Research Article Research on Dynamic Integrity Measurement...

Research ArticleResearch on Dynamic Integrity Measurement Model Based onMemory Paging Mechanism

Chaowen Chang Xin Chen Shuai Wang and Qinghai Xiao

Zhengzhou Institute of Information Science and Technology No 307 Henan 450004 China

Correspondence should be addressed to Chaowen Chang changchaowen5163com

Received 2 November 2013 Accepted 10 December 2013 Published 9 January 2014

Academic Editor Guoliang Wei

Copyright copy 2014 Chaowen Chang et al This is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in any medium provided the original work is properlycited

In order to solve the existed problems of dynamic integrity measurement method a dynamic integrity measurement model basedon Memory Paging Mechanism is proposed in this paper The model takes memory pages of executable subjects as measurementobjects When the pages are scheduled into memory the measurement points are inserted the pages are measured and theirintegrities are verifiedThemodel is able to insure the integrity and trust of each executable page and assure that the integrity of thewhole executable subjects is not destroyed To verify this model XEN hypercall mechanism is used to acquire executable subjectsrsquopages scheduled into memory and the integrity measurement and verification codes are put into hypercall handler Accordinglydynamic integrity measurement to executable subjects is implemented

1 Introduction

Trusted computing technology is derived from safety guid-ance file of Rainbow Series information system launchedby the USA in 1983 In 1999 TCG firstly presented theconcepts of Trusted Computing Platform (TCP) and TrustedPlatform Module (TPM) and proposed the specific structureand technology route of TCP system [1]

The cores of trusted computing technology are trustedcomputing base and trusted chain [2 3] and trusted mea-surement is a key problem of this technology [4 5] Trustedcomputing puts the integrity as a fundamental attribute oftrust The reliability of the platform is depending on whetherthe integritymeasurement value is equal to the correspondingintegrity reference value

The integrity measurement can comprise static mea-surement and dynamic measurement The objects of staticmeasurement are executable parts loaded into the platformduring startup such as BIOS OS Loader and operatingsystem kernel The objects of dynamic measurement areexecutable subjects including code data and library fileThestaticmeasurement is a fixed sequence of single-chain process[6] and themeasurement process is still unchangedwhen the

operations of the platform change Different from the staticmeasurement the process of dynamic measurement is multi-ple and unordered and the time and space of object loadingand running are not fixed Obviously the dynamic measure-ment ismore accurate to describe and evaluate the integrity ofthe platform and it can also get more attention and research[7]

Integrity Measurement Architecture (IMA) [8] is a well-known integrity measurement structure developed by IBMBased on the measurement methods of TCG IMA expandsthe content of integrity measurement and uses an executablesubject dynamic loader kernel module and dynamic linklibrary as measurement objects to measure the integrityof executable subject Policy Reduced Integrity Measure-ment Architecture (PRIMA) [9] proposes a policy-reducedintegrity measurement structure to solve the problem ofloading time measurement

The Secure Bus (SB) [10] is a trusted computing architec-ture proposed by George Mason University The architectureuses TPM as a trusted root and adds a Secure Kernel (SK) anda SB The trusted relationship is transmitted in accordancewith the order of hardware SK operation system SB andexecutable subject SK is located between the hardware and

Hindawi Publishing CorporationDiscrete Dynamics in Nature and SocietyVolume 2014 Article ID 478985 7 pageshttpdxdoiorg1011552014478985

2 Discrete Dynamics in Nature and Society

operation system kernel and isolates the program processesfrom the underlying hardware SB performs a dynamicintegrity measurement for each program process that makesa hash operation for input and output data and makes asignature for output data A new embedded measurementmodule has been designed based on SBmeasurementmethod[11] This module can make the computing platform withnontrusted components use trusted computing functions andkeep the platform operating well

In general the evaluation indexes of measurement meth-ods aremeasurement scope and implementationmechanisms[12] IMAmeasurement has great performance and efficiencyand it can perform measurement during process loadingHowever IMA cannot grasp the dynamic state of the processdue to the LSM core hook function so that it cannot performmeasurement during process running At the basis of IMAPRIMA increases mandatory access control policy whichmakes it flexible to control measurement to keep a balancebetween safety and feasibility [13] but PRIMA still performsmeasurement only during process loading FurthermorePRIMA needs to measure mandatory access control policyand trusted subjects which increases the difficulty andcomplexity The SB method can measure integrity of processrunning stage preventing from tampering between processesand measure integrity of input and output stage using a hashalgorithm for program process code However due to thestrict process isolation mechanism the processes running inthe SB are very limited Though the SB model is to ensuresecurity it reduces the usability which makes it difficult topopularize

