CN102073816A - Behavior-based software trusted measurement system and method - Google Patents
Behavior-based software trusted measurement system and method Download PDFInfo
- Publication number
- CN102073816A CN102073816A CN201010618258XA CN201010618258A CN102073816A CN 102073816 A CN102073816 A CN 102073816A CN 201010618258X A CN201010618258X A CN 201010618258XA CN 201010618258 A CN201010618258 A CN 201010618258A CN 102073816 A CN102073816 A CN 102073816A
- Authority
- CN
- China
- Prior art keywords
- software
- behavior
- file
- anticipatory
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a behavior-based software trusted measurement system and a behavior-based software trusted measurement method. The system consists of a basic layer, a core layer and a user layer, wherein the trusted measurement of the software is realized by comparing an expected behavior of the software which is extracted in advance before the software is installed with a behavior in actual running of the software. The method solves the problem of trusted measurement when the software runs so as to ensure that 'an expected behavior achieves an expected target'.
Description
Technical field
The present invention relates to trusted computing method, refer to a kind of especially based on anticipatory behavior and agenda software trust gauging system and method relatively based on behavior.
Background technology
Trusted Computing (Trusted Computing, TC) be one by Trusted Computing tissue (Trusted Computing Group, TCG, before be called TCPA) promote and the technology of exploitation, the TCG definition is credible to be: an entity is believable, if its behavior always reaches the set goal by way of expectations.The main thought of Trusted Computing is to introduce the security that safety chip (credible platform module) improves terminal system on hardware platform, that is to say in each microcomputer terminal and implant a root of trust, begin to hardware platform from root of trust, to the operating system nucleus layer, arrive application layer again, make up trusting relationship, one-level authentication one-level, one-level is trusted one-level, and based on this, expand on the network, set up corresponding trust chain, thereby guarantee the credible of whole network.The extended method that is trust chain is " a limit tolerance, transmit on the limit ".As seen, credible tolerance is the basis of Trusted Computing.
A series of standards have been formulated and announced to the TCG tissue since setting up, wherein, the general view of standard framework is described in detail integrity measurement, storage and report.The integrity measurement that provides in the standard is meant the metric of the platform properties that obtains to influence completeness of platform (credibility), and the summary of metric is deposited in such process in the platform configuration register.Integrity measurement, storage and report three are undivided, and integrity report is meant the process of the integrity measurement value of external demonstrated record in platform configuration register.The idea of integrity measurement, storage and report is that the permission platform enters any possible state, comprises unwelcome state and unsafe state, still, does not allow platform to lie about its residing state.Can with another one independently process assess the integrality state and determine reasonably response.
TCM (Trusted Cryptography Module) is the credible chip of China according to the TPM standard manufacture, for of the use of manufacturer of standard enterprise to TCM, the end of the year 2007, issued " creditable calculation password support platform function and interface specification " by national Password Management office, mainly based on domestic cryptographic algorithm, in conjunction with internal security demand and industrial market, use for reference international advanced reliable computing technology framework and technical concept and autonomous innovation.Point out in the standard that integrity measurement is meant the metric of calculating unit with storage, write down this incident, and metric is charged in the credible password module in the corresponding platform configuration register (PCR) to event log.
No matter be the Trusted Computing standard of TCG standard or China, all only described the confidence level metering method during the system start-up, promptly begin the tolerance of static code and data before the os starting from system power-up.So, some enterprises and scientific research institutions begin the search operation system and on software trust measure and technology.
2003, IBM proposed integrity measurement framework IMA (Integrity Measurement Architecture) according to the TCG standard.IMA is an execution framework of supporting Linux, and the purpose of this framework is in order to solve between the Distributed Application---especially in the middle of distributed working time environment, and the difficult problem of the relation of breaking the wall of mistrust.The course of work of this credible platform is: after the system start-up, give a constant base control; Constant base will be measured the integrality of BIOS, by calculating the cryptographic hash that a SHA1 guarantees its content, the result will be kept among the TPM; Next measure the code of next start-up routine, calculate cryptographic hash equally, guarantee that it is credible; This process is a recursive procedure, is starting up of camping step by step to guarantee system.
