详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文
互联网的飞速发展使移动代码及相关技术得到了极大的发展,广泛存在的诸如“动态内容(Active Contents)”、“脚本语言(Scripting)”、“宏(Macro)”、“应用程序(Applet)”、“自定义控制(Custom Control)”等,这类代码被统称为“移动代码”。由于移动代码的移动性、动态性和多态性,在给用户带来方便性的同时,移动代码所引发的安全问题也突现。关于移动代码的安全一直是难以解决的问题,特别是在对安全要求较高的环境中,安全问题严重影响着移动代码的发展和应用。本文主要基于可信计算思想及技术研究如何防范恶意的移动代码对主机资源的破坏以及恶意的主机对于移动代码的攻击。
With the rapid development of broadband network technology, mobile code technology has a great deal of development and promises well. Oftentimes mobile code takes a variety of forms including active contents,scripting,macro,applet,custom control and so on, these dynamic programs that can move across network are often referred to as "mobile code". However, the security problem with mobile code technology obstructs its wide application in real business. Among these security problems, how to protect mobile code from malicious host and how to protect host platforms from malicious mobile code are new issues that cannot be dealt by traditional technologies. In this thesis, we aim at solving these problems based on trusted computing.
     Trusted computing is one of the focuses of recent research. According to trusted computing, the trustworthiness of code is based on its behavior rather than static characteristics. It meets the development trend of information security. This thesis firstly applies trusted computing technology to solve the security problems of mobile code. We hope the research work can also promote the application of trusted computing rapidly.
     The security problems and security requirements in mobile code system are analyzed. It is obviously that the existing malicious code detection algorithms which are based on static characteristics have some drawbacks. We get the conclusion that in order to solve the security problems of unknown mobile codes, we should focus on the trustworthiness of its behavior based on trusted computing technology. In this thesis, we propose a three-level protection model to deal with mobile code security problems. In this model we consider code behavior characteristics as basic starting point, and try to build a comprehensive protection architecture. Main research work and key contributions of this dissertation are as follows:
     1. Considering source controlling as dominate idea, we propose a trusted network connect control strategy which calculates the "healthy status" of a terminal based on analyzing the real-time characteristics of its behavior and process activity. It protects a network and its internal terminals by checking the identification and "healthy status" of each terminal attempting to access the protected network. Then the external terminal which could be getting potential risk will be isolated from the network. Compared with the existing methods which are based on static characteristics, our strategy can get better performance, especially, on identifying and isolating the terminals with potential risk.
     2. Automated trust negotiation based Trust Mobile Code Verification Model (ATNMCVM) is proposed in this thesis, which establishes trust between strangers with iterative disclosure of credentials and security policies. In addition, the sensitive property and private privacy can be protected in ATNMCVM.
     3. Inspired by the research of attack tree model, we present a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time. It is named IBC-DA. The experiments result shows that the proposed algorithm works in most cases of detection and only has minor errors in few conditions. This algorithm has very positive sense for unknown malicious code detection.
     4. Combining trusted computing with object-oriented method, we propose a new trust extended object-oriented security model (TEOOSM), which can be applied to the access control system of Mobile Codes. Because mobile codes have strong ability of being independent, autonomic, mobile, and mixed with data, it is ineffective to handle their security issues with traditional access control systems. Our model encapsulates the code and data, utilize the trusted status measurement, and then effectively protect platforms, codes and data from being destroyed by malicious codes or systems.
     5. Environmental key generation can be used when mobile code producer (MCP) needs mobile code consumer (MCC) to decrypt the code correctly only if some special environmental conditions are true. In this thesis, we introduce a new approach, which is based on environmental key generation, to protect sensitive information within mobile code. It is achieved through introduction of Trusted Computing technology-Sealing. Our approach uses the combination of hardware and software technology, so it is tamper-resistant to attackers.
    [5]CNCERT/CC.CNCERT/CC 2008年网络安全工作报告[R].http://www.cert.org.cn/UserFiles/File/CNCERTCC200901.pdf.
    [6]Finjan.Behavior-Based Security[EB/OL].http://www.finjan.com,2006.
    [7]F.Cohen.Computer Viruses:Theory and Experiments[J].Computers and Security,1987(6):22-35.
