摘要
针对当前软件完整性度量技术在实时性、灵活性、实用性等方面存在的不足,提出了一种可配置策略的软件动态完整性度量架构。该架构通过加入策略配置模块,实现了按需配置不同软件的度量策略,提高了度量的灵活性;将度量策略嵌入到度量对象内部,节约了内存资源,并能在度量过程中提高系统效率,同时引入多线程与流水并行技术,实现度量算法并行优化,以此提高了度量架构的性能,降低了其对系统性能的影响;通过合理地设置度量点,可以对度量对象进行实时的动态完整性度量。测试结果表明,该架构能有效检测出对合法应用程序的恶意攻击,具有较高的度量效率,并且对系统性能影响较小。
To improve the insufficiency of the current software integrity measurement technology in real-time,flexibility and practicality, a configurable policy dynamic integrity measurement architec- ture is presented. This architecture realizes on-demand configuration of different software measure- ment policies by adding policy configuration module, which can improve the flexibility of the meas- urement; it also embedds measurement policies into measurement objects, thus memory resources can be saved, and the system efficiency is improved in the process of measurement. In addition, it designs a parallel optimization measurement algorithm using the multi-thread technology and the pipelining technology, which can improve the performance of measurement algorithm. Meanwhile, measurement objects can be dynamically measured in real time through setting measurement points reasonably. Experimental results show that, this architecture can effectively detect malicious attacks on the legal application, and it has high measurement efficiency, and less influence on system per- formance.
出处
《信息工程大学学报》
2017年第1期93-97,102,共6页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61472447)
关键词
可信计算
动态完整性度量
度量策略嵌入
算法并行
trusted computing
dynamic integrity measurement
measurement policy embedding
al- gorithm paralleling
