摘要
软件动态可信性评价已经成为信息安全领域研究的一个热点问题.为了提高评价的精确性,在充分考虑了软件的运行流程和运行背景的基础上,提出了基于软件行为轨迹的可信性评价模型(CEMSBT).该模型引入软件行为轨迹描述软件行为,软件行为轨迹由运行轨迹和功能轨迹构成,运行轨迹表示软件运行时的有序操作,表征为有序的检查点向量;功能轨迹则由能够表征软件功能的一系列场景来刻画.为了减少可信性评价的时间和空间开销,给出了软件行为轨迹的化简规则.模型应用检查点的标识评价规则和场景评价规则对实际的软件行为进行评价.考虑到分支给程序带来的随机性很可能被入侵者利用,分支处的检查很必要.模型通过场景确定分支的走向,从而降低了分支处异常情况的漏报率.仿真实验表明CEMSBT具有较高的精确性和效率.
The dynamic creditability evaluation of software has become a hot issue in the information security field. In order to improve the accuracy of evaluation, a creditability evaluation model based on software behavior trace (CEMSBT) is demonstrated in this paper. We introduce software behavior trace (SBT) to describe the software behavior. Given that the operational process and background of running software are key factors in creditability evaluation, SBT consists of operation trace and function trace. Operation trace is the operation sequences of the running software, which can be denoted by ordered check point vectors~ function trace is depicted by a series of scenes which have the ability of characterizing the software functions. With the purpose of reducing the time and space overheads of creditability evaluation, we give reduction rules of SBT. Our model applies identification evaluation rule and scene evaluation rules to check the practical behavior of software. The branch point brings software some randomness which can be used by intruders, so it is necessary to judge which branch will be run next. We propose the scene similarity method to determine the direction of the branch, which can reduce the false negatives. The simulation results indicate the accuracy and efficiency of CEMSBT.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2012年第7期1514-1524,共11页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60873203)
河北省杰出青年基金项目(F2010000317)
河北省自然科学基金项目(F2008000646
F2010000319)
空天信息安全与可信计算教育部重点实验室开放基金项目(AISTC2009_03)
关键词
可信性评价
软件行为
行为轨迹
检查点
场景
化简
creditability evaluation software behavior behavior trace check point
scene simplify