To solve the existed problems and insufficience ofdynamic integrity measurement method a dynamic integritymeasurement model based on Memory Paging Mechanism(MP) is researched To prove this measurement model XENhypercall mechanism is adopted to acquire executable sub-jectrsquos pages asmeasuring objects insertsmeasurement pointsmeasures and verifies them before the pages are scheduledinto memory and puts measurement codes and verificationcodes into hypercalls handle function accordingly to imple-ment dynamic integrity measurement to executable subjectsThe contribution in this paper is that the dynamic integritymeasurement can be effectively implemented via taking theexecutablemainmemory page asmeasure objects by applyingthe operating system Memory Paging MechanismNotation In the paper the components which need dynam-ical measurement are running services processes or exe-cutable subjects denoted by 119878 Memory Pages denoted by 119875and Storage Block denoted by 119861

2 Design of Dynamic Integrity MeasurementModel Based on Memory Paging

Memory is the space in which all the codes and data arestored temporarily The changing of code and data can beobserved in memory space Therefore if it could be effectiveto access memory content dynamic integrity measurementcan be implemented effectively

Disk image

Page

Memory space

Pageframe

Monitoring module

Page monitoringunit

Execution controlunit

Measurement module

Integrityverification

unit

Integritycomputing

unit

Integrityreference

value

Trusted platform module TPM

Paging

Figure 1 Dynamic integritymeasurementmodel based onmemorypaging

21 Model Design In the view of memory management thesubject 119878 in its life cycle can be seen as a dynamic combinationof a number of memory pages 119875

1 1198752 119875

119873 namely

119878 = 1198751 1198752 119875

119873 (1)

where119873 is the number of memory pages occupied by subject119878 in the life cycle

Obviously if all loaded dynamic pages are integrated thesubject 119878 is dynamically trusted

Axiom 1 If and only if forall119875119894(Hash(119875

119894) = 1198751198940) 119894 = 1 2 119873

where 1198751198940

is integrity expected value of page 119875119894 then the

subject 119878 is dynamically integrated or trustedAccording to Axiom 1 dynamic trusted measurement

for the subject can be equivalent to dynamic loaded pagemeasurement The MP dynamic measurement model isdescribed in Figure 1

The MP model mainly includes monitoring module andmeasurement module(1) Monitoring Module Monitoring module is used for pagemonitoring and execution controls and mainly consists ofpage monitoring unit and execution control unit

The page monitoring unit is responsible for monitoringthe physical memory space When the page monitoring unitadjusts pages it can get memory pages on time and then sendthe pages to the measurement module

The execution control unit is responsible for controllingthe execution of the memory page After finishing theintegrity measurement the execution control unit needsto decide whether executing the page or interrupting theprogram based on the measurement result(2) Measurement Module Measurement module is usedfor integrity measurement and mainly consists of integritycomputing unit integrity verification unit and integrity

Discrete Dynamics in Nature and Society 3

reference value Measurement module communicates withthe underlying trusted platform module

The integrity computing unit gets the integrity valueby using a specified hash algorithm to measure the featureinformation of a page sent by page monitoring unit

Integrity verification unit gets a check result by compar-ing integrity valuewith integrity reference value of a pageThepage is trusted if the check result is consistent otherwise itis not trusted And then the check result should be sent tomonitoring module

22 Integrity Reference Value for Dynamic Page The integrityreference value is an evidence of integrity verification Thismodel can dynamically calculate page reference value 119875

1198940

based on the block mechanism of physical storageAs we know each subjectrsquos address space is composed of

code segment data segment and stack segment Howeverbecause the code segment contains the machine instructionsof executable programs it becomes a main target of Trojanvirus and other computer viruses In this paper integritymeasurement method of code segment page is only analyzed

In general the computer file system (FAT FAT32 NTFSetc) is usually stored and managed based on block or sectormechanism Namely when the subject 119878 is stored physicallyit can be seen as a sequence combination of storage block 119861

119878 = 1198611 1198612 sdot sdot sdot 119861

119872 (2)

where 119872 is a number of physical storage blocks that 119878occupied

When the subject 119878 loads and runs some blocks of119878 will be loaded to Buffer According to the managementmechanism of file system a block or several continuousblocks of the subject 119878 are loaded every time Hence everyBuffer can be expressed as