2005, Carnegie Mellon University and IBM Watson Research Center proposed to set up for distributed system BIND (the Binding Instruction and Data) framework of trusted context.BIND is refined as the integrity certification of critical code section to the integrity certification of code, and each the group data that produces for critical code section generate an authenticator.Authenticator is attached on the corresponding data, thereby realizes the binding of the output data that integrity certification and its produced of critical code section.Therefore, BIND can by critical code section with and the integrity certification of input data reach the purpose of system integrity proof.But,,, increased the burden of programmer's coding though improved the accuracy of measurement because system inserts the hook function interface that BIND provides by programmer oneself decision metric point and in metric point.And it can't answering system many attacks during operation.
2006, the plug of the Jaeger of Pennsylvania State University (T.Jaeger), IBM Watson Research Center is reined in the mountain of University of California Berkeley gram (U.Shankar) and has been proposed PRIMA (Policy-Reduced Integrity Measurement Architecture) integrity measurement architecture based on information flow, and has studied the prototype system of SE-Linux for the basis.The research work of PRIMA project is expanded and is strengthened one of IMA on the basis of IMA achievement in research, introduce the CW-Lite information flow model and come the processing components dependence, aspect the system integrity dynamic measurement of information flow, carrying out fruitful trial.The realization thinking of PRIMA is as follows: when system start-up, MAC strategy and believable main body collection are measured.By these tolerance, remote parties can make up an information flow chart.Remote parties can be verified that all come from trusted subjects (this main body is verified in working time and is moving believable code) or have through what filter interface was crossed filtration and come from all popular intended application of untrusted main body and trusted application information.Then, measure the information of working time.According to information flow chart, only need to measure the code of required dependence.Other codes all are assumed to incredible.Then also need to measure in loading code and load mapping between this body of code, thereby remote parties can be verified this main body and carried out the code of expection.PRIMA only requires additionally to measure the MAC strategy and in the trusted subjects of load time, and the matching problem between code and the MAC strategy main body, owing to no longer need to measure incredible main body, thus just can reduce a part of metric.The PRIMA structure has demonstrated fully secure operating system for the exemplary operation in the support of trusted application.
The hardware co-processor that one of the Copilot utilization that University of Maryland proposes is independent of main frame realizes that the shortcoming of main frame being scheduled to the integrity measurement .CoPilot of region of memory is that the design realization is complicated, need carry out repeatedly map operation to internal memory, and can only set the tolerance cycle earlier, if its tolerance cycle is longer than the impaired time of process integrity, also may can't find such destruction.
LKIM and follow-up working needle are measured system kernel, and it defines the state that a series of variablees are represented system on the basis of static state tolerance, when these variate-values change, measure again, thus the purpose of realization dynamic measurement.But the static state that it is emphasized tolerance adds state variable and can not represent real dynamic tolerance, and its tolerance at be linux kernel, powerless to common process.
Domestic, the architecture and the prototype system Patos-RIP thereof of integrity measurement when proposition process based on the TPM safety chip in People's University's is moved are in order to the integrality of tolerance process from be created to dead whole life.
The angle that Beijing University of Technology is learned from software action has provided a credible dynamic measurement and proof model.This model has proposed some theorems that are used for Trusted Computing behavior dynamic measurement, and then has provided believable decision method of software action and model based on the tolerance mechanism of the behavior of expansion mark and the authentication mechanism of behavior metric base.
Credible tolerance was through the research in 10 years, from a plurality of angles credible tolerance is explored, tolerance (BIND) based on code is arranged, based on role's tolerance (PRIMA), based on the tolerance (PRIMA) of information flow, based on the tolerance (Copilot) in cycle, based on the tolerance (Patos-RIP) of process, based on the tolerance of internal memory, based on tolerance of software action or the like.Yet what TCG proposed is credible, although the expected leading notion of the behavior that proposed, how its core concept still is confined to the proving program code is to be provided or installed, safeguarded by reliable supvr by reliable supplier.For the dynamic credible tolerance of upper application software in operational process, still ripe without comparison measurement model and solution.
