{"title":"RTTV:基于TPM的动态CFI测量工具","authors":"Penglin Yang, Limin Tao, Haitao Wang","doi":"10.1049/iet-ifs.2017.0459","DOIUrl":null,"url":null,"abstract":"In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"5 1","pages":"438-444"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"RTTV: a dynamic CFI measurement tool based on TPM\",\"authors\":\"Penglin Yang, Limin Tao, Haitao Wang\",\"doi\":\"10.1049/iet-ifs.2017.0459\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.\",\"PeriodicalId\":13305,\"journal\":{\"name\":\"IET Inf. Secur.\",\"volume\":\"5 1\",\"pages\":\"438-444\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-04-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1049/iet-ifs.2017.0459\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2017.0459","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.