Buffer = 119861119887 119861119887+1 sdot sdot sdot 119861

119890 119890 ge 119887 (3)

where 119887 is the number of beginning block and 119890 is thenumber of ending block

According to thememorymanagementmechanismof theoperating systemmemory is paged In factmemory is a set ofBuffer and it can be discussed in two specific cases (1) Pageis composed of several Buffers and Buffer is quite small (2)Page is a part of Buffer and Buffer is quite big

In the first case every Buffer can be corresponding withseveral physical storage blocks of the subject 119878 Obviouslypages can also be corresponding with the physical storageblocks of the subject 119878 through the Buffer

As we know in the operating system the size of everymemory page 119875 is the integer times that of the storageblock 119861 Therefore when the page is a part of Buffer thebeginning of every pagemust be correspondingwith a certainstorage block and the page can also be corresponding withsome physical storage blocks of the subject 119878 through theBuffer

According to the analysis above we can get

119875119894= 119861119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890) 119890 ge 119887 (4)

Based on (4) we can get the integrity reference value of 119875119894

through some simple hash calculations which is

1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (5)

It means that we can also get Pi0 by calculating theintegrity reference value of the subject 119878 storage blocks

Similarly when the subject 119878 loads a Dynamic LinkLibrary (DLL) the integrity reference values of the pages canbe got by calculating that of the subject 119878 and DLL

23 Measurement Point Selecting the measurement point isa key factor of available measurement model

In general when an executable subject is executed theoperating system will create a complete program map for itincluding code data stack and parts of library file At thesame time the operating system will allocate memory loadthe current block into memory and create a new page tableformapping physical address space and virtual address spaceWhen page load fails the operating system will replace somenew needed pages from disk to the memory based on pagereplacement algorithm and update the page table

Based on the above analysis in the whole life cycle ofthe executable subject S the operating system manages andoperates its memory space But the change of memory spacemust cause the page table updated or created Hence whenthe operating system creates or updates the page table ameasurement point should be inserted and carry out thepresupposed measurement program Then measurementmodule calls TPM hash algorithm to measure the integrityvalue for the feature information of executable subject in thatpage After that measurement module should compare theintegrity value with integrity reference value The operatingsystem executes that page if the measurement is successfulotherwise it exits

24 Dynamic Measurement Process The measurement pro-cess of the MP measurement model begins when pageloads The first step is to get page content through relatedmechanism and then use the integrity computing unit forcalculating feature information in the page The next step isto execute and verify the integrity and then go back to theoriginal page

The dynamic measurement process of MP model isshowed in Figure 2

Assume that the current execution (or update) page is119875119894 119860119889119889119903119890119904119904(119875

119894) is 119875119894rsquos initial address in the Buffer and the

Memory snap(119860119889119889119903119890119904119904(119875119894)) is 119875

119894rsquos actual content Dynamical

measurement algorithm is described as follows

(1) Paging unit loads page 119875119894into memory and executes

it Obviously

119875119894997904rArr Address (119875

119894) 997904rArr Memory snap (Address (119875

119894)) (6)

(2) Measurement program obtains this page and useshash algorithm to calculate the feature information ofpage frame 119875

119894 Then

119881119894= Hash (Memory snap (Address (119875

119894))) (7)


Program image(disk)

Page i(1) Into memory

Address space(memory)

Pageframe i

Integrityevaluation

unitReference value

of page i

content

Errorhandler

Yes

No

(4) Requestreference value(3) Produce

results

Metric i

Return

Metric valueand reference value

are consistent

(2) Get measurement

Figure 2 The dynamic measurement process of MP model

(3) Measurement program gets the correspondingintegrity reference value Pi0 of the page frame119875119894from (5) Then

1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (8)

In (5) (119887 119890) can be obtained through data structurepointed by Bufferrsquos pointer and Bufferrsquos pointer iscorresponding with 119875

119894

(4) The integrity evaluation unit (it is TPM in the generalcase) compares 119875

1198940with 119881

119894 If 119881119894= 1198751198940 page 119875

119894is

trusted and it is allowed to load and run Otherwiseerror handler should be executed

