针对程序的运行时动态攻击给远程证明带来的安全威胁,设计一种动态远程证明协议DRAP,对内存中处于运行状态的程序实施实时的动态度量,并向远程验证方证明平台实时状态.针对DRAP协议所用的TPM功能对LS2逻辑进行扩展,引入重置规则、时刻规则等新的推理规则,利用扩展的LS2逻辑对DRAP协议进行分析,分析表明DRAP中可重置配置寄存器中的扩展序列能够反映平台中程序的实时运行状态,并且在TPM可信和证明代理可信的前提下,远程验证者能够有效验证平台的实时可信状态.%Aimed at the process runtime attack threat of remote attestation, a dynamic remote attestation protocol (DRAP) is designed, the process runnig in the memory is measured in real time and the dynamic running state of the platform is reported to remote verifier. Based on the TPM function usred in DRAP, the LS2 logic is extended, and the PCR reset rule and time rule is imported into LS2. Finally, the security and effectiveness properties of DRAP are formally analysed by LS2. It's analysed that the extended sequence of reset PCR in DRAP can reflect the platform's process real time running state, and in the premise of trusted TPM and trusted attestation agent, verifier can effectively verify the real time trusted state of remote platform.
展开▼