Therefore, the present invention follows the credible thought of TCG, not only the loading code of software is verified, also will set up anticipatory behavior tree and agenda expection tree for software, on the feasible basis of checking anticipatory behavior tree, expection by comparison software and actual behavior track, the environmental context when behavior takes place, environmental parameter etc. realize the credible tolerance to software.
Summary of the invention
The objective of the invention is to propose a kind of software trust measure based on behavior; deviation to agenda and anticipatory behavior in the integrality of code before the rationality of software expects behavior, the software loading, the software running process is measured; guaranteeing the credible of software life-cycle, thereby reach the believable target of the whole infosystem of protection.
To achieve these goals, a kind of software trust gauging system based on behavior, it is characterized in that: described application system comprises with the lower part: basal layer, by forming based on the trusted operating system of Trusted Computing chip hardware, be a credible calculating platform, for the credible tolerance and the credible judgement of core layer provides shoring of foundation; Core layer is made up of credible tolerance and credible judgement two parts, and wherein, credible tolerance part is responsible for acquisition of information, is made up of integrity measurement module, anticipatory behavior acquisition module, agenda acquisition module; Credible judgement part is responsible for the information that credible tolerance part obtains is judged according to decision rule, is contrasted module by integrity verification module, anticipatory behavior authentication module, behavior and form; Application layer is responsible for software loading and operation.
Software comprises source program software and executable program software.
Software provisioning side is meant software vendor, perhaps is meant the credible calculating platform based on the Trusted Computing chip.
A kind of software trust measure that uses said system based on behavior, it may further comprise the steps:
One, obtains software from software provisioning side;
Two, before software loading, described integrity verification module is by the integrality of integrity measurement module tolerance software content;
Three, after integrity checking passed through, described anticipatory behavior acquisition module obtained the anticipatory behavior of software;
Four, the rationality of described anticipatory behavior authentication module verifying software anticipatory behavior;
Five, install software, operating software;
Six, in the software running process, described agenda acquisition module obtains the agenda of software;
Seven, described behavior contrast module compares the difference of anticipatory behavior and agenda, judges the credibility of software.
In described step 3: the anticipatory behavior acquisition module uses the executable program code of dis-assembling static analysis technology analysis software under the situation of operating software not, executable statement to program carries out control flow analysis, and extraction procedure all execution routes that can reach, determine the control structure of program, thereby obtain the anticipatory behavior of software.
In described step 3, the concrete operations step that obtains the anticipatory behavior of software is: 1. the executable program to software utilizes the dis-assembling technology that executable program is converted to assembler source program; 2. scan assembler source program, find all system calls, and all instructions between each system call are recorded as instruction block IB; 3. the title SysCallName that calls of register system; 4. register system is called context SCC; If 5. system call relates to the file call parameters, collect the cryptographic hash of file name, executable file, system file, configuration file, script file, data file, size, update date, action type, file integrality so; 6. with the control flow graph branch instruction is carried out formalization representation; 7. set up the anticipatory behavior tree.
In described step 6: the utilization Hook Mechanism, the generation of system call incident in the monitoring software operational process, the register system calling sequence is with the actual motion state and the extraction agenda of monitoring software.
In described step 2, software integrity checking is meant that the code, file, data of verifying software etc. do not distorted.
In described step 7, the contrast rule is: 1. the agenda tree is compared with the anticipatory behavior tree behind node of every interpolation, and this tree remains the subtree of anticipatory behavior tree; 2. the corresponding sides information of the information on the newly-increased limit of agenda tree and anticipatory behavior tree is compared, judge respectively whether system their system call title SysCallName, system context value SCCV and file integrality cryptographic hash equate.If satisfy this two rules, illustrate that then software realizing re-set target according to the anticipatory behavior mode, otherwise there is potential safety hazard in software, reports to trusted operating system, stops its operation and return back to safe condition.
In described step 4, the behavior rationality comprises the satisfying property of dependence between behavior feasibility, the behavior.
Compared with prior art, the invention has the beneficial effects as follows: in software loading before the system, not only verified the integrality of code and data, also verified the rationality of software expects behavior, and in software loading after system, the difference of agenda by comparison software and known anticipatory behavior has realized the dynamic measurement during the running software, thereby has guaranteed that software is according to " anticipatory behavior has reached re-set target ".