According to Axiom 1 if and only if forall119875119894(119881119894= 1198751198940) then

we can consider that the system is dynamical complete andtrusted

25 Model Analysis

(1) Model Feasibility Dynamical integrity measurementmodelMP basically complies with TCGmeasurement frame-work and mechanism model including two units integritymeasurement and integrity verification By the way thefunction of the two units is consistent with TCGrsquos measure-ment model The feasibility of the MP model is decided byinserting mechanism for measurement point That is theMP measurement model can be implemented as long asthe measurement point is inserted successfully The memorypaging mechanism is a basis of MP measurement modelwhile it is implemented by the operating system At presentthe research of the operating system is very comprehen-sive especially the open-source operating system Throughmodifying the core of the operating system it is possible toimplement the dynamic MP measure model based on thememory paging mechanism(2) Attack Detection Capability Tampering attacks for mem-ory page consist of Load Before Attack (LBA) and Load AfterAttack (LAA) LBA is attacking the page mapping stored inthe disk That is the page is tampered before it is loaded

into memory LAA is to use some malicious processes fortampering the memory after the page is loaded

TheMPmeasurement model can resist the above attacksFor example if the model is attacked by LBA the page willbe tampered and the integrity value will be changed but themodelrsquos integrity reference value is never changedThereforewhen the measurement model executes the verification oper-ation it must be able to detect that the page has been falsifiedand then execute the error handler

If the model is attacked by LAA tampered memoryalways causes page replacement page failure and pagemove-out When the page failure occurs any tampered pageswill be moved to disk and the execution flow will beinterrupted when this case is detected by the measurementprogram When the page move-out or page replacementoccurs the memory paging mechanism can firstly finda seldom-used page frame and move this page to diskand load new needed page into the page frame Then themeasurement program can find that the memory page istampered The malicious attacker of the LAA is possibleto attack the memory space of another process when it isrunning and the malicious attacking process must exist inits own memory space or embed in the memory space ofother processes When the malicious process or its embed-ded process is loaded into memory space the model candetect it at the beginning of the execution of the maliciousprogram(3) Security Analysis The security of the MP measurementmodel is supported by the security of the measurement rootand measurement algorithm

The TPM is a measurement root of the MP mea-surement model In this model both integrity calculationand integrity verification execute TPM and rely on thesecurity of TPM In general the TPM module is a securechip and it regards internal cryptographic algorithm engineas a credible guarantee of the trusted computing As ameasurement root the TPM module is the first node oftrusted chain in the trusted computing platform and therest of the trusted computing will regard this step as afoundation The security of TPM is mainly reflected inthe ability of chip design security key storage antisoftwareanalysis and antihardware analysis Hence the security ofthe TPM is ensured by physical security and administrativesecurity

This model uses hash algorithm as a measurement algo-rithm It is important to select a reliable hash function toensure credibility of this measurement mechanism(4) Computational Complexity AnalysisThismodel uses hashalgorithm as a measurement algorithm The computationalcomplexity of the MP model depends on the hash algorithm

(5) Comparative Analysis with Other Measurement ModelsIn Table 1 several integrity measurement methods are com-pared in four aspects range of action hardware requirementstructure complexity and realization mechanism

The TCG measurement model can only accomplish thestatic integrity measurement in the platform starting phaseBecause thismeasurementmethod is only executing integrity


xenincludepublicxenhstruct mmuext op

unsigned int cmdunion

xen pfn t mfnunsigned long linear addr

arg1union

unsigned int nr entsXen GUEST HANDLE 00030205(void) vcpumask

arg2typedef struct mmuext op mmuext op tDEFINE Xen GUEST HANDLE(mmuext op t)

Algorithm 1

Table 1 Comparative analysis with other measurement models

Range ofaction

Hardwarerequirement

Structurecomplexity

Realizationmechanism

TCG Platformstarts TPM Simple Trusted chain

IMA Program load TPM Simple LSM

SB Program run TPM +LTSEM Complex Process

isolation

MP Program run TPM Simple Virtualmachine

measurement for the component loaded to platform it is easyto realize

The IMA measurement model expands the TCG mea-surement model and executes integrity measurement atthe program load time However due to the limitation ofthe LSM mechanism the integrity measurement cannot beimplemented when the program is running

By using the process isolation the SB measurementmodel can implement dynamic integrity measurement whenthe program is running But it needs special hardwaresupport LaGrandeTechnology (LT) is a hardware technologyintroduced by Intel and it aims at the Palladium trustedcomputing program of Microsoft Secure Execution Mode(SEM) is a hardware technology proposed byAMD In the SBand TPM LT and SEM are used for isolating memory fromthe software attack in the running