    [8]D.M.Chess,S.R.White.An Undetectable Computer Virus[C].In Proceedings of Virus Bulletin Conference,2000.
    [9]George C.Necula.Proof-carrying Code[C].Proceedings of the 2nd ACM SIGPLAN Conference on Programming Language Design and Implementation,Paris,France,1997:106-119.
    [10]G.Morrisett,D.Walker,K.Crary,N.Glew.From System F to Typed Assembly Language[C].ACM Transactions on Programming Languages and Systems,May 1999,21(3):527-568.
    [11]M.Christodorescu,S.Jha.Static Analysis of Executables to Detect Malicious Patterns[C].In Proceedings of the 12th USENIX Security Symposium,August 2003:169-186.
    [12]J.Bergeron,M.Debbabi,J.Deshamais,M.M.Erhioui,Y.Lavoie,N.Tawbi.Static Detection of Malicious Code in Executable Programs[C].1st Symposium on Requirements Engineering for Information Security,Indianapolis,IN,2001.
    [13]W.Landi.Undecidability of Static Analysis[C].ACM Letters on Programming Languages and Systems(LOPLAS),December 1992.ACM Press:323-337.
    [14]E.M.Myers.A Precise Interprocedural Data Flow Algorithm[C].In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages(POPL'81),Jan 1981.ACM Press:219-230.
    [15]D.Geer.Behavior-Based Network Security Goes Mainstream[J].Computer,March 2006,39(3):14-17.
    [16]C.Kruegel,D.Mutz,F.Valeur,G.Vigna.On the Detection of Anomalous System Call Arguments[C].In the Proceeding of the 8th European Symposium on Research in Computer Security(ESORIC S-03),Gjovik,Norway,2003:101-118.
    [17]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,vol.6:151-180.
    [18]K.M.C.Tan,K.S.Killourhy,R.A.Maxion.Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits[C].In the Proceeding of the Recent Advances in Intrusion Detection(RAID-02),Zurich,Switzerland,2002.
    [19]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Intemet Technologies and Systems,Dec 1997.
    [20]V.Prevelakis,D.Spinellis.Sandboxing Applications[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001:119-126.
    [21]D.E.Bell,L.J.LaPadula.Secure Computer Systems:Mathematical Foundations[R].Technical Report ESD-TR-73-278,USAF Electronic Systems Division,Bedford,MA,USA,Nov 1973.
    [22]Department of Defense of USA.Trusted Computer System Evaluation Criteria[S].DoD 5200.28-STD,Auguest 1983.
    [23]L.Adleman.An Abstract Theory of Computer Viruses[J].In Lecture Notes in Computer Science,Vol 403,Spring-Verlag,1990.
    [24]K.J.Biba.Integrity Considerations for Secure Computer Systems[R].Technical Report ESD-TR-76-372,USAF Electronic Systems Division,Bedford,MA,USA,April 1977.
    [25]T.Fraser.LOMAC:Low Water-Mark Integrity Protection for COTS Environments[C].In Proceedings of the 2000 IEEE Symposium on Security and Privacy,Berkeley,California,May 2000.
    [26]T.Fraser.LOMAC:MAC You Can Live With[C].In Proceedings of the FREENIX Track,USENIX Annual Technical Conference,Boston,MA,June 2001.
    [27]W.E.Boebert,R.Y.Kain.A Practical Alternative to Hierarchical Integrity Policies[C].In Proceedings of the 8th National Computer Security Conference,Gaithersburg,MD,1985.
    [28]W.E.Boebert,W.D.Young,R.Y.Kain,S.A.Hansohn.Secure Ada Target:Issues,System Design,and Verification[C].In Proceedings of the 1985 Symposium on Security and Privacy,1985:176-183.
    [29]O.S.Saydjari,J.M.Beckman,J.R.Leaman.LOCK Trek:Navigating Uncharted Space[C].In Proceedings of the 1989 Symposium on Security and Privacy,May 1989:167-175.
    [30]O.S.Saydjari.LOCK:An Historical Perspective[C].18th Annual Computer Security Applications Conference,San Diego,California,Dec 2002:96-109.
    [31]M.Adkins,G.Dolsen,J.Heaney,et al.The Argus Security Model[C].Twelfth National Computer Security Conference Proceedings,Oct 1989:123-134.
