Abstract:
Dynamic multi-path trust chain (DMPTC) is a software type and character based mechanism to assure system trustworthiness. DMPTC differentiates static system software and dynamic application software and takes different ways and policies to control the loading and running of various executable codes. The goal of DMPTC is to build a trusted computing platform by making computing platform only load and run trustworthy executables. DMPTC can be used to: 1) resist malicious codes (including known and unknown virus) which are the most serious threats to information systems, so as to improve system continuity of operation; and 2) help to manage and control what applications can be executed in business systems, improve their cost-effectiveness and productivity efficiency. DMPTC mainly uses the hash value of executables to verify their authenticity and integrity which is always a time-exhausted process; However, DMPTC gives great consideration to the impact it causes to system performance. Based on the attributes of various executables and by taking advantage of Windows interior security mechanisms, DMPTC reduces the time cost of the executables verification process greatly. The testing of DMPTC implemented on Windows platform shows that the performance loss caused by DMPTC is lower than 1%, and it is this optimization result that ultimately assures the flexibility and utility of DMPTC.