The MP model can implement dynamic integrity mea-surement when the program is running Moreover its struc-ture is simple and easy to be realized The rest of thispaper will discuss how to realize the MP integrity measure-ment model under XEN virtual architecture This realizationmechanism is simple and flexible and it also avoids thelimited process communication issues because of the processisolation

3 Realization of MP Based on XEN Super Call

31 Realization Mechanism In XEN system as a virtualmonitor XEN is located in the highest privilege level (ring0) while Guest OS is only located in the sublevel (ring 1)The lower kernel privilege makes Guest OS not execute someprivileged operations and XEN can execute privileged oper-ations for it Therefore XEN provides a series of interfaceand it is convenient for Guest OS to complete those privilegedoperations called super call [14]

When the executable subject is in operation Guest OScan manage and handle the memory space based on char-acteristics of super call mechanism If page table operationsare involved a super call to the XEN begins At this timewe insert a measurement point and embed measurementprogram in the processing of super call function And thenthis model can be realized The specific process is shown inFigure 3

(1) Guest OS loads page into memory and tries to handlethe page table

(2) Guest OS cannot access the page table directly and itapplies to XEN super call The XEN checks the supercall request and it will go to the next step if it ispermitted otherwise the program ends

(3) Implement measurement program the measurementprogram gets the memory page calls TPM hashalgorithm for calculating measurement value andcompares it with the reference value for the integrityof these pages If they are consistent it means that thepage is trusted and the program goes to the next stepotherwise it ends

(4) Complete the operation on the page table and returnto Guest OS

32 Realization of the Measurement Model

(1) Measure When Creating Page Table When an executablesubject carries out this software creates a complete copy


Measurementis successfulPage

table

Integrityreference

value

Guest OS

(1) Operatepage table

Permissionsare allowed

(2) Apply forsuper call

Super call

(3) Executemeasurement

program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction

Original processingfunction

(physicaladdress)

Page(virtual address)

TPM

Finishprogram

Figure 3 Measurement flow process diagram based on XEN hypercalls

xenincludepublicxenhdefine MMU NORMAL PT UPDATE 0define MMU MACHPHYS UPDATE 1

Algorithm 2

struct mmu update uint64 t ptr lowastMachine address of PTE lowastuint64 t val lowast New contents of PTE lowast

typedef struct mmu update mmu update tDEFINE XEN GUEST HANDLE(mmu update t)

Algorithm 3

of program map on the hard disk and the address spacecan come into being But the software is entirely not putinto memory to handle Guest OS just allocates a number ofmemories and creates page table tomapphysicalmemory andaddress space Guest OS calls HYPERVISOR mmuext opand loads this process page table into page directoryAfter XEN finishes the authority inspection it executesthe do mmuext op( ) function At this time measurementprogram inserts measurement point into this function andexecutes the measurement program

XEN version-340 sustains 18 kinds of operationabout HYPERVISOR mmuext op including mountingthe page table unloading page table updating CR3register cache refresh and LDT table settings TheHYPERVISOR mmuext op operation shares one parameterstructure mmuext op in Algorithm 1

The structure body contains two unions arg1 and arg2and contains four parameters mfn linear addr nr ents andvcpumask The definition of the structure body changesaccording to different operation In the page table oper-ation mfn points to machine address of the page table

The measurement program exactly gets the page according tothe parameters(2) Measure When Updating Page Table When one programruns all the dynamic change will reflect in the mem-ory and the change of memory will reflect in the pagetable When the process changes the memory changesand the page table also changes Guest OS applies forusing HYPERVISOR mmu update to update the page tableAfter XEN finishes the authority inspection it executes thedo mmu update( ) function At this time the measurementprogram inserts measurement point into this function andexecutes integrity measurement

There are two kinds of operation defined in theHYPERVISOR mmu update

page table update (MMU NORMAL PT UPDATE)

M2P table update (MMU MACHPHYS UPDATE)

which are defined in Algorithm 2The structure mmu update defined in

HYPERVISOR mmu update includes two parametersldquoptrrdquo and ldquovalrdquo The ptr stands for the physical address ofthe item which needs to update the page table while the valstands for the new value which needs to change the pagetable The structure is defined in Algorithm 3

In Guest OS the page table update means the itemupdate of page table What the item of page table saves isactually a memory page address (or page frame number)Therefore in fact the item update of page table is equivalentto mapping a new memory to the current item of page tableto replace the original page In this process both sides ofoperation are the original page address and new mappingpage address and it is not (ptr val) but (val new val) ThusXEN defines a new hypercall to finish this kind of pagetable update which is HYPERVISOR update va mappingBecause this kind of operation is relatively simple it does nothave the definition structure as other hypercalls and it trans-fers parameters directly Under x86 framework the threeparameters needed in the operation are transfered throughregister EBX ECX and EDX to do update va mapping( )


