CN110263545B - Starting process integrity measurement detection method based on Android system - Google Patents

Starting process integrity measurement detection method based on Android system Download PDF

Info

Publication number
CN110263545B
CN110263545B CN201910428686.7A CN201910428686A CN110263545B CN 110263545 B CN110263545 B CN 110263545B CN 201910428686 A CN201910428686 A CN 201910428686A CN 110263545 B CN110263545 B CN 110263545B
Authority
CN
China
Prior art keywords
measurement
img
value
trusted
kernel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910428686.7A
Other languages
Chinese (zh)
Other versions
CN110263545A (en
Inventor
黑新宏
高文
王一川
王昌舒
朱赫
白彬彬
张丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Technology
Original Assignee
Xian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Technology filed Critical Xian University of Technology
Priority to CN201910428686.7A priority Critical patent/CN110263545B/en
Publication of CN110263545A publication Critical patent/CN110263545A/en
Application granted granted Critical
Publication of CN110263545B publication Critical patent/CN110263545B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a method for detecting the integrity measurement of a starting process based on an Android system, which comprises the steps that from power-on, a trusted measurement root CRTM guides a Bootloader and verifies the integrity of the Bootloader, a secure hash algorithm SHA-1 is adopted to operate the Bootloader, an obtained actual measurement value is compared with an RIM value in an RIM certificate, and if the comparison result is consistent, the result is stored in a platform configuration register to be stored in the trusted root; then CRTM hands over control to Bootloader; in the process of measuring the kernel by the Bootloader, a comprehensive measurement value TValue for the kernel is obtained by using a trust measurement model, and finally the credibility of the whole Android system is achieved. The invention solves the problems that the integrity measurement architecture in the trusted computing is too complex, difficult to expand and does not reflect the credible behavior in the prior art.

Description

Starting process integrity measurement detection method based on Android system
Technical Field
The invention belongs to the technical field of mobile intelligent terminals, and particularly relates to a starting process integrity measurement detection method based on an Android system.
Background
The Android system is the most widely applied mobile operating system at present. The Android system is characterized by strong openness, and each manufacturer can customize the system according to the requirement; the installation of the third-party application is convenient and fast without too many limitations, and the key factor for promoting the continuous development of the android system is also realized. While the Android mobile intelligent terminal provides convenience for the user, serious potential safety hazards are caused, such as: personal information, passwords and the like stored in the terminal become main targets of attackers, and information such as short message content, contact lists, call records and the like is easy to steal. The Android application program is driven by the message, and the driven application program is not matched with a touch mechanism, so that the touch mechanism plays a significant role in an Android system. Since the first Android Trojan program is discovered in 2010, the amount of malicious software under Android is rapidly increased, and a risk which is difficult to predict is brought to data security of a user. With the increase of malicious codes of the Android system, a touch mechanism becomes an object selected by an attacker. The touch mechanism is a precondition for operating all client application programs, so that the integrity of the core code of the touch mechanism is detected, malicious codes can be effectively prevented from being implanted into the touch mechanism, and the safety of user data is ensured. Malicious codes in the Android system cannot be easily found by a user, and are usually embedded into a system layer and are more covert than malicious software running in an application layer. More seriously, the method can call the hardware equipment of the mobile phone, and carry out candid shooting, recording and the like. Therefore, the method and the device have important significance for improving the safety of the Android system and preventing private information from being leaked to the user.
Trusted Computing (Trusted Computing) is a Trusted Computing platform widely used in Computing and communication systems and supported by hardware security modules, so as to improve the security of the whole system. The concept of Trusted Computing is the earliest to appear in the relevant documents of the safety of the rainbow series information system in the united states, the world-leading IT major enterprise IBM, hewlett packard, intel and microsoft jointly launch and establish a Trusted Computing Platform Alliance (TCPA for short), and the establishment of the Trusted Computing Platform Alliance also marks that the basic research and industrialization of the Trusted Computing technology enter a brand-new development stage. In 2003, the Trusted Computing platform alliance has been renamed and recombined into a Trusted Computing Group (TCG), and the emergence of the Trusted Computing Group has also promoted research and application of Trusted Computing technologies and thought of higher-level development. Various trusted computing specifications have been developed and established with respect to trusted computing platforms, trusted storage, and trusted network connections since the federation of trusted computing platforms and trusted computing organizations hold.
