将软件可信性融入软件设计中.通过对软件的完整性度量以及运行过程中软件行为轨迹的监测,实现软件的可信性保障.实验分析表明:采用该方法设计的软件能够有效地检测软件异常,并且成功检测软件异常的能力明显优于基于TCG信任链的软件.

英文摘要:

With the continuous deepening of the application of software in sensitive fields such as finance, military affairs and economy, the requirement of software trustworthiness becomes more urgent. For the problem of the trust chain of Trusted Computing Group (TCG), which mainly ensure the static trustworthiness of computers and cannot ensure the dynamic trustworthiness of running software, we extend the trust chain of TCG by introducing a trustworthy engine between operating system and application software, and present a trust chain model of trustworthy software driven by the trustworthy engine. We also present an approach of trustworthy software design and its trustworthiness evaluation policies based on the trust chain model of trustworthy software. The software trustworthiness is merged into software design by introducing the trustworthy view which describes the trustworthy behavior trace of software and inserting checkpoint sensor at each checkpoint of trustworthy software. The software trustworthiness is realized by measuring software integrity and monitoring the behavior trace of running software. Experiments and analysis show that the trustworthy software designed with our approach can detect the anomaly of running software effectively, and the ability to detect the anomaly of software successfully of our designed software is better than that of the software based on the trust chain of TCG.

同期刊论文项目
同项目期刊论文