And then the measurement program inserts measurementpoint into this function and executes integrity measurement(3) Writable Page Table MeasurementTheHypercall methodmakes the update page table model become indirect that isGuest OS needs to get XEN safety confirm and use XEN forcompleting the page table updateThus Guest OS is unable towrite its page table But in fact other than using the hypercallway to update the page table XEN also provides a new pagetable update model named writable page model Though thepage is still unable to write in this model Guest OS can read-write these kinds of pages directly

Of course in the writable page model Guest OS doesnot really have the access to write page table After finishingthe update operation of the page table it still needs XENto confirm the operation Before Guest OS updates the pagetable XEN takes the page table from the page table structureof Guest OS and makes Guest OS recognize the page asordinary page to read and write After Guest OS finishes theupdate and XEN confirms it XEN will put the page into thepage table structure of Guest OS again and allow the MMUto access this page table

In the writable page model Guest OS can update thepage table by using Hypercall HYPERVISOR vm assist thefunction is vm assist( ) And then themeasurement programinserts measurement point into this function and executesintegrity measurement

4 Conclusion

In order to solve the existed problems of dynamic integritymeasurement method a dynamic integrity measurementmodel based on Memory Paging Mechanism is proposedin this paper The model takes executable subject pagesas measurement object inserts measurement points andmeasures and verifies them before the pages are loadedinto memory This model insures the integrity and trustof each executable page and the integrity of the wholeexecutable subjects is not destroyed To prove this modelXEN hypercall mechanism is used for acquiring executablesubject pages loaded into memory putting measurementcodes and verification codes into hypercall handler and thenthe dynamic integrity measurement to executable subjects isrealized

In the next work memory attack model will be discussedfurther and the integrity measurement algorithm will beimproved on the same steps

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

References

[1] C Song W-P Peng Y Xin S-S Luo and H-L Zhu ldquoSeal-based secure boot scheme for trusted computing platformrdquoTheJournal of China Universities of Posts and Telecommunicationsvol 17 supplement 2 pp 16ndash21 2010

[2] A Nagarajan and V Varadharajan ldquoDynamic trust enhancedsecurity model for trusted platform based servicesrdquo FutureGeneration Computer Systems vol 27 no 5 pp 564ndash573 2011

[3] J Winter and K Dietrich ldquoA hijackerrsquos guide to communicationinterfaces of the trusted platform modulerdquo Computers amp Math-ematics with Applications vol 65 no 5 pp 748ndash761 2013

[4] A K Kanuparthi M Zahran and R Karri ldquoArchitecturesupport for dynamic integrity checkingrdquo IEEE Transactions onInformation Forensics and Security vol 7 no 1 pp 321ndash3322012

[5] D Muthukumaran J Schiffman M Hassan A Sawani V Raoand T Jaeger ldquoProtecting the integrity of trusted applications inmobile phone systemsrdquo Security and Communication Networksvol 4 no 6 pp 633ndash650 2011

[6] D Schellekens B Wyseur and B Preneel ldquoRemote attestationon legacy operating systems with trusted platform modulesrdquoElectronic Notes in Theoretical Computer Science vol 197 no 1pp 59ndash72 2008

[7] D-F Li Y-X Yang L-Z Gu and B Sun ldquoStudy on dynamictrust metric of trusted network based on state and behaviorassociatedrdquo Journal on Communications vol 31 no 12 pp 12ndash19 2010

[8] R Sailer X L Zhang T Jaeger and V Doom ldquoDesign andimplementation of a TCG based integrity measurement archi-tecturerdquo in Proceedings of the 13th USENIX Security Symposiumpp 223ndash238 2004

[9] T Jaeger R Sailer and U Shankar ldquoPrima policy reducedintegrity measurement architecturerdquo in Proceedings of the 11thACM Symposium on Access Control Models and Technologies(SACMAT rsquo06) pp 19ndash28 New York NY USA 2006

[10] X Zhang M J Covington S Q Chen and R Sandhu ldquoSecure-Bus towards application-transparent trusted computing withmandatory access controlrdquo in Proceedings of the 2nd ACMSymposium on Information Computer and CommunicationsSecurity (ASIACCS rsquo07) pp 117ndash126 New York NY USA 2007