The trusted computing technology belongs to a brand-new information system security technology, and the principle applied to the Android mobile intelligent terminal is to introduce a security chip architecture into a hardware platform of the mobile terminal, so that the security and the reliability of the Android terminal are improved, and the defect caused by the open characteristic of an Android system is overcome. A large number of application examples show that the research and development of a trusted mobile platform are milestones of the development of trusted computing technology, and the research and development of the trusted mobile platform are provided by Intel and IBM corporation in 2004, and a corresponding protocol is established, so that the safety of the mobile intelligent terminal is greatly improved. With respect to the structural characteristics, the trusted mobile platform is a system with password operation capability and storage function, the security of the mobile intelligent terminal is further ensured through systems such as encryption, authentication and secret keys, and the security problem which the Android mobile intelligent terminal faces all the time can be effectively solved.
Disclosure of Invention
The invention aims to provide a starting process integrity measurement detection method based on an Android system, and solves the problems that an integrity measurement framework in trusted computing is too complex, difficult to expand and does not reflect credible behaviors in the prior art.
The technical scheme adopted by the invention is that the starting process integrity measurement detection method based on the Android system comprises the following steps:
starting from power-on, the root of trust measurement CRTM boots a Bootloader and verifies the integrity of the Bootloader, wherein the Bootloader is a boot program before the system is started;
adopting a secure hash algorithm SHA-1 to calculate Bootloader to obtain an actual measurement value, comparing the obtained actual measurement value with an RIM value in an RIM certificate, and if the comparison result is consistent, storing the result in a platform configuration register to store a trusted root;
then CRTM hands over the control right to Bootloader; if the comparison result is different, the starting is failed, and the inspection report is sent to the user.
In the process of measuring the kernel by the Bootloader, a comprehensive measurement value TValue for the kernel is obtained by using a trust measurement model, a corresponding trust decision is made according to a confidence threshold Tm, the confidence threshold Tm is used as a judgment standard of the trust decision, if the system kernel is trusted, the TValue is greater than Tm, a result is stored in a platform configuration register to store the trusted root, then the control right is given to the system kernel, otherwise, the system cannot be started continuously, a check report is sent to a user, and according to the same method, the Android operating system and a third-party application program are measured, and finally the trust of the whole Android system is achieved.
The present invention is also characterized in that,
the MTM defines a plurality of trusted roots, including a measurement trusted root RTM, a storage trusted root RTS and a report trusted root RTR, wherein the RTM is stored in a read-only ROM as a software module, the first one is executed and can not be modified after the system is powered on, the MTM is used as a starting point of the measurement and verification of the trust, the storage trusted root RTS and the report trusted root RTR are contained in the MTM as hardware modules and are used for integrity storage and report, a reference integrity measurement value RIM and a RIM certificate are also defined in the MTM, the value of the RIM is a measurement summary of an entity, a secure storage area written in the trusted root in advance is used for the entity to conform to an expected reference value, and a reference basis is provided for each time of the integrity verification of the system, and the RIM certificate is an integrity protection structure subjected to digital signature and contains the value of the RIM, the digital signature and some related additional information.
The storing trusted root RTS consists of a trusted platform measurement configuration register PCR, which is a 160-bit storage location, the number of registers is at least 16, all stored in the mobile trusted module, it allows to store an unlimited number of measurement values, and also maintains the order of measurement, the PCR holds the cumulative HASH value of all currently generated measurement values SHA-1, and the 160-bit cumulative HASH value indicates the state of all measured component integrity.
The trust metric model is expressed as { V, E }, wherein V represents a node set, E represents an edge set, the node set V is a finite set { rt, T }, rt represents a root target, namely rt represents { TVage, TCount }, TVage represents a comprehensive metric value obtained after the measurement of each sub-target is completed, TCount represents the number of the sub-targets, TCount takes the value of {0 8230m }, when TCount =0, the minimum target needing to be measured is irreparable, the target set T = { T1, T2, 8230t }, tn }, T = { Name, type, TVage, TCount }, name represents the Name of the target, type represents the Type of the target, the edge set E is a combination relation, the edge set E represents a weight value, the value range [0,1] of the weight value meets a condition.
