文章提出了一种可以配合各种成熟的HASH算法使用的移动可信平台ELF文件完整性校验方法——RMAC(Random-MAC),并从ELF文件的节内容的关键性和关联性对不同类型和属性的节做分类,按照一定粒度随机选取各节的内容,然后进行校验以期达到高效率和高安全性,评价不同选取粒度对安全和效率的影响。文章在不同版本的Linux系统中,搜集了2249个不同格式的ELF文件的粒度样本进行完整性校验分析。结果表明,在合适的抽取粒度下, RMAC可以将校验效率提高一倍甚至更多。虽然RMAC一次校验安全性能在可接受范围内有所下降,但由于其引入随机性,使目前已有的病毒都无法做到每次都能通过RMAC校验。所以RMAC可以阻止病毒的大规模爆发。%This paper proposes a mobile trusted platform for ELF ifle integrity checking method (Random-MAC). And classiifng the ELF ifle as the section of the key link and the section of different types and attribute classification, and according to a certain size, the contents of each section were selected and then proceed to checkout. In order to achieve high efficiency and high safety, the evaluation of different effect of particle size on the safety and efficiency of selection is made. In different versions of the Linux system, the collection of 2249 different formats of the ELF file and sizes of the sample is analysised by the integrity of the veriifcation. The results show that RMAC can improve the calibration efifciency even more than twice the size of the appropriate extraction. While the RMAC one time check security performance in the acceptable range has declined. But because of its introduction, the random nature of the existing viruses can not be done every time through the RMAC check. So RMAC can prevent the outbreak of the virus.
展开▼