[11] L Gao X Qin C Chang and X Chen ldquoA embedded system-based computing platform for tolerating untrusted componentrdquoGeomatics and Information Science ofWuhanUniversity vol 35no 5 pp 626ndash629 2010

[12] S Stamm N P Sheppard and R Safavi-Naini ldquoImplementingtrusted terminals with a and SITDRMrdquo Electronic Notes inTheoretical Computer Science vol 197 no 1 pp 73ndash85 2008

[13] M Thober J A Pendergrass and C D Mcdonell ldquoImprovingcoherency of runtime integrity measurementrdquo in Proceedingsof the 3rd ACMWorkshop on Scalable Trusted Computing (STCrsquo08) pp 51ndash60 New York NY USA 2008

[14] S Grinberg and S Weiss ldquoArchitectural virtualization exten-sions a systems perspectiverdquo Computer Science Review vol 6no 5-6 pp 209ndash224 2012

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of


Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of


Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of


Mathematical PhysicsAdvances in

Complex AnalysisJournal of


OptimizationJournal of


CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of


Operations ResearchAdvances in

Journal of


Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences


The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Algebra

Discrete Dynamics in Nature and Society



Decision SciencesAdvances in

Discrete MathematicsJournal of


Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of


operation system kernel and isolates the program processesfrom the underlying hardware SB performs a dynamicintegrity measurement for each program process that makesa hash operation for input and output data and makes asignature for output data A new embedded measurementmodule has been designed based on SBmeasurementmethod[11] This module can make the computing platform withnontrusted components use trusted computing functions andkeep the platform operating well

In general the evaluation indexes of measurement meth-ods aremeasurement scope and implementationmechanisms[12] IMAmeasurement has great performance and efficiencyand it can perform measurement during process loadingHowever IMA cannot grasp the dynamic state of the processdue to the LSM core hook function so that it cannot performmeasurement during process running At the basis of IMAPRIMA increases mandatory access control policy whichmakes it flexible to control measurement to keep a balancebetween safety and feasibility [13] but PRIMA still performsmeasurement only during process loading FurthermorePRIMA needs to measure mandatory access control policyand trusted subjects which increases the difficulty andcomplexity The SB method can measure integrity of processrunning stage preventing from tampering between processesand measure integrity of input and output stage using a hashalgorithm for program process code However due to thestrict process isolation mechanism the processes running inthe SB are very limited Though the SB model is to ensuresecurity it reduces the usability which makes it difficult topopularize

To solve the existed problems and insufficience ofdynamic integrity measurement method a dynamic integritymeasurement model based on Memory Paging Mechanism(MP) is researched To prove this measurement model XENhypercall mechanism is adopted to acquire executable sub-jectrsquos pages asmeasuring objects insertsmeasurement pointsmeasures and verifies them before the pages are scheduledinto memory and puts measurement codes and verificationcodes into hypercalls handle function accordingly to imple-ment dynamic integrity measurement to executable subjectsThe contribution in this paper is that the dynamic integritymeasurement can be effectively implemented via taking theexecutablemainmemory page asmeasure objects by applyingthe operating system Memory Paging MechanismNotation In the paper the components which need dynam-ical measurement are running services processes or exe-cutable subjects denoted by 119878 Memory Pages denoted by 119875and Storage Block denoted by 119861

2 Design of Dynamic Integrity MeasurementModel Based on Memory Paging

Memory is the space in which all the codes and data arestored temporarily The changing of code and data can beobserved in memory space Therefore if it could be effectiveto access memory content dynamic integrity measurementcan be implemented effectively

Disk image

Page

Memory space

Pageframe

Monitoring module

Page monitoringunit

Execution controlunit

Measurement module

Integrityverification

unit

Integritycomputing

unit

Integrityreference

value

Trusted platform module TPM

Paging

Figure 1 Dynamic integritymeasurementmodel based onmemorypaging

21 Model Design In the view of memory management thesubject 119878 in its life cycle can be seen as a dynamic combinationof a number of memory pages 119875

1 1198752 119875

119873 namely

119878 = 1198751 1198752 119875

119873 (1)

where119873 is the number of memory pages occupied by subject119878 in the life cycle

Obviously if all loaded dynamic pages are integrated thesubject 119878 is dynamically trusted

