PIMS:An Efficient Process Integrity Monitoring System Based on Blockchain and Trusted Computing in Cloud-Native Context  

作　　者：Miaomiao Yang Guosheng Huang Junwei Liu Yanshuang Gui Qixu Wang Xingshu Chen 

机构地区：[1]Cyber Science Research Institute of Sichuan University,Chengdu,610207,China [2]Cyber Science and Engineering of Sichuan University,Chengdu,610207,China [3]China Mobile(Suzhou)Software Technology,China Mobile,Suzhou,215163,China

出　　处：《Computer Modeling in Engineering & Sciences》2023年第8期1879-1898,共20页工程与科学中的计算机建模（英文）

基　　金：supported by China’s National Natural Science Foundation (U19A2081,61802270,61802271);Ministry of Education and China Mobile Research Fund Project (MCM20200102,CM20200409);Sichuan University Engineering Characteristic Team Project 2020SCUNG129.

摘　　要：With the advantages of lightweight and high resource utilization,cloud-native technology with containers as the core is gradually becoming themainstreamtechnical architecture for information infrastructure.However,malware attacks such as Doki and Symbiote threaten the container runtime’s security.Malware initiates various types of runtime anomalies based on process form(e.g.,modifying the process of a container,and opening the external ports).Fortunately,dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime.Nevertheless,the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions.As a result,the existing dynamicmonitoringmechanismis still not practical enough.To ensure the trustworthiness of the baseline value data and,simultaneously,to achieve the integrity verification of the monitored process,we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS.Firstly,the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature.Then,design a new format for storing measurement logs,easily distinguishing files with the same name in different containers from log information.Meanwhile,the baseline value data is stored on the blockchain to avoidmalicious damage.Finally,trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container,detect abnormal containers in time and control them.We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS.Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.

关 键 词：Blockchain-based protection dynamic monitoring remote attestation integrity verification 

分 类 号：TP277[自动化与计算机技术—检测技术与自动化装置]