In step 1, the amounts are specifically as follows:
in the operating process of the Bootloader, the Bootloader reads a system kernel image ZImap and a root file system image Ramdisk. Setting a system kernel needing to be measured as a root target rt, and generating a ZImap, a System.img, a Ramdisk.img, a Userdata.img and a Recovery.img mirror image after Android source code compiling is completed, wherein the mirror image comprises files and related libraries required by Android startup and operation, so that the system kernel is measured, namely all the generated mirror images are measured, and in the process of measuring the system kernel, the System.img, the Ramdisk.img, the ZImap, the Recovery.img and the Userdata.img mirror image are taken as sub targets of the root target;
different images are different in importance degree and possibility of being invaded, so different images are endowed with different weights, ZImage is a kernel image, system.img is a system image and is used for storing important files of an Android system, including package and library files, a memory disk file Ramdisk.img stores files to be loaded when a Linux kernel is started, a recovery.img image is only used for updating, a Bootloader enters a corresponding mode according to user selection, different modes comprise ZImage and Ramdisk.img files, userdata.img is a user data image and stores data related to a user, and the size of an Android device memory is determined;
according to the importance degree and the risk degree of each mirror image, setting the weight value allocated by ZImage as w1, setting the weight value allocated by system.img as w2, setting the weight value allocated by ramdisk.img as w3, setting the weight value allocated by recovery.img as w4, and setting the weight value allocated by user data.img as w5, the relationship of the corresponding weight values should be:
w1+w2+w3+w4+w5=1;
w1>w2>w3>w4>w5;
the subfiles contained in the kernel mirror image ZImage are all system core files, so that the ZImage mirror image is measured integrally during measurement;
img image contains the following subdirectory files: app, bin, etc, fonts, frame, lib, media, priv-app, tts, usr, and vendor, the weight assignment of these directories when measured is analyzed:
the weight distribution sequence of each directory is as follows:
framework>priv-app>app>xbin=bin=lib>etc>fonts=tts=media=user=vendor
the Ramdisk.img comprises some very important configuration files and a first process init loaded after a kernel is started, the init can respectively analyze the init.rc and init.gold fish.rc configuration files to initialize and load a system library and a program until the startup is completed, the init process is also responsible for creating a plurality of subprocesses including a Zygote process in the system, the Zygote process is a parent process of all JAVA processes, and the init action execution is divided into four time periods: early-init, early-boot and boot, and distributing the weight values according to the sequence of the configuration file analyzed in the starting process, wherein the distribution sequence is as follows:
init.rc>init.goldfish.rc>ueventd.rc>init.environ.rc>init.usb.rc>init.trace.rc
because recovery.img is composed of ZImage and Ramdisk.img, the ZImage part is the same as the kernel image which is normally started, so that only the Ramdisk.img image of the ZImage part needs to be measured, the measurement weight distribution is consistent with the above, and for Userdata.img, only a native benchmark file which is irrelevant to a user application program needs to be measured as the measurement value of the Userdata.img;
after the weight of the subdirectory corresponding to each mirror image is distributed, the first-level subdirectory is respectively measured, and the measurement result is used as e i Indicating, wherein i indicates the number of first-level subdirectories, if the subdirectories are more than oneIf the measurement result is the same as the referential integrity measurement value, the measurement result corresponding to the subdirectory is 1, otherwise, the measurement result is 0, and the weight corresponding to the subdirectory is represented as a i And i represents the number of the first-level subdirectories, the comprehensive measurement value TValue is as follows:
TValue=∑e i *a i
for the case of a secondary directory, a measure is taken similar to that described above.
