项目名称: 基于行为认证码的软件动态可信认证机制研究
项目编号: No.61202387
项目类型: 青年科学基金项目
立项/批准年度: 2013
项目学科: 计算机科学学科
项目作者: 彭国军
作者单位: 武汉大学
项目金额: 25万元
中文摘要: 目前,软件安全问题日益突出,软件动态可信已经成为高可信软件构造等领域亟待解决的关键问题。 本课题提出软件行为认证码的概念,并基于软件行为认证码实施软件动态可信认证研究。首先,深入研究并凝练软件高可信需求,以此为依据从软件中多层次多粒度提取"软件预期关键行为可信描述集",然后通过软件行为摘要算法对其进行处理获得"软件行为认证码",针对不同的软件可信需求类别,创建高效的多粒度的软件行为监控机制,通过深入研究软件动态可信演化规律,构建软件动态可信形式化模型,并以此创建一套相对完善的软件动态可信认证机制,初步建立软件动态可信认证理论及关键技术框架,为构建高可信软件提供重要的理论和技术基础。该研究对软件漏洞挖掘及系统安全防护领域的深入研究和应用同样具有重要支撑作用。
中文关键词: 动态可信;可信软件;行为认证;恶意代码;系统安全
英文摘要: Currently, the software security issues have become increasingly prominent.Software dynamic trust authentication has become the key issues to be solved in the field of High Confidence Software construction. The key to the rising software security problem is software dynamic trust in the field of high-confidence software construction. Therefore, this project tackles this problem by introducing the concept of Software Behavior Authentication Code(SBAC) and employing the concept to dynamic trust authentication of software. In accordance with software demands for high-confidence, it abstracts trusted signature sets of software expected key behaviors at multi-level granularity. The abstraction algorithm in this context encompasses digital signature, public-key algorithm, HASH tree, graph theory to obtain the Software Behavior Authentication Code. On the basis of this it dynamically adjusts the granularity of behavior monitoring and deploy monitoring points, forming effective mechanism of software behavior monitoring. Combining with intrinsic conversion rules of software dynamic trust, we construct the formalized model and software dynamic trust authentication mechanism based on the Software Behavior Authentication Code. In the meantime, such initially established theory, model architecture and key technologies prov
英文关键词: Dynamic Trust;Trust Software;Behavior Authenticatiion;Malware;System Security