【作者】 杨晓晖；

【导师】 周学海；

【作者基本信息】 中国科学技术大学 ， 计算机系统结构， 2010， 博士

【摘要】 在信息时代,信息作为一种重要的战略资源,所面临的安全形势日益严峻。信息安全事关国家安全和社会稳定,保障信息安全意义重大。可信计算技术从硬件和操作系统做起,从整体上采取综合措施,能够行之有效地提高计算平台的安全性,目前已成为信息安全领域的一个新潮流。但是可信计算的发展还存在一些需要研究解决的问题：一是理论研究滞后于技术实践,至今尚未建立被普遍认可的可信计算理论模型；二是缺少有效的软件动态可信性评测理论与方法,目前的可信评测只是静态完整性度量,并不能保证系统的动态可信性。针对上述问题,提出一个基于Agent的层次化可信系统架构,然后以可信计算平台为基础,分别从软件行为可信性的客观角度和主观角度出发,引入软件行为语义距离的概念体系和主观逻辑的多维动态化扩展思想,按照“理论模型→原型系统→实验验证→理论模型”的研究方法,开展软件行为动态可信理论模型的研究。主要研究成果及创新点如下：①针对现有基于Agent的可信模型结构复杂、无法保障自身安全等问题,提出一个基于Agent的层次化可信系统架构MMA,引入分析Agent、监控Agent和管理Agent,并将其分别部署到可信基础层之上的特征采集层和行为评测层,系统结构简单,可扩展性好；基于信任链的层次化信任扩展机制,从随机性理论入手,提出一个基于“挑战-应答”机制的完整性动态验证模型,利用TPM实现了静态度量与动态验证相结合的Agent可信认证机制,将系统信任链扩展至Agent,从而保证了可信评测系统自身的安全。②从软件行为可信性的客观角度出发,提出行为轨迹、检查点场景和时间戳等概念,分别从控制流、数据流和时序上来刻画软件行为的属性特征,并构建起一个软件行为综合特征树模型TIFSB,为基于软件行为可信性的动态可信评测奠定理论基础；在可信基础层的支持下,实现了基于TPM的软件预期行为分析机制和软件实际行为监控机制,保证了所提取的软件行为特征信息的可信性；提出行为语义距离的概念,通过定义行为轨迹匹配度、检查点场景相似度和时间戳偏离度等软件行为属性相关性度量函数,建立基于模糊理论隶属函数的行为语义距离综合度量机制；并提出一个基于行为语义距离的软件行为自动机模型SBA,实验结果表明其动态评测能力优于现有的一些软件动态可信评测模型。③从实体行为可信性的主观角度出发,针对传统主观逻辑理论没有考虑主观评测结果随时间动态变化的问题,提出对主观逻辑理论进行动态化多维扩展的思想,将传统的二维观点空间扩展为多维动态观点空间；在综合考虑实体行为的声誉和风险的基础上构建起实体可信度评价体系,提出一个基于主观逻辑扩展的实体行为动态可信评测模型DTMESL,实验结果表明该模型对实体恶意行为的反应更加灵敏,检测更加准确,抑制更加有效。通过开展基于软件行为可信性的软件动态可信理论模型的研究,可以促进可信计算技术、尤其是动态可信评测技术的健康发展,不仅具有重要的理论价值,对技术实践也具有很好的指导意义。更多还原

【Abstract】 In the information age, as an important strategic resource, information is facing an increasingly serious security situation. Information security is related to national security and social stability, and ensuring information security is significant.Trusted computing technology takes integrated measures from hardware and operating system, and then effectively improve the security of computing platforms. Although trusted computing technology is becoming a new trend of information security area, there are still some problems need to solve. Firstly, the theoretical researches of trusted computing are behind of technical practice, and there is no generally accepted theoretical models founded. Secondly, there lacks effective theories and methods of software dynamic trusted evaluation. Current trusted evaluation models only implement static integrity measurement, and can not ensure the dynamic trust of systems.In order to solve above problems, an agent-based hierarchical trusted architecture is proposed. With the base of trusted computing platform, a concept architecture of software behavior semantic distance and an idea of multi-dimensional dynamic expansion of subjective logic are introduced separately from the objective and subjective points of view angle of software behavior trust. In accordance with the research method of "theoretical model→prototype system→experimental verification→theoretical model", dynamic trusted theories and models of software behavior are conducted. The followings are main research results and innovations:1) The existing trusted models have complex structures and cannot guarantee the security of themselves. The agent-based hierarchical trusted architecture, which named MMA, has a simple structure and good expandability because MMA distributes analyzer agent, monitor agent and manager agent into the feature acquisition layer and the behavior evaluation layer above on the trusted foundamental layer. Based on the hierarchical trust expansion mechanism of trusted chain and the random theory, a dynamic verification model of integrity is proposed based on the "challenge-response" authentication mechanism, and an agent trusted authentication mechanism is implemented by the combination of static measurement and dynamic verification with TPM. The MMA architecture ensure the security of trusted evaluation system by extending the system trust chain to the agents. 2) In order to build the theoretical foundation of dynamic trusted evaluation model based on software behavior trust, the concepts of behavior trace, checkpoint scene, time stamp, et al., which characterize the properties and features of software behavior, are proposed from the objective point of view angle of software behavior trust, and a tree model of integrated features of software behavior is built. With the support of the trusted foundamental layer and TPM, an analyzing mechanism of expected software behavior and a monitoring mechanism of actual software behavior are implemented to ensure the feature information of software behavior. The concept of behavior semantic distance is proposed and an integrated measurement mechanism of behavior semantic distance is founded based on the membership function of the fuzzy theory, by defining a series of related measurement functions of software behavior properties, such as matching function of behavior trace, similarity function of checkpoint scene, and difference function of time stamp. Finally a software behavior automaton model based on software behavior semantic distance is proposed, and the experimental results show that the dynamic measurement ability of the SBA model is better than some existing dynamic trusted evaluation models of software behavior.3) The traditional theory of subjective logic does not consider the fact that the subjective evaluation results change with the time. A new idea of extending subjective logic theory is proposed from the subjective point of view angle of software behavior trust, while the traditional two-dimensional opinion space is extended to multi-dimensional dynamic opinion space. A dynamic trusted evaluation model of entity behavior based on extended subjective logic is proposed, which is implemented by the reputation and risk evaluation mechanism. The experimental results show that the model can process malicious behavior with more sensitive reaction, more accurate detection, and more effective suppression.The researches on software dynamic trusted theories and models based on software behavior can promote a healthy development of trusted computing, especially dynamic trusted evaluation technology. The research works have not only great theoretical value, but also good guided significence to technical practice.更多还原