The method has the advantages that a credible measurement mechanism is combined with an Android platform, a credible concept is expanded on the basis of analyzing the integrity measurement mechanism, a trust measurement mechanism is introduced, a safety chip is added in the system to serve as a credible root, a trust chain is established in a step-by-step measurement mode, and then the trust is expanded to the whole Android terminal, so that the safety of an information system is ensured. In the process of measuring step by step, the comprehensive trust of the measurement target is calculated according to the model, the comprehensive trust is compared with a threshold of the confidence, if the comprehensive trust is higher than the threshold of the confidence, the control right is given to the measurement target, otherwise, the system fails to start, and a detection report result is informed to a user.
Drawings
FIG. 1 is a flowchart of an Android startup process in a startup process integrity measurement detection method based on an Android system;
fig. 2 is a trust chain transfer process based on a trusted mobile module in the method for detecting integrity of a boot process based on an Android system;
fig. 3 is an improved measurement model provided in the method for detecting integrity of a starting process based on an Android system.
Detailed Description
The present invention will be described in detail with reference to the following embodiments.
The invention relates to a starting process integrity measurement detection method based on an Android system, which combines a credibility measurement mechanism with an Android platform, can effectively judge the integrity and safety of Android codes, and will be explained in detail as follows:
at present, the safety coefficient of an Android intelligent terminal is low, in order to adopt a Trusted computing technology to perform security reinforcement, an MTM (Mobile Trusted Module) Trusted Module is required to be additionally arranged on the Android intelligent terminal, and because the Android system generally has the characteristics of small volume, low energy consumption and the like, an MTM Trusted service system can be additionally arranged to perform extended storage processing through a TF card, and the MTM based on a TF interface can be adopted to perform Trusted computing transformation on the Android intelligent Mobile terminal system, so that the security reinforcement requirement is met.
A large number of examples show that the MTM-based trust chain transfer technology (as shown in fig. 2) is a main technology for ensuring the integrity and security of an Android system by using a trusted computing technology, and the trust relationship of a trusted computing platform can be extended from a trusted measurement root to the whole Android terminal system by reasonably using the trust chain technology. The mobile terminal trust chain takes an MTM mobile trusted module as a core, a starting point is a core trust root module CRTM (core root of trust), the CRTM is a first program which runs after the system is powered on, and is a section of simple controllable code module, which is considered to be completely trusted.
The invention relates to a starting process integrity measurement detection method based on an Android system, which comprises the following steps of:
as shown in FIG. 1, from power-up, root of trust measurement CRTM boots a Bootloader, which is the bootstrap program before system boot, and verifies its integrity;
adopting a secure hash algorithm SHA-1 to calculate Bootloader to obtain an actual measurement value, comparing the obtained actual measurement value with an RIM value in an RIM certificate, and if the comparison result is consistent, storing the result in a platform configuration register to store a trusted root;
then CRTM hands over the control right to Bootloader; if the comparison result is different, the starting is failed, and the inspection report is sent to the user.
In the process of measuring the kernel by the Bootloader, a comprehensive measurement value TValue for the kernel is obtained by using a trust measurement model, a corresponding trust decision is made according to a confidence threshold Tm, the confidence threshold Tm is used as a judgment standard of the trust decision, if the system kernel is trusted, the TValue is greater than Tm, a result is stored in a platform configuration register to store the trusted root, then the control right is given to the system kernel, otherwise, the system cannot be started continuously, a check report is sent to a user, and according to the same method, the Android operating system and a third-party application program are measured, and finally the trust of the whole Android system is achieved.
The MTM also defines a reference integrity metric value RIM and a RIM certificate, wherein the value of the RIM is a metric digest of an entity, is a secure storage area written in the trust root in advance, is the entity conforms to an expected reference value, and provides a reference basis for each system integrity verification, and the RIM certificate is a protection structure subjected to digital signature and internally contains the value of the RIM, a digital signature and some related additional information.
The storing trusted root RTS consists of a trusted platform measurement configuration register PCR, which is a 160-bit storage location, the number of registers is at least 16, all stored in the mobile trusted module, it allows to store an unlimited number of measurement values, and also maintains the order of measurement, the PCR holds the cumulative HASH value of all currently generated measurement values SHA-1, and the 160-bit cumulative HASH value indicates the state of all measured component integrity.