    [32]T.Duff.Experiences with Viruses on Unix Systems[J].Computing Systems,1989,2(2):155-172.
    [34]J.S.Fritzinger,M.Mueller.Java Security[R].Technical Report,Sun Microsystems,Inc.,1996.
    [35]L.Gong,M.Mueller,H.Prafullchandra,et al.Going Beyond the Sandbox:An Overview of the New Security Architecture in the Java Development Kit 1.2[C].In Proceedings of the USENIX Symposium on Internet Technologies and Systems,Dec 1997.
    [36]A.Berman,V.Bourassa,E.Selberg.TRON:Process-specific File Protection for the UNIX Operating System[C].In Proceedings of the 1995 USENIX Winter Technical Conference:165-175.
    [37]G.Edjlali,A.Acharya,V.Chaudhary.History-based Access Control for Mobile Code.In Proceedings of the Fifth ACM Conference on Computer and Communications Security,1998.
    [38]S.A.Hofmeyr,S.Forrest,A.Somayaji.Intrusion Detection Using Sequences of System Calls[J].Journal of Computer Security,1998,6(3):151-180.
    [39]S.Forrest,S.A.Hofmeyr,A.Somayaji.A Sense of Self for UNIX Processes[C].In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy,Los Alamitos.CAZ:IEEE Computer Society Press,1996.
    [40]I.Goldberg,D.Wagner,R.Thomas,et al.A Secure Environment for Untrusted Helper Applications[C].In Proceedings of the 6th USENIX Security Symposium,July 1996:1-14.
    [41]D.A.Wagner.Janus:An Approach for Confinement of Untrusted Applications[R].Technical Report CSD-99-1056.Berkeley:University of California,1999.
    [42]Execute Disable Bit Functionality[EB/OL].http://www.intel.com/business/bss/infrastructure/security/xdbit.htm,2004-9-2.
    [43]Nikhil Rastogi.Amd & Intel 64bit Processors Offer Virus Protection[EB/OL].http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=5044,2004-9-2.
    [44]E.Grevstad.CPU-Based Security:The NX Bit[EB/OL].http://hardware.earthweb.com/chips/article.php/3358421,2004-9-2.
    [45]Microsoft Security Bulletin(MS00-078)[EB/OL].http://www.microsoft.com/technet/security/bulletin/MS00-078.mspx,2004-9-2.
    [46]J.H.Saltzer,M.D.Schroeder.The Protection of Information in Computer Systems[C].In Proceedings of the IEEE,Vol.63,No.9,Sep 1975:1278-1308.
    [47]A.Silberschatz,P.B.Galvin,G.Gagne.Operating System Concepts(Sixth Edition)[M].New York:John Wiley & Sons,2002.
    [48]M.I.Seltzer,Y.Endo,C.Small,K.A.Smith.Dealing With Disaster:Surviving Misbehaved Kernel Extensions[C].Proceedings of the USENIX 2nd Symposium on OS Design and Implementation,Seattle,WA,October 28-31,1996.
    [49]Rootkit 综述[EB/OL].http://oldsite.linuxaid.com.cn/solution/showsol.jsp?i=383,2004-9-2.
    [50]J.Clemens.Knark:Linux Kernel Subversion[EB/OL].http://www.sans.org/resources/idfaq/knark.php,2004-9-2.
    [52]A.R.Sadeghi,C.Stuble.Property-based Attestation for Computing Platforms:Caring about Properties,not Mechanisms[C].In Proceedings of the New Security Paradigm Workshop (NSPW),ACM,2004:67-77.
    [53]T.C.Group.TCG Specification architecture overview,Version1.2[EB/OL].https://www.trustedcomputinggroup.org,2003.
    [54]T.C.P.Alliance.TCPA Design Philosophies and Concepts Version 1.0[EB/OL].https://www.trustedcomputinggroup.org,Jan 2001.
    [56]T.C.Group.TCG Specification Architecture Overview[EB/OL].https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf,2007.
    [58]B.L.Vito,P.H.Palmquist,E.R.Anderson,M.L.Johnston.Specification and Verification of the ASOS Kernel[C].IEEE Computer Society Symposium on Research in Security and Privacy.Oakland,Colicornia,USA:IEEE Press,1990:61-74.
