摘要
提出一种借助系统调用实现基于信息流的完整性度量的方法。该方法将度量过程分为离线阶段和运行阶段。在离线阶段,软件执行的系统调用被监控和记录,结合系统调用和信息流的关系抽象出软件的信息流基准值。在运行阶段,分析软件运行时的系统调用信息,获得软件运行时的信息流,根据信息流基准值检查软件的信息流是否出现异常,度量软件的完整性。为了验证方法的可行性,文章以Apache服务器为例,实现该方法的原型系统。实验表明该方法能够发现软件运行时完整性被破坏而出现的异常信息流。
An approach to implementing information-flow-based integrity measurement via system calls has been proposed.Our approach departs the measurement process into offline stage and online stage.On offline stage,system calls which are invoked by software have been monitored and recorded,then based on the relations between system calls and information flows,we Abstract the information flows baseline of the running software.On online stage,we obtain information flows by monitoring system calls executed by software,then detect whether they are abnormal to the baseline and measure the integrity of software.In order to prove our approach is practical,we deploy it with Apache web server.The experiment result shows that our approach can effectively detect abnormal information flows when software integrity have been damaged.
出处
《计算机与数字工程》
2010年第8期1-5,共5页
Computer & Digital Engineering
基金
国家863项目(编号:2007AA01Z414)
国家自然科学基金项目(编号:60873213
60703103)
北京市自然科学基金项目(4082018)资助
关键词
完整性度量
信息流
系统调用
integrity measurement
information flow
system calls