|
|
|
| TPM-Based Dynamic Integrity Measurement Architecture |
| Liu Zi-wen①②; Feng Deng-guo② |
| ①Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China; ②State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China |
|
|
|
|
Abstract This paper presents a TPM-based architecture DIMA (Dynamic Integrity Measurement Architecture), which helps the administrators check the integrity of the processes and modules dynamically. Compares with other measurement architectures, DIMA uses a new mechanism to provide dynamic measurement of the running processes and kernel modules. Some attacks to running processes which use to be invisible to other integrity measurement architectures can be now detected. In this case, DIMA solves the TOC-TOU problem which always bothers others before. In addition, instead of measuring the whole file on the hard disk, the object is divided into some small pieces: code, parameter, stack and so on to make a fine-grained measurement result. Finally, the DIMA implementation using Trust Computing Module (TPM) is discussed and the performance data is presented.
|
|
Received: 26 March 2009
|
|
|
|
Corresponding Authors:
Liu Zi-wen
|
|
|
|
|
|
|
2010, Vol. 32 
