Information-flow-based measurement architecture of trusted operating system

doi:10.7523/j.issn.2095-6134.2009.4.014

›› 2009, Vol. 26 ›› Issue (4): 522-529.DOI: 10.7523/j.issn.2095-6134.2009.4.014

• Research Articles • Previous Articles Next Articles

Information-flow-based measurement architecture of trusted operating system

HU Hao^1,2,3, ZHANG Min^2,3, FENG Deng-Guo²

1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China;
2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
3. National Engineering Research Center of Information Security, Beijing 100190, China

Received:2009-02-20 Revised:2009-04-07 Online:2009-07-15

Abstract

Abstract:

We are motivated to provide better protection for operating system integrity with the help of information flow integrity and trusted computing. Traditional measurement based on trusted computing is poor in dynamic measurement and efficiency, while Biba fails in practical application because of its monotonic behavior. In this paper, we design an information flow integrity architecture called BIFI based on classical integrity model Biba with TPM as root of trust. Experiments show that BIFI protects information flow integrity effectively with only a few changes to existing systems.

Key words: operating system integrity, information flow, trusted computing, integrity measurement

CLC Number:

TP309

HU Hao, ZHANG Min, FENG Deng-Guo. Information-flow-based measurement architecture of trusted operating system[J]. , 2009, 26(4): 522-529.

References

[1] Trusted Computing Group. TPM Specification Version 1.2, Revision 103. http://www.trustedcomputinggroup.org, March 2007.

[2] Sailer R,Zhang X L,Jaeger T,et al. Design and implementation of a TCG-based integrity measurement architecture //Proceedings of the 13th USENIX Security Symposium, 2004. San Diego,2004.

[3] Jaeger T, Sailer R, Shankar U. PRIMA: policy-reduced integrity measurement architecture //Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies SACMAT. 2006.

[4] Biba K J. Integrity considerations for secure computer systems. Technical Report MTR-3153 .Mitre Corporation, Mitre Corp, Bedford MA, 1975.

[5] Timothy F. Lomac: Low water-mark integrity protection for cots environments //Proceedings of the 2000 IEEE Symposium on Security and Privacy. Washington DC, USA: IEEE Computer Society,2000.

[6] Guttman J, Herzog A, Ramsdell J. Information flow in operating systems: Eager formal methods //Workshop on Issues in the Theory of Security. 2003.

[7] Jedidiah R C, S Felix W U. Minos: Architectural support for protecting control data
[J]. ACM Transactions on Architecture and Code Optimization, 2006,3(4):359-389.

[8] Neil V, Matthew J B, Jonathan C,et al.RIFLE: An architectural framework for user-centric information-flow security //Proceedings of the 37th International Symposium on Microarchitecture, 2004.

[9] Clark D D,Wilson D R. A comparison of commercial and military computer security policies //Proceedings of the 1987 IEEE Symposium on Security and Privacy. 1987.

[10] Huang Q, Shen C X, Chen Y L, et al. Secrecy/integrity union MLS policy based on trusting computing
[J]. Computer Engineering and Applications, 2006, 42(10): 15-18 (in Chinese). 黄强,沈昌祥,陈幼蕾,等. 基于可信计算的保密和完整性统一安全策略 .计算机工程与应用,2006,42(10):15-18.

[11] Sean W S. Outbound authentication for programmable secure coprocessors //Proceedings of the 7th European Symposium on Research in Computer Security.London:Springer-Verlag,2002.

[12] Dieter G. Computer Security
[M].London:John Wiley & Sons Press,1999.

[13] National Security Agency. Security-Enhanced Linux(SELinux). http://www.nsa.gov/selinux, 2001.

[14] Jaeger T, Sailer R, Zhang X L. Analyzing integrity protection in the SELinux example policy //Proceedings of the 12th USENIX Security Symposium. USENIX,2003.

[15] Kuhn U, Selhorst M, Stuble C. Realizing property-based attestation and sealing with commonly available hard-and software //Proceedings of 2nd ACM Workshop on Scalable Trusted Computing. 2007.

[16] Feng DG, Qin Y. Research on attestation method for trust computing environment
[J]. Chinese Journal of Computers,2008,31(9):1640-1652(in Chinese). 冯登国, 秦宇. 可信计算环境证明方法研究
[J]. 计算机学报, 2008,31(9):1640-1652.

[17] Dalton C, Plaquin D, Weidner W,et al.Trusted virtual platforms: a key enabler for converged client devices
[J]. ACM SIGOPS Operating Systems Review,2009,43(1): 36-43.

Information-flow-based measurement architecture of trusted operating system

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 5

Recommended Articles

Metrics

Comments

[1]	LI Yan, SUN Yang, CHEN Wen. Construction of space of information flows and assessment of network resilience from reflexive perspective: a case study of Baidu index in Yangtze River Delta [J]. Journal of University of Chinese Academy of Sciences, 2021, 38(1): 62-72.
[2]	LI Fenghai, ZHANG Bailong, DU Jiao, SONG Yan, LI Shuang. An anti-lost scheme for confidential files based on trusted computation [J]. , 2015, 32(5): 714-720.
[3]	SHEN Li-Hong, XU Zhen. Electronic cash based on trusted computing platform [J]. , 2009, 26(5): 712-719.
[4]	XU Zhen , SHEN Li-Hong , Wang Dan. LOIS grub: A configurable trusted booting system [J]. Journal of University of Chinese Academy of Sciences, 2008, 25(5): 626-630.
[5]	CUI Qi, SHI Wen-Chang. An approach for compliance validation of TPM through applications [J]. Journal of University of Chinese Academy of Sciences, 2008, 25(5): 657-664.