However, since the Android system files are numerous, the Hardware Abstraction Layer (HAL) of the Android aims to abstract hardware, and hardware interface details of a specific platform are hidden in order to protect intellectual property of hardware manufacturers. Therefore, different hardware manufacturers have different codes of related files of a hardware abstraction layer, and have different reference integrity measurement values required by Android mobile terminals of different hardware manufacturers, so that the original credible measurement mechanism has poor expandability. Similarly, logo.c under source code/system/core/init and bootanimation under framworks/base/cmds are used for setting boot animation, boot animation corresponding to different mobile terminal devices is different, and for the changes of manufacturers, the mobile terminal is still considered to be credible.
As shown in fig. 3, the confidence metric model is represented as { V, E }, where V represents a node set, E represents an edge set, the node set V is a finite set { rt, T }, rt represents a root target, that is, rt represents { TValue, TCount }, TValue represents a comprehensive metric value obtained after the measurement of each sub-target is completed, TCount represents the number of sub-targets, TCount takes a value of {0 \8230m }, when TCount =0, the minimum target that needs to be measured is irreparable, the target set T = { T1, T2, \8230tn }, T = { Name, type, TValue, TCount }, name represents the Name of the target, type represents the Type of the target, the edge set E is a combined relationship, the edge set E represents a weight value, a weight value range [0,1] of the weight value, and a condition is satisfied.
In step 1, the medium amounts are as follows:
in the operating process of the Bootloader, reading a system kernel image ZImap and a root file system image Ramdisk. Setting a system kernel needing to be measured as a root target rt, and generating a ZImap, a System.img, a Ramdisk.img, a Userdata.img and a Recovery.img mirror image after Android source code compiling is completed, wherein the mirror image comprises files and related libraries required by Android startup and operation, so that the system kernel is measured, namely all the generated mirror images are measured, and in the process of measuring the system kernel, the System.img, the Ramdisk.img, the ZImap, the Recovery.img and the Userdata.img mirror image are taken as sub targets of the root target;
different images are different in importance degree and possibility of being invaded, so different images are endowed with different weights, ZImage is a kernel image, system.img is a system image and is used for storing important files of an Android system, including package and library files, a memory disk file Ramdisk.img stores files to be loaded when a Linux kernel is started, a recovery.img image is only used for updating, a Bootloader enters a corresponding mode according to user selection, different modes comprise ZImage and Ramdisk.img files, userdata.img is a user data image and stores data related to a user, and the size of an Android device memory is determined;
according to the importance degree and the risk degree of each mirror image, setting the weight value allocated by ZImage as w1, setting the weight value allocated by system.img as w2, setting the weight value allocated by ramdisk.img as w3, setting the weight value allocated by recovery.img as w4, and setting the weight value allocated by user data.img as w5, the relationship of the corresponding weight values should be:
w1+w2+w3+w4+w5=1;
w1>w2>w3>w4>w5;
each mirror image comprises each file directory, different directories correspond to different functions in the Android, and the following two factors are considered when determining the weight value:
firstly, the higher the importance is to judge the credible importance degree of the system, the larger the weight value is.
And secondly, judging the independence of the files, wherein the greater the independence is, and other files have dependency on the files, the higher the weight is.
