一种可信软件设计方法及可信性评价  被引量：8

作　　者：田俊峰[1] 李珍[1] 刘玉玲[2] 

机构地区：[1]河北大学数学与计算机学院,河北保定071002 [2]河北大学计算中心,河北保定071002

出　　处：《计算机研究与发展》2011年第8期1447-1454,共8页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60873203);河北省杰出青年基金项目(F2010000317);河北省自然科学基金项目(F2010000319);空天信息安全与可信计算教育部重点实验室开放基金项目(AISTC2009_03)

摘　　要：针对可信计算组织TCG(Trusted Computing Group)的信任链无法保障软件运行时动态可信的问题,对该信任链进行扩充,引入对软件运行时动态可信性的检测,提出了可信引擎驱动的可信软件信任链模型,并在此基础上提出了一种可信软件设计方法及可信性评价策略.通过引入描述软件可信行为轨迹的可信视图,在可信软件检查点处植入检查点传感器,将软件可信性融入软件设计中.通过对软件的完整性度量以及运行过程中软件行为轨迹的监测,实现软件的可信性保障.实验分析表明:采用该方法设计的软件能够有效地检测软件异常,并且成功检测软件异常的能力明显优于基于TCG信任链的软件.With the continuous deepening of the application of software in sensitive fields such as finance, military affairs and economy, the requirement of software trustworthiness becomes more urgent. For the problem of the trust chain of Trusted Computing Group （TCG）, which mainly ensure the static trustworthiness of computers and cannot ensure the dynamic trustworthiness of running software, we extend the trust chain of TCG by introducing a trustworthy engine between operating system and application software, and present a trust chain model of trustworthy software driven by the trustworthy engine. We also present an approach of trustworthy software design and its trustworthiness evaluation policies based on the trust chain model of trustworthy software. The software trustworthiness is merged into software design by introducing the trustworthy view which describes the trustworthy behavior trace of software and inserting checkpoint sensor at each checkpoint of trustworthy software. The software trustworthiness is realized by measuring software integrity and monitoring the behavior trace of running software. Experiments and analysis show that the trustworthy software designed with our approach can detect the anomaly of running software effectively, and the ability to detect the anomaly of software successfully of our designed software is better than that of the software based on the trust chain of TCG.

关 键 词：可信软件设计 可信性评价 信任链 软件行为 可信计算 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]