    [59]G.H.Nibaldi.Specification of a Trusted Computing Base[R].Technical Report,M79-228.The MITRE Corporation,Bedford,MA,USA,Nov 1979.
    [60]Department of Defense Computer Security Center.Department of Defense Trusted Computer System Evaluation Criteria[S].DoD,USA,Dec 1985.
    [61]B.Pfitzmann,J.Riordan,et al.The PERSEUS System Architecture[R].IBM Technical Report NO.93381.IBM Research Division,Zurich,2001.
    [62]S.Pearson,B.Balacheff.Trusted Computing Platforms:TCPA Technology in Context.Prentice Hall,2003.
    [63]T.C.Group.TCG Specification Architecture Overview,Version1.2[OL].https://www.trustedcomputinggroup.org,2004-04-28.
    [64]Intel.LaGrande Technology Architecture[EB/OL].http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf.
    [65]AMD.AMD Platform for Trustworthy Computing[C].http://www.microsoft.com/whdc/winhec/papers03.mspx,2003.
    [66]Microsoft.Next-generation Secure Application Base[EB/OL].http://www.microsoft.corn/resources/ngscb.
    [67]Microsoft.Network Access Protection Platform Architecture[EB/OL].http://www.microsoft.com/windowsserver2003/techinfo/overview/naparch.mspx,April 2005.
    [68]Cisco.Network Admission Control[EB/OL].http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd800fd d66.shtml.
    [69]T.C.Group.TCG Trusted Network Connect TNC Architecture for Interoperability Specification Version 1.3,Revision 6[EB/OL].https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_3_r6.pdf,2008.
    [70]R.Anderson.TCPA/Palladium Frequently Asked Questions[EB/OL].http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.
    [71]E.W.Felten.Understanding Trusted Computing,Will Its Benefits Outweigh Its Drawbacks?[J].IEEE Security & Privacy,May/June 2003:60-62.
    [72]N.Luhmann.Trust and Power[M].Chichester:John Wiley and Sons,1979.
    [73]M.Deutsch.Cooperation and Trust:Some Theoretical Notes[M].In M.R.Jones,editor,Nebraska symposium on motivation,University of Nebraska,1962:275-319.
    [74]M.Deutsch.The Resolution of Conflict:Constructive and Destructive Processes.New Haven,CT:Yale University,1972.
    [75]D.Gambetta.Can We Trust Trust?[M].In D.Gambetta,Trust:Making and Breaking Cooperative Relations,chapter 13,pp.213-237.Department of Sociology,University of Oxford,electronic edition,2000.
    [79]C.Mundie,et al.Trustworthy Computing.Microsoft PressPass,White Paper[EB/OL].http://www.microsoft.com/presspass/exec/craig/10-02trustworthywp.asp.
    [82]黄涛,沈昌祥.一种基于可信服务器的可信引导方案[J].武汉大学学报(理学版),2004,50(S1):12-14. Huang Tao,Shen Changxiang.A Trusted Bootstrap Scenario Based Trusted Server[J].Journal of Wuhan University(Nature Science)(in Chinese),2004,50(S1):12-14.
    [83]W.A.Arbaugh,D.J.Farber,A.D.Keromytis,J.M.Smith.A Secure and Reliable Bootstrap Architecture[C].In IEEE Symposium on Security and Privacy,1997:65-71.
    [84]Christian Stiible.tGRUB[R].http://www.prosec.Rub.de/tGRUB/README,2004.
    [85]T.Jaeger,R.Sailer,U Shankar.PRIMA:Policy-Reduced Integrity Measurement Architecture [C].In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies(SACMAT 2006),Lake Tahoe,California,2006:134-143.
    [86]Information Assurance Technical Framework Release 3.1[R].National Security Agency,Information Assurance Solution Technical Directors,2002.
    [89]Liu Weiwei,Li Xiaoyong,Han Zhen.A Trusted Source-Based Model of Mobile Code Security[C].In the 2007 International Conference on Machine Learning and Cybernetics,HongKong,2007.
    [90]T.C.Group.Standardizing Network Access Control:TNC and Microsoft NAP to Interoperate[OL].http://www.trustedcomputinggroup.org/tnc/,2007.
    [93]Matt Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
    [95]F.Cohen.Models of Practical Defenses Against Computer Viruses[J].IFIP-TC11,Computers and Security,Vol.7 No.6,Dec 1988.
