Facing the increasing security issues in P2P networks, a scheme for resource sharing using trusted computing technologies is proposed in this paper. We advance a RS-UCON model with decision continuity and attribute mutability to control the usage process and an architecture to illustrate how TC technologies support policy enforcement with bidirectional attestation. The properties required for attestation should include not only integrity measurement value of platform and related application, but also reputation of users and access history, in order to avoid the limitation of the existing approaches. To make a permission, it is required to evaluate both the authorization and conditions of the subject and the object in resource usage to ensure trustable resources to be transferred to trusted users and platform.
The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties: (i) it can describe the software's intended behavior accurately; (ii) it demands a small storage expense; (iii) it provides strong capability to defend against mimicry attack.
PENG Guojun PAN Xuanchen FU Jianming ZHANG Huanguo