State-based file system integrity remote attestation method

A file system and remote attestation technology, applied in the direction of digital data protection, etc., can solve problems such as insufficient judgment of the integrity of the witness system, insufficient integrity of the witness system, etc., and achieve a computationally feasible effect

Inactive Publication Date: 2018-01-19
NANJING UNIV
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The content of these evidences has certain reference value for judging whether the presenter system currently has integrity, but these evidences are not sufficient for judging whether the presenter system currently has integrity, and it is not enough to judge whether the presenter system currently has integrity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] Assume that the initial state of the file system is to open two files: / bin / f1, / etc / f2. The file system has two data objects: (1) The variable x representing the total number of currently open files, the initial value is x=2; (2) The tree structure representing all open file directories and file nodes is sorted in the order of node depth first , the initial state is ( / )(bin)(f1)(etc)(f2). The user's system call sequence is open(" / home / hh / f3"), open(" / home / hh / f4").

[0026] The verification algorithm execution steps are as follows:

[0027] 1) Determine the initial state of the system

[0028] 2) Enter the system call sequence: open(" / home / hh / f3"), open(" / home / hh / f4"), i=1, n=2;

[0029] 3) At this time, i=1, n=2, if i>n is not satisfied, go to the next step 4);

[0030] 4)a 1 =open(" / home / hh / f3") is a system call structure that changes the tree data object. After the system call is executed, the condition that the tree object must meet is to include { / bin / f1, / et...

Embodiment 2

[0040]Assume the same as example 1. The user's system call sequence is open(" / home / hh / f3"), open(" / home / hh / f4"), close( / home / hh / f4). The verification algorithm execution process is as follows:

[0041] 1) Determine the initial state of the system ;

[0042] 2) Enter the system call sequence: open(" / home / hh / f3"), open(" / home / hh / f4"), close( / home / hh / f4); i=1, n=3;

[0043] 3) At this time, i=1, n=3, if i> n is not satisfied, go to the next step 4);

[0044] 4)a 1 =open(" / home / hh / f3") is a system call structure that changes the tree data object. After the system call is executed, the condition that the tree object must meet is to include { / bin / f1, / etc / f2} ∪{ / home / hh / } minimum tree: ( / ) (bin) (f1) (etc) (f2) (home) (hh) (f3); x=3; go to the next step 5);

[0045] 5) At this time, i=1, execute 1+1→i, and go to the next step 3).

[0046] The following enters the second round of the algorithm:

[0047] 3) At this time, i=2, n=2, if i>n is not satisfied, go to the next step 4)...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a state-based file system integrity remote attestation method which includes the steps: (1) reading attestation end system input alpha; (2) reading attestation end system states; (3) transmitting attestation end system evidence (alpha, s); (4) verification algorithm F of a verification end: calling a sequence alpha according to a system by the verification end after receiving a binary group (alpha, s), calculating characteristic conditions P (alpha) met by a set F (alpha) of all possible states of a file system after finishing system calling sequences, and judging whether the state s in the binary group (alpha, s) meets the conditions P (alpha) or not. The method has the advantages that integrity conditions of the file system in an operating system kernel are dynamically judged at random time in running of the system are proposed for the first time, actual calculation of all the possible states of the system is omitted in the verification algorithm, and only conditions necessarily met by the states need to be calculated, so that calculation is feasible.

Description

technical field [0001] The present invention relates to a state-based remote attestation method for file system integrity. When a computer system (certifier) ​​wants to establish a session with another computer system (verifier) ​​for interaction, the verifier needs to Witnesses verify. The invention proposes a verification method between a prover and a verifier. It belongs to the field of information security technology. technical background [0002] When a computer system (certifier) ​​wants to establish a session with another computer system (verifier) ​​to interact, the common practice is to verify the user identity of the prover and the user's permissions. The remote attestation proposed by trusted computing requires verifying the status of the prover system and judging whether the prover system currently has integrity. The remote attestation methods so far include attesting the version number of the operating system of the system where the witness is located, the ve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/64
Inventor 黄皓黄威王承毅
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap