Static analysis-based behavior model building for trusted computing dynamic verification

Yu Fajiang; Yu Yue
doi:10.1007/s11859-010-0303-9
 
 
2010, Vol.15 No.3, 195-200 
 
Article ID  1007-1202(2010)03-0195-06 
DOI 10.1007/s11859-010-0303-9 
 
Static Analysis-Based Behavior Model 
Building for Trusted Computing  
Dynamic Verification 
 
 
 
 
□ YU Fajiang
1,2
, YU Yue
1
 
1. School of Computer, Wuhan University, Wuhan 430072, 
Hubei, China;
 
2. Key Laboratory of Aerospace Information Security and 
Trusted Computing of Ministry of Education, Wuhan University, 
Wuhan 430072, Hubei, China 
© Wuhan University and Springer-Verlag Berlin Heidelberg 2010 
 
Abstract:  Current trusted computing platform only verifies ap-
plication’s static Hash value, it could not prevent application from 
being dynamic attacked. This paper gives one static analysis-based 
behavior model building method for trusted computing dynamic 
verification, including control flow graph (CFG) building, finite 
state automata (FSA) constructing, ε run cycle removing, ε transi-
tion removing, deterministic finite state (DFA) constructing, trivial 
FSA removing, and global push down automata (PDA) construct-
ing. According to experiment, this model built is a reduced model 
for dynamic verification and covers all possible paths, because it is 
based on binary file static analysis. 
Key words: trusted computing; dynamic verification; behavior 
model; finite-state automata (FSA); push down automata (PDA) 
CLC number: TP 391 
 
 
 
 
Received date: 2009-12-10 
Foundation item: Supported by the National High Technology Research and 
Development Program of China (863 Program) (2006AA01Z442, 2007AA01Z411) 
the National Natural Science Foundation of China (60673071, 60970115), and 
Open Foundation of State Key Laboratory of Aerospace Information Security 
and Trusted Computing, Ministry of Education in China (AISTC2008Q03) 
Biography: YU Fajiang, male, Ph.D., research direction: information security, 
trusted computing. E-mail: qshxyu@126.com 
0  Introduction 
In recent years, great progress has been made in re-
search on trusted platform module (TPM), trusted com-
puting platform, trusted computing platform evaluation, 
trusted software, trusted network connect, remote at-
testation and trusted computing application
[1-3]
. Current 
technologies can ensure that the characteristic codes and 
configure data integrity of trusted computing platform’s 
component are same as the expected integrity
[4]
 but can-
not ensure the behavior is trusted
[5]
. Presently, there has 
been little research on theory and technology on trusted 
computing dynamic verification, and the related work is 
mainly in host-based intrusion detection about system call. 
Wagner  et al
[6]
 were the first to propose the use of 
static analysis for intrusion detection. However, they 
analyzed the source code for construct application mode, 
and this cannot be assumed that the availability of source 
code for analysis on commercial trusted computing plat-
form. Giffin et al
[7,8]
 inserted one “null_call” before and 
after calling one subfunction and gave one unique call 
name for building one context-sensitive model to remove 
impossible path. Feng et al
[9]
 built stack-deterministic 
push down automata (PDA) to improve performance. 
Gopalakrishna et al
[10]
 directly embedded subfunction for 
building global finite-state automata (FSA) to improve 
performance. LI Wen et al
[11]
 connected every subfunc-
tion only when the application is running to reduce stack 
size. All forementioned research is about server- based 
intrusion detection, which generally aimed at one given 
network service application at Linux or Unix system. Our 
Static analysis-based behavior model building for trusted computing dynamic verification

Fajiang, Yu; Yue, Yu

Follow Wuhan University Journal of Natural Sciences , Volume 15 (3) Springer Journals – Jun 1, 2010