Axiom 1 If and only if forall119875119894(Hash(119875

119894) = 1198751198940) 119894 = 1 2 119873

where 1198751198940

is integrity expected value of page 119875119894 then the

subject 119878 is dynamically integrated or trustedAccording to Axiom 1 dynamic trusted measurement

for the subject can be equivalent to dynamic loaded pagemeasurement The MP dynamic measurement model isdescribed in Figure 1

The MP model mainly includes monitoring module andmeasurement module(1) Monitoring Module Monitoring module is used for pagemonitoring and execution controls and mainly consists ofpage monitoring unit and execution control unit

The page monitoring unit is responsible for monitoringthe physical memory space When the page monitoring unitadjusts pages it can get memory pages on time and then sendthe pages to the measurement module

The execution control unit is responsible for controllingthe execution of the memory page After finishing theintegrity measurement the execution control unit needsto decide whether executing the page or interrupting theprogram based on the measurement result(2) Measurement Module Measurement module is usedfor integrity measurement and mainly consists of integritycomputing unit integrity verification unit and integrity






1198940




119878 = 1198611 1198612 sdot sdot sdot 119861

119872 (2)




119890 119890 ge 119887 (3)






119875119894= 119861119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890) 119890 ge 119887 (4)



1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (5)










Memory snap(119860119889119889119903119890119904119904(119875119894)) is 119875




it Obviously

119875119894997904rArr Address (119875


119894)) (6)


119894 Then


119894))) (7)


Program image(disk)



Pageframe i

Integrityevaluation

unitReference value

of page i

content

Errorhandler

Yes

No


results

Metric i

Return


are consistent

(2) Get measurement



1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (8)


119894


1198940with 119881

119894 If 119881119894= 1198751198940 page 119875

119894is




25 Model Analysis













arg1union



Algorithm 1


Range ofaction

Hardwarerequirement

Structurecomplexity





isolation

















table

Integrityreference

value

Guest OS




Super call


program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction


(physicaladdress)


TPM

Finishprogram



Algorithm 2



Algorithm 3















4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra














1198940




119878 = 1198611 1198612 sdot sdot sdot 119861

119872 (2)




119890 119890 ge 119887 (3)






119875119894= 119861119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890) 119890 ge 119887 (4)



1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (5)










Memory snap(119860119889119889119903119890119904119904(119875119894)) is 119875




it Obviously

119875119894997904rArr Address (119875


119894)) (6)


119894 Then


119894))) (7)


Program image(disk)



Pageframe i

Integrityevaluation

unitReference value

of page i

content

Errorhandler

Yes

No


results

Metric i

Return


are consistent

(2) Get measurement



1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (8)


119894


1198940with 119881

119894 If 119881119894= 1198751198940 page 119875

119894is




25 Model Analysis













arg1union



Algorithm 1


Range ofaction

Hardwarerequirement

Structurecomplexity





isolation

















table

Integrityreference

value

Guest OS




Super call


program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction


(physicaladdress)


TPM

Finishprogram



Algorithm 2



Algorithm 3















4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra










Program image(disk)



Pageframe i

Integrityevaluation

unitReference value

of page i

content

Errorhandler

Yes

No


results

Metric i

Return


are consistent

(2) Get measurement



1198751198940= Hash (119861

119894(119887) 119861119894(119887+1) sdot sdot sdot 119861

119894(119890)) (8)


119894


1198940with 119881

119894 If 119881119894= 1198751198940 page 119875

119894is




25 Model Analysis













arg1union



Algorithm 1


Range ofaction

Hardwarerequirement

Structurecomplexity





isolation

















table

Integrityreference

value

Guest OS




Super call


program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction


(physicaladdress)


TPM

Finishprogram



Algorithm 2



Algorithm 3















4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra













arg1union



Algorithm 1


Range ofaction

Hardwarerequirement

Structurecomplexity





isolation

















table

Integrityreference

value

Guest OS




Super call


program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction


(physicaladdress)


TPM

Finishprogram



Algorithm 2



Algorithm 3















4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra











table

Integrityreference

value

Guest OS




Super call


program

Measurementprogram

Yes

Yes

No

No

Page frame

(4) Executeoriginal

processingfunction


(physicaladdress)


TPM

Finishprogram



Algorithm 2



Algorithm 3















4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra













4 Conclusion





References






















Volume 2014




Journal of











Journal of


Function Spaces






Algebra
















Volume 2014




Journal of











Journal of


Function Spaces






Algebra









Research Article Research on Dynamic Integrity Measurement...

Documents

Transcript of Research Article Research on Dynamic Integrity Measurement...