Abstract
Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Trusted Computing Group. TCG Specification Architecture Overview. 2007
Kuhlmann D, Landfermann R, Ramasamy H. An open trusted computing architecture secure virtual machines enabling user defined policy enforcement. Open Trusted Computing (OpenTC) Consortium Technical Report. 2006
State Cryptography Administration. Functionality and Interface Specification of Cryptographic Support Platform for Trusted Computing (in Chinese). 2007
Shen C, Zhang H, Feng D, et al. Survey of information Security. Sci China Ser F-Inf Sci, 2007, 50: 273–298
Zhang H, Luo J, Jin G, et al. Development of trusted computing research (in Chinese). J Wuhan Univ (Nat Sci Ed), 2006, 52: 513–518
State Bureau of Quality and Technical Supervision. Rules on Administration of Information Security Product Testing and Certification (in Chinese), 1999
Wu S. Ten years’ exploration for test, evaluation and certification of information security (in Chinese). Inf Secur Comm Priv, 2007, 6: 5–8
Zhan J, Zhang H. Automated testing of the trusted platform module (in Chinese). J Comp Res Develop, 2009, 48: 1839–1846
Luo J. Research on testing and evaluating technology of trusted computing platform (in Chinese). PHD Thesis. Wuhan: Wuhan University, 2008
Li H, Hu H, Chen X. Research on compliant testing method of trusted cryptography module (in Chinese). J Comput, 2009, 32: 654–663
Cui Q, Shi W. An approach for compliance validation of TPM through applications. J Graduate School Chinese Acad Sci. 2008, 25: 649–656
Anupam D, Jason F, Deepak G, et al. A logic of secure systems and its application to trusted computing. In: Pandey C S, ed. 30th IEEE Symposium on Security & Privacy. Oakland: IEEE Computer Society Press, 2009. 221–236
Xu M, Zhang H, Yan F. Testing on trust chain of trusted computing platform based on labeled transition system (in Chinese). J Comput, 2009, 32: 635–645
Sadeghi A, Selhorst M, Stueble C, et al. TCG inside?-a note on TPM specification compliance. In: Mitchell C, ed. The First ACM Workshop on Scalable Trusted Computing. New York: Association for Computing Machinery, 2006. 47–56
Lin A H. Automated analysis of security APIs. Master Thesis. Cambridge: Massachusetts Institute of Technology, 2005
Gurgens S, Rudolph C, Scheuermann D, et al. Security evaluation of scenarios based on the TCG’s TPM specification. In: Biskup J, Lopez J, eds. Proceedings of 12th European Symposium on Research In Computer Security. Dresden: Springer, 2007. 438–453
Luo J, Yan F, Yu F, et al. Research on cryptology mechanism of trusted computing platform module (in Chinese). J Comput Appl, 2008, 28: 1907–1915
Chen X. The formal analysis and testing of trusted platform module (in Chinese). J Comput, 2009, 32: 646–653
Li H, Feng D. Compliant testing method of trusted cryptography module (in Chinese). J Wuhan Univ (Nat Sci Ed), 2009, 55: 31–34
Gergely T, Koszegi G, Hornák Z. Case study: automated security testing on the trusted computing platform. In: Mitchell C, ed. Proceedings of the 1st ACM SIGOPS European Workshop on System Security, New York: Association for Computing Machinery, 2008. 35–39
Millen J, Guttman J, Ramsdell J, et al. Analysis of a Measured Launch. The MITRE Corporation Technical Report. 2007
Chen S, Wen Y, Wen H. Formal analysis of secure bootstrap in trusted computing. In: Xiao B, Yang L T, Ma J H, eds. Proceedings of 4th International Conference on Autonomic and Trusted Computing. Berlin: Springer, 2007. 352–360
Deepak G, Jason F, Dilsun K, et al. Towards a Theory of Secure Systems. Technical Report CMU-CyLab-08-003. 2008
Focardi R, Gorrieri R. Classification of security properties (Part I: information flow). In: Focardi R, Gorrieri R, eds. Foundations of Security Analysis and Design-Tutorial Lectures, LNCS, Vo1. 2171. Franconia: Springer-Verlag, 2001. 331–396
Zhou W, Yin Q, Guo J. Non-interference models in computer security (in Chinese). Comput Sci, 2005, 32: 159–165
Xu M. Security analysis for chain of trust of trusted computing platform (in Chinese). PHD thesis. Wuhan: Wuhan University, 2009
Shi E, Perrig A, Doorn L V. BIND: A fine-grained attestation service for secure distributed systems. In: Pandey C S, ed. 24th IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society Press, 2005. 154–168
Sutherland D. A model of information. In: Merwin R E, ed. Proceedings of the 9th National Computer Security Conference. Gaithersburg: IEEE Computer Society, 1986. 175–183
Wittbold J T, Johnson D M. Information flow in nondeterministic systems. In: Landwehr C E, ed. Proceedings of the IEEE Symposium on Research in Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1990. 144–161
Piazza C, Pivato E, Rossi S. CoPS-checker of persistent security. In: Jensen K, Podelski A, eds. Tools and Algorithms for the Construction and Analysis of Systems, 10th Int. Conf., TACAS’04. LNCS, Vol. 2988. Berlin: Springer-Verlag, 2004. 144–152
Hamlet R. Random testing. In: Marciniak J, ed. Encyclopedia of Software Engineering, 1994. 970–978
Rainer G, Ralf G, Thomas B. Random testing: from the classical approach to a global view and full test automation. In: Wong E, ed. Proceedings of the Second International Workshop on Random Testing. New York: Association for Computing Machinery, 2007. 30–37
Chen T Y, Leung H, Mak I K. Adaptive random testing. In: Maher M J, ed. Proceedings of 9th Asian Computing Science Conference. Hongkong: Springer-Verlag, 2004. 77–89
Chen T Y, Robert M. Quasi-random testing. In: Cheung S C, ed. Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering. New York: Association for Computing Machinery, 2005. 309–312
Csallner C, Smaragdakis Y. JCrasher: an automatic robustness tester for Java. Softw: Pract Exp, 2004, 34: 1025–1050
Baresi L, Michal Y. Test Oracles. Technical Report CIS-TR-01-02. 2001
Yang Y. Research on defects oriented automated software testing (in Chinese). PHD thesis. Wuhan: Wuhan University, 2009
Yan F. Research on some theory and technology of trusted computing (in Chinese). PHD thesis. Wuhan: Wuhan University, 2007
Mao W, Yan F, Chen C. Daonity: grid security with behaviour conformity from trusted computing. In: Mitchell C, eds. The First ACM Workshop on Scalable Trusted Computing. New York: Association for Computing Machinery, 2006. 43–46
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhang, H., Yan, F., Fu, J. et al. Research on theory and key technology of trusted computing platform security testing and evaluation. Sci. China Inf. Sci. 53, 434–453 (2010). https://doi.org/10.1007/s11432-010-0062-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-010-0062-4