Description of drawings
Fig. 1 is the software trust tolerance overall architecture synoptic diagram based on behavior;
Fig. 2 is anticipatory behavior tree example;
Embodiment
For making feature of the present invention and advantage obtain clearer understanding, below in conjunction with accompanying drawing, be described in detail below: as shown in Figure 1, credible tolerance configuration diagram of the present invention has been described, be divided into 3 layers, lowermost layer is a basal layer, is credible calculating platform, by forming based on the trusted operating system of Trusted Computing chip hardware; The middle layer is a core layer, is made up of credible tolerance and credible judgement two parts, and wherein, credible tolerance part is responsible for acquisition of information, and credible judgement partly is responsible for the information that credible tolerance part obtains is judged according to decision rule; The superiors are application layers, are responsible for software loading and operation.
Software is before loading, the TPM/TCM identity key that integrity measurement module receiving software supplier provides and the cryptographic hash of software for calculation code (adopting SHA1 algorithm or MD5 algorithm to obtain the numerical value of a 120bit respectively) pass to the credible integrity verification module of judging part.The cryptographic hash sequence table of the software code that in store in advance each software vendor's of portion of credible calculating platform TPM/TCM identity key and they can provide, so, the decision rule of integrity verification module is exactly directly to search TPM/TCM identity key and the cryptographic hash that the integrity measurement module obtains in table, if find, show that then software is complete believable, otherwise, stop software loading.
Software is by behind the integrity verification, the executable program code of the static analysis technology that the anticipatory behavior acquisition module uses software inverse engineering technology analysis software under the situation of operating software not, executable statement to program carries out control flow analysis, and extraction procedure all execution routes that can reach, determine the control structure of program, thereby infer the anticipatory behavior of software, set up the anticipatory behavior tree.Concrete steps are: 1. the executable program to software carries out reverse-engineering, utilizes the dis-assembling technology that executable program is converted to assembler source program (static analysis tools commonly used is W32DASM, IDA and HIEW etc.); 2. scan assembler source program, find all system calls, and all instructions between each system call are recorded as instruction block IB; 3. the title SysCallName that calls of register system; 4. register system is called context SCC, it is meant a function call title sequence<FuncName1, FuncName2, FuncName3,, expression FuncName1 calls FuncName2, and FuncName2 calls FuncName3 ..., the computing formula of system call context value SCCV is SCCV=Hash (SCC); If 5. system call relates to the file call parameters, collect the cryptographic hash FIH of file name, type (executable file, system file, configuration file, script file, data file), attribute (size, update date), action type (reading and writing), file integrality so; 6. with the control flow graph branch instruction is carried out formalization representation: CFG=<V, E 〉, V={v wherein
i| v
iCorresponding instruction block IB
i, E={<v
i, v
j| instruction block IB
iTo IB
jBetween exist control to shift; 7. set up anticipatory behavior tree, example as shown in Figure 2, the information representation EI=<SysCallName on every limit, SCCV, FIH 〉.Information stores of anticipatory behavior tree and report realize by trusted storage and the report mechanism of TPM/TCM.The anticipatory behavior tree can specifically be stored as a storehouse or array.
Whether the anticipatory behavior authentication module is responsible for analyzing the information that the anticipatory behavior acquisition module is collected, reasonable, legal, feasible with the anticipatory behavior of judging software.Implementing particularly is TPM/TCM information and the EI that originates according to software, the security strategies such as access control of combining information system self, and whether whether verifying software has the right to carry out system call, have the right visit and executive system file.If by checking, then software can be loaded in the middle of the infosystem, otherwise, the refusal software loading.