The subfiles contained in the kernel mirror image ZImage are all system core files, so that the ZImage mirror image is measured integrally during measurement;
img image contains the following subdirectory files: app, bin, etc, fonts, frame, lib, media, priv-app, tts, usr, and vendor, whose weight assignment is analyzed when measured:
a large number of bottom layer attacks are generated on a Framework layer of Android, for example, privacy acquisition of touch events is achieved, and the purpose of privacy stealing is achieved by modifying source codes of the Framework layer. While these changes will cause the Framework. Jar files under the system. The priv-app and the app respectively store an apk file and an application program of a system core, and malicious software can be installed under the two file directories to become a system-level application program. In addition, root virus can be injected into lists of xbin, bin and lib of the mobile phone to cause the phenomena of private fee deduction and malicious popup of the mobile phone, so that the lists are the lists which need to be measured intensively. In contrast, the Vendor directory stores the configuration files of third party vendors, so we can assign them relatively low weight. Therefore, the weight value distribution sequence of each directory is as follows:
framework>priv-app>app>xbin=bin=lib>etc>fonts=tts=media=user=vendor
img contains some very important configuration files and a first process init loaded after the kernel is started, init can respectively analyze init.rc and init.gold fish.rc configuration files to initialize and load a system library and a program until the startup is completed, the init process is also responsible for creating a plurality of subprocesses including a Zygote process in the system, the Zygote process is a parent process of all JAVA processes, and the execution of the init action is divided into four time periods: early-init, early-boot and boot, and distributing the weight values according to the sequence of the configuration file analyzed in the starting process, wherein the distribution sequence is as follows:
init.rc>init.goldfish.rc>ueventd.rc>init.environ.rc>init.usb.rc>init.trace.rc
because recovery.img is composed of ZImage and Ramdisk.img, the ZImage part is the same as the kernel image which is normally started, so that only the Ramdisk.img image of the ZImage part needs to be measured, the measurement weight distribution is consistent with the above, and for Userdata.img, only a native benchmark file which is irrelevant to a user application program needs to be measured as the measurement value of the Userdata.img;
after the weight of the subdirectory corresponding to each mirror image is distributed, the first-level subdirectory is respectively measured, and the measurement result is used as e i The number of the first-level subdirectories is represented by i, if the measurement result of the subdirectories is the same as the referential integrity measurement value, the measurement result of the corresponding subdirectories is 1, otherwise, the measurement result is 0, and the weight corresponding to the subdirectories is represented as a i And i represents the number of the first-level subdirectories, the comprehensive measurement value TValue is as follows:
TValue=∑e i *a i
for the case of the secondary directory, a measure is taken similar to that described above.
The improved measurement model converges the measurement results of the leaf nodes to each sub-target according to different weights, and then converges to a total target to obtain the final credibility. The TCG integrity measurement model obtains a binary result, the improved measurement model obtains comprehensive trust, and compared with the original model, the improved measurement model has higher expandability and applicability.

Claims (1)

1. A starting process integrity measurement detection method based on an Android system is characterized by comprising the following steps:
starting from power-on, the root of trust measurement CRTM boots a Bootloader and verifies the integrity of the Bootloader, wherein the Bootloader is a boot program before the system is started;
adopting a secure hash algorithm SHA-1 to calculate Bootloader to obtain an actual measurement value, comparing the obtained actual measurement value with an RIM value in an RIM certificate, and if the comparison result is consistent, storing the result in a platform configuration register to store a trusted root;
then CRTM hands over the control right to Bootloader; if the comparison results are different, the starting is failed, and a check report is sent to the user;
in the process of measuring the kernel by the Bootloader, obtaining a comprehensive measurement value TValue for the kernel by using a trust measurement model, making a corresponding trust decision according to a confidence threshold Tm, wherein the confidence threshold Tm is used as a judgment standard of the trust decision, if the kernel of the system is trusted, the TValue > Tm, storing the result into a platform configuration register for storing a root of trust, and then giving a control right to the kernel of the system, otherwise, the system cannot be continuously started, and sending a check report to a user;
