Abstract:
Integrity measurement is a hot research topic in trusted computing. The potential defects of the existing integrity measurement models under open network environment are analyzed. Aiming at these defects, an on-command model for integrity measurement is proposed. In this model, interrogators define their policy of integrity measurement according to their own security needs. Measurement policy is made up of code and data flow integrity measurement policy. Interrogatee only measure the integrity of relevant components defined in measurement policy, not all possible components in interrogee. Interrogee maybe was inquired from many interrogators simultaneously and should construct special instance of integrity measurement for each interrogator. Compared with the existing models, the noticeable point of this model is the self-defining measurement policy, which provides enough convenience to meet interrogators needs. Meanwhile, this model supported integrity measurement of both code and data flow, which overcome the one-sided defect of measuring partial object. Remote attestation and prototype system based on this model are built in a stream media service network. In this network, servers measure the integrity of clients media player before service, and measure the integrity of media data during service. The experiment under stream media service network indicate that this model has solved the existing problems and could be adapted to open network environment with acceptable performance cost.