Next, software will be loaded in the middle of the infosystem, the beginning dynamic operation.We use Hook Mechanism, the generation of system call incident in the monitoring software operational process, register system calling sequence.(SuSE) Linux OS with open source is an example, and Linux security module LSM (Linux Security Module) provides the relevant Hook Function of a series of safety to realize.The mode of can the employing program implanting, by rewriting the Hook Function relevant with behavior monitoring, realization is to the dynamic interception of the system call of being sent in the software running process, with the actual motion state and the extraction agenda feature of monitoring software.When system call takes place; incident perceptron ES can be triggered; after event adapter EA identification; remove to extract the title SysCallName that current software systems are called behavior by corresponding characteristic extraction method among the incident distributor ED startup method collection MS; the title of the system call context SCC and the file that is called; type; attribute; action type (is read; write); the cryptographic hash FIH of file integrality; calculate SCCH then; the process of setting up of similar anticipatory behavior tree; set up the agenda tree, after TPM carries out integrity protection, report behavior contrast module again.
Behavior contrast module is responsible for contrasting the difference of agenda and anticipatory behavior.The contrast rule is: 1. the agenda tree is compared with the anticipatory behavior tree behind node of every interpolation, and this tree remains the subtree of anticipatory behavior tree; 2. the corresponding sides information of the information on the newly-increased limit of agenda tree and anticipatory behavior tree is compared, judge respectively whether system their system call title SysCallName, system context value SCCV and file integrality cryptographic hash equate.If satisfy this two rules, illustrate that then software realizing re-set target according to the anticipatory behavior mode, otherwise there is potential safety hazard in software, reports to trusted operating system, stops its operation and return back to safe condition.
Above-described example has been done detailed explanation to the implementation of various piece of the present invention; but specific implementation form of the present invention is not limited thereto; for the those skilled in the art in present technique field, the various conspicuous change of under the situation of spirit that does not deviate from the method for the invention and claim scope it being carried out is all within protection scope of the present invention.
Claims (10)
1. software trust gauging system based on behavior, it is characterized in that: described application system comprises with the lower part:
Basal layer by forming based on the trusted operating system of Trusted Computing chip hardware, is a credible calculating platform, for the credible tolerance and the credible judgement of core layer provides shoring of foundation;
Core layer is made up of credible tolerance and credible judgement two parts, and wherein, credible tolerance part is responsible for acquisition of information, is made up of integrity measurement module, anticipatory behavior acquisition module, agenda acquisition module; Credible judgement part is responsible for the information that credible tolerance part obtains is judged according to decision rule, is contrasted module by integrity verification module, anticipatory behavior authentication module, behavior and form;
Application layer is responsible for software loading and operation.
2. the software trust gauging system based on behavior as claimed in claim 1 is characterized in that: software comprises source program software and executable program software.
3. the software trust gauging system based on behavior as claimed in claim 1, it is characterized in that: software provisioning side is meant software vendor, perhaps is meant the credible calculating platform based on the Trusted Computing chip.
4. software trust measure that uses each described system of claim 1-3 based on behavior, it is characterized in that: it may further comprise the steps:
One, obtains software from software provisioning side;
Two, before software loading, described integrity verification module is by the integrality of integrity measurement module tolerance software content;
Three, after integrity checking passed through, described anticipatory behavior acquisition module obtained the anticipatory behavior of software;
Four, the rationality of described anticipatory behavior authentication module verifying software anticipatory behavior;
Five, install software, operating software;
Six, in the software running process, described agenda acquisition module obtains the agenda of software;
Seven, described behavior contrast module compares the difference of anticipatory behavior and agenda, judges the credibility of software.
5. method as claimed in claim 4, it is characterized in that: in described step 3: the anticipatory behavior acquisition module uses the executable program code of dis-assembling static analysis technology analysis software under the situation of operating software not, executable statement to program carries out control flow analysis, and extraction procedure all execution routes that can reach, determine the control structure of program, thereby obtain the anticipatory behavior of software.
6. method as claimed in claim 5 is characterized in that: in described step 3, the concrete operations step that obtains the anticipatory behavior of software is: 1. the executable program to software utilizes the dis-assembling technology that executable program is converted to assembler source program; 2. scan assembler source program, find all system calls, and all instructions between each system call are recorded as instruction block; 3. the title called of register system; 4. register system is called context; If 5. system call relates to the file call parameters, collect the cryptographic hash of file name, executable file, system file, configuration file, script file, data file, size, update date, action type, file integrality so; 6. with the control flow graph branch instruction is carried out formalization representation; 7. set up the anticipatory behavior tree.