in the measurement process of the Android operating system, a comprehensive measurement value TValue for the Android operating system is obtained by using a trust measurement model, a corresponding trust decision is made according to a threshold value Tm, the threshold value Tm is used as a judgment standard of the trust decision, if the Android operating system is trusted, the TValue is greater than Tm, the result is stored in a platform configuration register to store a root of trust, then the control right is given to the Android operating system, otherwise, the system cannot be started continuously, and a check report is sent to a user;
in the measurement process of the third-party application program of the Android operating system, a comprehensive measurement value TValue of the third-party application program is obtained by using a trust measurement model, a corresponding trust decision is made according to a threshold value Tm, the threshold value Tm is used as a judgment standard of the trust decision, if the third-party application program is trusted, the TValue is greater than Tm, the result is stored in a platform configuration register to be stored in a trusted root, and then the control right is given to the third-party application program, otherwise, the third-party application program cannot be started, and a check report is sent to a user; finally, the credibility of the whole Android system is achieved;
the MTM defines a plurality of trusted roots, including a measurement trusted root RTM, a storage trusted root RTS and a report trusted root RTR, wherein the RTM is stored in a read-only ROM as a software module, the first one is executed and cannot be modified after the system is powered on, the MTM is used as a starting point of trusted measurement and verification, the storage trusted root RTS and the report trusted root RTR are contained in the MTM as hardware modules and are used for integrity storage and report, a reference integrity measurement value RIM and a RIM certificate are also defined in the MTM, the value of the RIM is a measurement summary of an entity, is a secure storage area written into the trusted root in advance, is a reference value that the entity accords with an expected value, and provides a reference basis for each time of system integrity verification, and the RIM certificate is an integrity protection structure subjected to digital signature and contains the value of the RIM, the digital signature and some related additional information;
the RTS is composed of a trusted platform measurement configuration register PCR, the PCR is a 160-bit storage position, the number of registers is at least 16, the registers are stored in the mobile trusted module, the RTS allows the storage of an unlimited number of measurement values, the measurement sequence is kept, the PCR stores the accumulated HASH value of all currently generated measurement values SHA-1, and the 160-bit accumulated HASH value represents the state of the integrity of all measured components;
the trust measurement model is expressed as { V, E }, wherein V represents a node set, E represents an edge set, the node set V is a finite set { rt, T }, rt represents a root target, namely rt represents { TValue, TCount }, TValue represents a comprehensive measurement value obtained after measurement of each sub-target is completed, TCount represents the number of the sub-targets, TCount takes on the value of {0 8230m }, when TCount =0, the minimum target needing measurement is irreparable, a target set T = { T1, T2, 823030tn }, T = { Name, type, TValue, TCount }, name represents the Name of the target, type represents the Type of the target, edge set E represents a combination relation, edge set E represents a weight value, and the value range [0,1] of the weight value meets a condition;
the method comprises the following steps:
in the operating process of the Bootloader, reading a system kernel image ZImage and a root file system image Ramdisk. Setting a system kernel needing to be measured as a root target rt, and generating a ZImap, a System.img, a Ramdisk.img, a Userdata.img and a recovery.img mirror image after Android source code compiling is completed, wherein the mirror image comprises files and related libraries required by Android startup and operation, so that the system kernel is measured, namely all the generated mirror images are measured, and in the process of measuring the system kernel, the System.img, the Ramdisk.img, the ZImap, the recovery.img and the Userdata.img mirror image are used as sub-targets of the root target;
different images are different in importance degree and possibility of being invaded, so different images are endowed with different weights, ZImage is a kernel image, system.img is a system image and is used for storing important files of an Android system, including package and library files, a memory disk file Ramdisk.img stores files to be loaded when a Linux kernel is started, a recovery.img image is only used for refreshing, a Bootloader enters a corresponding mode according to user selection, different modes comprise ZImage and Ramdisk.img files, userdata.img is a user data image and stores data related to a user, and the size of an Android device memory is determined;
according to the importance degree and the risk degree of each mirror image, setting the weight value allocated by ZImage as w1, setting the weight value allocated by system.img as w2, setting the weight value allocated by ramdisk.img as w3, setting the weight value allocated by recovery.img as w4, and setting the weight value allocated by user data.img as w5, the relationship of the corresponding weight values should be:
