A Novel Integrity Measurement Architecture for Embedded Linux Systems

Jia Qiaowen; Ma Haoyu; Li Yan; Wang Zheyu; Shi Wenchang

doi:10.7544/issn1000-1239.20220525

Journal of Computer Research and Development > 2022 > 59(10): 2362-2375. > DOI: 10.7544/issn1000-1239.20220525 CSTR: 32373.14.issn1000-1239.20220525

Jia Qiaowen, Ma Haoyu, Li Yan, Wang Zheyu, Shi Wenchang. A Novel Integrity Measurement Architecture for Embedded Linux Systems[J]. Journal of Computer Research and Development, 2022, 59(10): 2362-2375. DOI: 10.7544/issn1000-1239.20220525

Citation:

PDF (1123 KB)

A Novel Integrity Measurement Architecture for Embedded Linux Systems

¹(Institute of Software, Chinese Academy of Sciences, Beijing 100190)
²(University of Chinese Academy of Sciences, Beijing 100049)
³(School of Cyber Engineering, XidianUniversity, Xi’an 710126)
⁴(School of Information, Renmin University of China, Beijing 100872)

Funds: This work was supported by the National Natural Science Foundation of China (61972215, 61972073, 62172238) and the National Key Research and Development Program of China(2018YFA0704703).

More Information

Published Date: September 30, 2022

Graphical Abstract

Abstract

Abstract

Integrity measurement architecture (IMA) is an important component of trusted computing. However, existing IMA schemes possess a number of practical limitations when applied in embedded systems. In this paper, we propose dynamic integrity measurement architecture at kernel-level (DIMAK), an effective and efficient runtime integrity measurement architecture for embedded Linux systems. DIMAK supports just-in-time integrity measurement for code texts and static data in both kernel and user space, as well as dynamic linking information maintained by position independent executables (PIE). Exploiting the process, memory and page management mechanism of Linux kernel, DIMAK is capable of measuring the to-be-measured contents at physical-page-level, hence avoids potential time-of-check to time-of-use (TOCTTOU) vulnerability that has been discovered in existing techniques. On top of that, by proposing a predictive integrity baseline generation technique for the relocation and dynamic linking information of ELF files, the proposed architecture achieves better completeness than the state-of-the-art schemes in case of responding to threats like hooking-based control flow hijacking and dynamically loaded malware. Also, with a novel trusted software hot-fix protocol, the proposed architecture becomes the first IMA scheme capable of correctly distinguishing on-the-fly software patching behaviors from malicious code loading. Given different types of contents to be measured, DIMAK generates the corresponding integrity baselines at a variety of timings, e.g., during off-line phase, system booting, process loading or dynamic code loading, thus ensures correctness of the architecture’s integrity measurement for all possible scenarios. Experiments on real commercial embedded devices have also shown that performance overhead caused by DIMAK is sufficiently acceptable for embedded devices.
- trusted computing,
- integrity measurement architecture,
- trusted platform module,
- embedded system,
- Linux

FullText(HTML)

References (0)

[1]	Ge Zhenxing, Xiang Shuai, Tian Pinzhuo, Gao Yang. Solving GuanDan Poker Games with Deep Reinforcement Learning[J]. Journal of Computer Research and Development, 2024, 61(1): 145-155. DOI: 10.7544/issn1000-1239.202220697
[2]	Liu Qixu, Liu Jiaxi, Jin Ze, Liu Xinyu, Xiao Juxin, Chen Yanhui, Zhu Hongwen, Tan Yaokang. Survey of Artificial Intelligence Based IoT Malware Detection[J]. Journal of Computer Research and Development, 2023, 60(10): 2234-2254. DOI: 10.7544/issn1000-1239.202330450
[3]	Li Qian, Lin Chenhao, Yang Yulong, Shen Chao, Fang Liming. Adversarial Attacks and Defenses Against Deep Learning Under the Cloud-Edge-Terminal Scenes[J]. Journal of Computer Research and Development, 2022, 59(10): 2109-2129. DOI: 10.7544/issn1000-1239.20220665
[4]	Li Minghui, Jiang Peipei, Wang Qian, Shen Chao, Li Qi. Adversarial Attacks and Defenses for Deep Learning Models[J]. Journal of Computer Research and Development, 2021, 58(5): 909-926. DOI: 10.7544/issn1000-1239.2021.20200920
[5]	Chen Yufei, Shen Chao, Wang Qian, Li Qi, Wang Cong, Ji Shouling, Li Kang, Guan Xiaohong. Security and Privacy Risks in Artificial Intelligence Systems[J]. Journal of Computer Research and Development, 2019, 56(10): 2135-2150. DOI: 10.7544/issn1000-1239.2019.20190415
[6]	Cao Zhenfu. New Devolopment of Information Security——For the 60th Anniversary of Journal of Computer Research and Development[J]. Journal of Computer Research and Development, 2019, 56(1): 131-137. DOI: 10.7544/issn1000-1239.2019.20180756
[7]	Wang Yilei, Zhuo Yifan, Wu Yingjie, Chen Mingqin. Question Answering Algorithm on Image Fragmentation Information Based on Deep Neural Network[J]. Journal of Computer Research and Development, 2018, 55(12): 2600-2610. DOI: 10.7544/issn1000-1239.2018.20180606
[8]	Li Chao, Yin Lihua, Guo Yunchuan. Analysis for Probabilistic and Timed Information Flow Security Properties via ptSPA[J]. Journal of Computer Research and Development, 2011, 48(8): 1370-1380.
[9]	Wei Yong, Lian Yifeng, and Feng Dengguo. A Network Security Situational Awareness Model Based on Information Fusion[J]. Journal of Computer Research and Development, 2009, 46(3): 353-362.
[10]	Liu Guohua, Song Jinling, Huang Liming, Zhao Danfeng, Song Li. Measurement and Elimination of Information Disclosure in Publishing Views[J]. Journal of Computer Research and Development, 2007, 44(7): 1227-1235.

Cited By

Cited by

Periodical cited type(2)

1.	邵子豪，霍如，王志浩，倪东，谢人超. 基于区块链的移动群智感知数据处理研究综述. 浙江大学学报(工学版). 2024(06): 1091-1106 .
2.	赵贺贺，高鹏飞，张健明. 英式逆拍卖可以提高第三支柱养老保险市场效率吗？. 长沙民政职业技术学院学报. 2023(01): 74-80 .