7. method as claimed in claim 4, it is characterized in that: in described step 6: the utilization Hook Mechanism, the generation of system call incident in the monitoring software operational process, the register system calling sequence is with the actual motion state and the extraction agenda of monitoring software.
8. method as claimed in claim 4 is characterized in that: in described step 2, software integrity checking is meant that the code, file, data of verifying software etc. do not distorted.
9. method as claimed in claim 6, it is characterized in that: in described step 7, to be same as the process of setting up of anticipatory behavior tree, set up the agenda tree, and the contrast rule is: 1. the agenda tree is behind node of every interpolation, compare with the anticipatory behavior tree, this tree remains the subtree of anticipatory behavior tree; 2. the corresponding sides information of the information on the newly-increased limit of agenda tree and anticipatory behavior tree is compared, judge respectively whether their system call title of system, system context value and file integrality cryptographic hash equate; If satisfy this two rules, illustrate that then software realizing re-set target according to the anticipatory behavior mode, otherwise there is potential safety hazard in software, reports to trusted operating system, stops its operation and return back to safe condition.
10. method as claimed in claim 4 is characterized in that: in described step 4, the behavior rationality comprises the satisfying property of dependence between behavior feasibility, the behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010618258XA CN102073816A (en) | 2010-12-31 | 2010-12-31 | Behavior-based software trusted measurement system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010618258XA CN102073816A (en) | 2010-12-31 | 2010-12-31 | Behavior-based software trusted measurement system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102073816A true CN102073816A (en) | 2011-05-25 |
Family
ID=44032353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010618258XA Pending CN102073816A (en) | 2010-12-31 | 2010-12-31 | Behavior-based software trusted measurement system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102073816A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103226676A (en) * | 2013-03-04 | 2013-07-31 | 北京密安网络技术股份有限公司 | Mixed method for measuring creditability of application software |
| CN103577748A (en) * | 2013-11-20 | 2014-02-12 | 北京可信华泰信息技术有限公司 | Dynamic measuring method based on dependable computing and management system |
| CN104298917A (en) * | 2014-11-14 | 2015-01-21 | 北京航空航天大学 | Virtual machine application program completeness measuring method based on TPM |
| CN105718807A (en) * | 2016-01-26 | 2016-06-29 | 东北大学 | Android system based on software TCM and trusted software stack and trusted authentication system and method thereof |
| CN105940408A (en) * | 2013-10-10 | 2016-09-14 | 英特尔公司 | Platform-enforced user accountability |
| CN106155658A (en) * | 2015-04-08 | 2016-11-23 | 广州四三九九信息科技有限公司 | The behavior tree editing machine realized based on U3D Plugin Mechanism |
| CN106708732A (en) * | 2016-12-12 | 2017-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | Software running detection method based on feature codes |
| CN108038371A (en) * | 2012-10-19 | 2018-05-15 | 迈克菲有限公司 | Data loss prevention for mobile computing device |
| CN108229170A (en) * | 2018-02-02 | 2018-06-29 | 中科软评科技(北京)有限公司 | Utilize big data and the software analysis method and device of neural network |
| CN109165509A (en) * | 2018-08-31 | 2019-01-08 | 武汉轻工大学 | The software method of credible measurement, equipment, system and storage medium in real time |
| CN109255232A (en) * | 2018-08-30 | 2019-01-22 | 紫光华山信息技术有限公司 | A kind of method for loading software and software loading apparatus |
| CN110162734A (en) * | 2019-04-17 | 2019-08-23 | 重庆第二师范学院 | A kind of fractional calculus algorithm solving system and method |
| CN110268411A (en) * | 2017-02-06 | 2019-09-20 | 华为技术有限公司 | Control stream integrality in computer system based on processor tracking implementing |
