【摘要】：信息時代,網(wǎng)絡(luò)軟件安全事件層出不窮,傳統(tǒng)威脅逐漸向工控系統(tǒng)蔓延,給工業(yè)生產(chǎn)造成極大的損失,現(xiàn)如今工控系統(tǒng)面臨前所未有的安全挑戰(zhàn)。目前的信息安全技術(shù)主要是對軟件運行進行安全防御,在軟件運行出現(xiàn)問題時再來處理,缺乏對軟件整體運行過程的預(yù)測和判定�？尚庞嬎闶墙鉀Q信息安全問題的核心技術(shù)之一,但是目前的可信計算技術(shù)大多局限于系統(tǒng)開機時對系統(tǒng)資源的完整性驗證上,未對系統(tǒng)運行時軟件的動態(tài)行為進行度量驗證。軟件的可信性度量成為可信計算一個亟待解決的關(guān)鍵問題。分析軟件的運行背景和運行流程,本文設(shè)計了一個層次化軟件可信度量模型。該模型從操作系統(tǒng)環(huán)境可信性、軟件靜態(tài)完整性和軟件動態(tài)行為可信性三個層次對軟件進行可信度量。度量操作系統(tǒng)環(huán)境可信性時,研究分析可信計算組建立信任鏈的過程,基于USBKEY依次度量OS Loader,OS的完整性,對操作系統(tǒng)加載過程進行可信性度量。度量軟件靜態(tài)完整性時,以軟件執(zhí)行代碼、數(shù)字簽名和出版商信息組合的摘要值作為軟件的完整性度量基準(zhǔn),基于WMI機制監(jiān)控軟件啟動過程,截獲軟件的相關(guān)信息,計算實際摘要值與完整性度量基準(zhǔn)進行比較從而得出軟件的完整性度量結(jié)果。度量軟件動態(tài)行為可信性時,使用系統(tǒng)調(diào)用序列刻畫軟件的動態(tài)行為,對軟件進行靜態(tài)分析和動態(tài)分析,獲取系統(tǒng)調(diào)用、系統(tǒng)調(diào)用短序列和系統(tǒng)調(diào)用時間偏移量作為軟件動態(tài)行為度量基準(zhǔn);監(jiān)控軟件運行的實際行為,攔截軟件運行時的系統(tǒng)調(diào)用信息,依據(jù)動態(tài)行為度量基準(zhǔn)制定嚴格的判定規(guī)則,從軟件控制流、數(shù)據(jù)流和時序流三個方面來綜合判定軟件的動態(tài)可信性。本文實驗測試表明,層次化軟件可信度量模型具有較高的準(zhǔn)確性、效率和檢測能力,有較好的應(yīng)用價值。
[Abstract]:In the information age, the network software security events emerge in endlessly, and the traditional threat gradually spreads to the industrial control system, which causes great losses to the industrial production. Nowadays, the industrial control system is facing unprecedented security challenges. At present, the information security technology is mainly to defend the software from running, and then deal with it when there are problems in the software operation, and lacks the prediction and judgment of the whole running process of the software. Trusted computing is one of the core technologies to solve the problem of information security, but most of the current trusted computing technologies are limited to the integrity verification of system resources when the system is started, and do not measure and verify the dynamic behavior of the software when the system is running. The measurement of software credibility has become a key problem to be solved in trusted computing. The running background and running flow of the software are analyzed, and a hierarchical software trusted measurement model is designed in this paper. The model measures the credibility of the operating system environment, the static integrity of the software and the dynamic behavior of the software from three levels: the credibility of the operating system environment, the static integrity of the software and the credibility of the dynamic behavior of the software. When measuring the credibility of operating system environment, the process of establishing trust chain by trusted computing group is studied and analyzed. Based on USBKEY, the integrity of OS Loader,OS is measured in turn, and the credibility of operating system loading process is measured. When measuring the static integrity of the software, the summary value of the combination of software execution code, digital signature and publisher information is used as the integrity measurement benchmark of the software. Based on the WMI mechanism, the software startup process is monitored and the relevant information of the software is intercepted. The actual summary value is compared with the integrity measurement benchmark, and the integrity measurement results of the software are obtained. When measuring the credibility of the dynamic behavior of the software, the system call sequence is used to depict the dynamic behavior of the software, the static analysis and dynamic analysis of the software are carried out, and the system call is obtained. The short sequence of system call and the time offset of system call are used as the benchmark of software dynamic behavior measurement. Monitor the actual behavior of the software, intercept the system call information when the software is running, make strict decision rules according to the dynamic behavior measurement benchmark, and control the flow from the software. Three aspects of data flow and sequence flow are used to judge the dynamic credibility of the software. The experimental results show that the hierarchical software trusted measurement model has high accuracy, efficiency and detection ability, and has good application value.
【學(xué)位授予單位】：北京工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP311.5;TP309
，

本文編號：2484776