    [96]M.Cohen.A New Integrity Based Model for Limited Protection Against Computer Viruses.Masters Thesis,The Pennsylvania State University,College Park,PA,1988.
    [97]E.H.Spafford.Computer Viruses as Artificial Life[J].Artificial Life,Volume 1,Number 3,Spring 1994:249-265.
    [98]M.Bishop.An Overview of Computer Viruses in a Research Environment[C].Proceedings of the Fourth Annual Computer Virus and Security Conference,Mar 1991:111-144.
    [100]Microsoft Corporation.深层病毒防护指南-第2章:恶意软件威胁[EB/OL].http://www.microso ft.com/china/technet/security/guidance/avdind_2.mspx,2004-9-2.
    [101]J.Nazario,et al.The Future of Internet Worms.Presented at the Blackhat Briefings,Las Vegas,July,2001.http://www.crimelabs.net/docs/worm.html,2004-9-2.
    [103]B.Schneier.Attack Trees-Modeling Security Threats[J].Dr Dobb's Journal,1999,24(12):21-29.
    [106]W.H.Winsborough,K.E.Seamons,V.E.Jones.Automated Trust Negotiation[C].DARPA Information Survivability Conference and Exposition Volume Ⅰ.Washington:IEEE Press,Jan 2000:88-102.
    [107]李建新,怀进鹏,李先贤.自动信任协商研究[J].软件学报,2006,17(1):124-133.Li JianXin,Huai JinPeng,Li XianXian,Research on Automated Trust Negotiation[J].Journal of Software,2006,17(1):124-133.
    [108]廖振松,金海,李赤松.基于属性的信任协商模型[J].华中科技大学学报,2006,34(5):32-35.Liao Zhensong,Jin Hai,Li Chisong.Model of Attribute-Based Trust Negotiation[J].Journal of Huazhong University of Science and Technology,2006,34(5):32-35.
    [109]D.E.Bell,L.J.LaPadula.Secure Computer Systems:A Mathematical Model[R].Techincal Report,M74-244,the MITRE Corporation,1973.
    [110]K.J.Biba.Integrity Considerations for Secure Computer System[R].Technical Report,ESD-76-372.Bedford,MA:OSAF Electronic System Division,Hanscom Air Force Base,1977.
    [111]D.D.Clark,D.R.Wilson.A Comparison of Commercial and Military Computer Security Policity[C].Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,1987:184-194.
    [112]H.Maruyama,Y.Funaki,T.Nakamura,S.Munetoh,Y.Yamashita.Linux with TCPA Integrity Measurement[R].IBM,Research Report:RT0575,Jan 2003.
    [118]Liu Weiwei,Liu Jiqiang,Han Zhen,Shen Changxiang.Trust Extended Object-oriented Security Model[C].In IET 2nd International Conference on Wireless,Mobile and Multimedia Networks(ICWMMN 2008),2008:486-489.
    [119]J.Riordan,B.Schneier.Environmental Key Generation towards Clueless Agents[J].Mobile Agents and Security,Springer-Verlag LNCS 1419,1998:15-24.
    [120]H.K.Tan,L.Moreau.Certificates for Mobile Code Security[C].Proceedings of the 17th ACM Symposium on Applied Computing(SAC2002),Feb 2001:76-81.
    [121]Long Qin,Si Duanfeng.A Hybrid Security Framework of Mobile Code.COMPSAC 2004,2004:390-395.
    [122]E.Shi,A.Perrig,L.Van Doom.Bind:A Fine-grained Attestation Service for Secure Distributed Systems[C].In Proceedings of the IEEE Symposium on Security and Privacy,2005:154-168.
    [123]Peng Shuanghe,Han Zhen.Single Sign On Using U-Key on Trusted Platform[C].The 8th International Conference on Signal Processing Proceedings(ICSP06),2006.
    [124]T.C.Group.TPM Main Part 3 Commands Specification Version 1.2 Revision 62[S]. https://www.trustedApplicationgroup.org,2003.
    [125]Liu Weiwei,Han Zhen,Wang Qinglong.An Approach to the Sensitive Information Protection for Mobile Code[C].In The First International Symposium on Data,Privacy,and E-Commerce,2007:289-291.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700