| CN111161012A (en) * | 2019-12-05 | 2020-05-15 | 广州二空间信息服务有限公司 | Information pushing method and device and computer equipment |
| CN111814138A (en) * | 2020-06-30 | 2020-10-23 | 郑州信大先进技术研究院 | Software security management system based on cloud platform |
| CN112035844A (en) * | 2020-08-31 | 2020-12-04 | 全球能源互联网研究院有限公司 | System and method for acquiring trust state of terminal and computer equipment |
| CN112257071A (en) * | 2020-10-23 | 2021-01-22 | 江西畅然科技发展有限公司 | Credibility measurement control method based on state and behavior of sensing layer of Internet of things |
| CN113014569A (en) * | 2021-02-22 | 2021-06-22 | 深圳供电局有限公司 | Network security management method and system for intelligent oscillograph |
| CN113590463A (en) * | 2021-06-21 | 2021-11-02 | 中国人民解放军陆军装甲兵学院 | Software reliability measurement method based on non-intrusive dynamic monitoring |
| CN117369795A (en) * | 2023-12-06 | 2024-01-09 | 中国科学院自动化研究所 | Behavior tree model reachability analysis method and device for unmanned aerial vehicle decision |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
-
2010
- 2010-12-31 CN CN201010618258XA patent/CN102073816A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
Non-Patent Citations (2)
| Title |
|---|
| 《中国博士论文全文数据库》 20100915 杨晓晖 软件行为动态可信理论模型研究 摘要,参见正文第2和3章,图2.1、图2.2、图3.3(d)、图3.10 1-10 , * |
| 《电子学报》 20070731 李晓勇等 基于***行为的计算平台可信证明 1234-1238 1-10 第35卷, 第7期 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108038371A (en) * | 2012-10-19 | 2018-05-15 | 迈克菲有限公司 | Data loss prevention for mobile computing device |
| CN103226676A (en) * | 2013-03-04 | 2013-07-31 | 北京密安网络技术股份有限公司 | Mixed method for measuring creditability of application software |
| CN105940408A (en) * | 2013-10-10 | 2016-09-14 | 英特尔公司 | Platform-enforced user accountability |
| CN103577748A (en) * | 2013-11-20 | 2014-02-12 | 北京可信华泰信息技术有限公司 | Dynamic measuring method based on dependable computing and management system |
| CN103577748B (en) * | 2013-11-20 | 2017-01-18 | 北京可信华泰信息技术有限公司 | Dynamic measuring method based on dependable computing and management system |
| CN104298917A (en) * | 2014-11-14 | 2015-01-21 | 北京航空航天大学 | Virtual machine application program completeness measuring method based on TPM |
| CN106155658B (en) * | 2015-04-08 | 2019-03-05 | 广州四三九九信息科技有限公司 | The behavior tree editing machine realized based on U3D Plugin Mechanism |
| CN106155658A (en) * | 2015-04-08 | 2016-11-23 | 广州四三九九信息科技有限公司 | The behavior tree editing machine realized based on U3D Plugin Mechanism |
| CN105718807A (en) * | 2016-01-26 | 2016-06-29 | 东北大学 | Android system based on software TCM and trusted software stack and trusted authentication system and method thereof |
| CN105718807B (en) * | 2016-01-26 | 2018-08-03 | 东北大学 | Android system and its authentic authentication system based on soft TCM and credible software stack and method |
| CN106708732A (en) * | 2016-12-12 | 2017-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | Software running detection method based on feature codes |
| CN110268411B (en) * | 2017-02-06 | 2021-04-20 | 华为技术有限公司 | Control flow integrity for processor trace-based enforcement in computer systems |
| CN110268411A (en) * | 2017-02-06 | 2019-09-20 | 华为技术有限公司 | Control stream integrality in computer system based on processor tracking implementing |
| CN108229170A (en) * | 2018-02-02 | 2018-06-29 | 中科软评科技(北京)有限公司 | Utilize big data and the software analysis method and device of neural network |
| CN109255232A (en) * | 2018-08-30 | 2019-01-22 | 紫光华山信息技术有限公司 | A kind of method for loading software and software loading apparatus |
| CN109165509A (en) * | 2018-08-31 | 2019-01-08 | 武汉轻工大学 | The software method of credible measurement, equipment, system and storage medium in real time |
| CN109165509B (en) * | 2018-08-31 | 2023-03-10 | 武汉轻工大学 | Method, device, system and storage medium for measuring real-time credibility of software |
| CN110162734A (en) * | 2019-04-17 | 2019-08-23 | 重庆第二师范学院 | A kind of fractional calculus algorithm solving system and method |
| CN111161012A (en) * | 2019-12-05 | 2020-05-15 | 广州二空间信息服务有限公司 | Information pushing method and device and computer equipment |
| CN111814138A (en) * | 2020-06-30 | 2020-10-23 | 郑州信大先进技术研究院 | Software security management system based on cloud platform |
| CN112035844A (en) * | 2020-08-31 | 2020-12-04 | 全球能源互联网研究院有限公司 | System and method for acquiring trust state of terminal and computer equipment |
| CN112257071A (en) * | 2020-10-23 | 2021-01-22 | 江西畅然科技发展有限公司 | Credibility measurement control method based on state and behavior of sensing layer of Internet of things |
| CN113014569A (en) * | 2021-02-22 | 2021-06-22 | 深圳供电局有限公司 | Network security management method and system for intelligent oscillograph |
| CN113590463A (en) * | 2021-06-21 | 2021-11-02 | 中国人民解放军陆军装甲兵学院 | Software reliability measurement method based on non-intrusive dynamic monitoring |
| CN117369795A (en) * | 2023-12-06 | 2024-01-09 | 中国科学院自动化研究所 | Behavior tree model reachability analysis method and device for unmanned aerial vehicle decision |
| CN117369795B (en) * | 2023-12-06 | 2024-03-01 | 中国科学院自动化研究所 | Behavior tree model reachability analysis method and device for unmanned aerial vehicle decision |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102073816A (en) | Behavior-based software trusted measurement system and method | |
| KR102406533B1 (en) | Traceable Key Block-Chain Ledger | |
| CN103577748B (en) | Dynamic measuring method based on dependable computing and management system | |
| CN102436566B (en) | Dynamic trusted measurement method and safe embedded system | |
| US11093258B2 (en) | Method for trusted booting of PLC based on measurement mechanism | |
| CN103038745B (en) | Extension integrity measurement | |
| CN102136043B (en) | Computer system and measuring method thereof | |
| CN102622536B (en) | Method for catching malicious codes | |
| US11888966B2 (en) | Adaptive security for smart contracts using high granularity metrics | |
| CN106133743A (en) | For optimizing the system and method for the scanning of pre-installation application program | |
| CN111159691B (en) | Dynamic credibility verification method and system for application program | |
| CN104517057A (en) | Software hybrid measure method based on trusted computing | |
| CN102509046A (en) | Globally valid measured operating system launch with hibernation support | |
| Liao et al. | Towards provenance-based anomaly detection in MapReduce | |
| CN105046138A (en) | FT-processor based trust management system and method | |
| Larsen et al. | Cloudvaults: Integrating trust extensions into system integrity verification for cloud-based environments | |
| CN104933358A (en) | Computer immune system design method and realization | |
| Zhou et al. | Cssp: The consortium blockchain model for improving the trustworthiness of network software services | |
| Bertolino et al. | Coverage-based test cases selection for XACML policies | |
| CN109766688A (en) | A kind of Linux program run time verification based on Merkle tree and management-control method and system | |
| CN117032831A (en) | Trusted DCS upper computer system, starting method thereof and software starting method thereof | |
| CN202003361U (en) | Credible computer system | |
| CN109947403B (en) | Decomposition and modeling method of safety target and related equipment | |
| KR20200131685A (en) | Method and apparatus for verifying executable code integrity, embedded device including the same | |
| Tabrizi et al. | Intrusion detection system for embedded systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIHANG UNIVERSITY Free format text: FORMER OWNER: LAN YUQING Effective date: 20130718 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100084 HAIDIAN, BEIJING TO: 100191 HAIDIAN, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20130718 Address after: 100191 Haidian District, Xueyuan Road, No. 37, Applicant after: Beihang University Address before: 205, room 2, building 15, building 100084, brown stone garden, Dongmen east gate, Old Summer Palace, Beijing, Haidian District Applicant before: Lan Yuqing |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110525 |