w1+w2+w3+w4+w5=1;
w1>w2>w3>w4>w5;
the subfiles contained in the kernel mirror image ZImage are all system core files, so that the ZImage mirror image is measured integrally during measurement;
img contains the following subdirectory files: app, bin, etc, fonts, frame, lib, media, priv-app, tts, usr, and vendor, whose weight assignment is analyzed when measured:
the weight distribution sequence of each directory is as follows:
framework>priv-app>app>xbin=bin=lib>etc>fonts=tts=media=user=vendor
the Ramdisk.img comprises some very important configuration files and a first process init loaded after a kernel is started, the init can respectively analyze the init.rc and init.gold fish.rc configuration files to initialize and load a system library and a program until the startup is completed, the init process is also responsible for creating a plurality of subprocesses including a Zygote process in the system, the Zygote process is a parent process of all JAVA processes, and the init action execution is divided into four time periods: early-init, early-boot and boot, and the weight values are distributed according to the sequence of the configuration file analyzed in the boot starting process, wherein the distribution sequence is as follows:
init.rc>init.goldfish.rc>ueventd.rc>init.environ.rc>init.usb.rc>init.trace.rc
because recovery.img is composed of ZImage and Ramdisk.img, the ZImage part is the same as the kernel image which is normally started, so that only the Ramdisk.img image of the ZImage part needs to be measured, the measurement weight distribution is consistent with the above, and for Userdata.img, only a native benchmark file which is irrelevant to a user application program needs to be measured as the measurement value of the Userdata.img;
distribute each toAfter the weight of the subdirectory corresponding to each mirror image, the first-level subdirectory is respectively measured, and the measurement result is measured by e i Representing, wherein i represents the number of first-level subdirectories, if the subdirectory measurement result is the same as the referential integrity measurement value, the measurement result corresponding to the subdirectory is 1, otherwise, the result is 0, and representing the weight corresponding to the subdirectory as a i And i represents the number of the first-level subdirectories, the comprehensive measurement value TValue is as follows:
TValue=∑e i *a i
for the case of the second-level directory, after the weights of the second-level subdirectories are distributed, the second-level subdirectories are respectively measured, and the measurement result is used as e k And expressing, wherein k expresses the number of the second-level subdirectories, if the measurement result of the second-level subdirectories is the same as the referential integrity measurement value, the measurement result corresponding to the second-level subdirectories is 1, otherwise, the result is 0, and the weight corresponding to the second-level subdirectories is expressed as a k Then the composite metric value TValue:
TValue=∑e k *a k
CN201910428686.7A 2019-05-22 2019-05-22 Starting process integrity measurement detection method based on Android system Active CN110263545B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910428686.7A CN110263545B (en) 2019-05-22 2019-05-22 Starting process integrity measurement detection method based on Android system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910428686.7A CN110263545B (en) 2019-05-22 2019-05-22 Starting process integrity measurement detection method based on Android system

Publications (2)

Publication Number Publication Date
CN110263545A CN110263545A (en) 2019-09-20
CN110263545B true CN110263545B (en) 2022-11-04

Family

ID=67915085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910428686.7A Active CN110263545B (en) 2019-05-22 2019-05-22 Starting process integrity measurement detection method based on Android system

Country Status (1)

Country Link
CN (1) CN110263545B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688649A (en) * 2019-10-16 2020-01-14 中国电子信息产业集团有限公司第六研究所 Application loading method and device based on trusted technology
CN111045744B (en) * 2019-12-17 2024-03-08 全球能源互联网研究院有限公司 System credibility verification starting method and device
CN111324497B (en) * 2020-02-20 2023-10-27 杭州涂鸦信息技术有限公司 Partition self-checking method and system for linux system
CN113536387A (en) * 2020-04-15 2021-10-22 青岛海信移动通信技术股份有限公司 Terminal and method for detecting integrity of kernel data
CN114091110A (en) * 2020-08-04 2022-02-25 华为技术有限公司 Integrity measurement method and integrity measurement device
CN112769800B (en) * 2020-12-31 2022-10-04 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Switch integrity verification method and device and computer storage medium
CN112464271B (en) * 2021-01-27 2021-05-04 信联科技(南京)有限公司 Method and system for constructing high-reliability execution environment of power Internet of things edge Internet of things agent
CN113868344B (en) * 2021-09-29 2024-04-16 国网智能电网研究院有限公司 Power application-oriented construction system, method, device, server and storage medium
CN117240611B (en) * 2023-11-13 2024-01-30 傲拓科技股份有限公司 PLC information security protection system and method based on artificial intelligence

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
US8756417B1 (en) * 2014-02-04 2014-06-17 Sypris Electronics, Llc Multi-level assurance trusted computing platform
CN107679393A (en) * 2017-09-12 2018-02-09 中国科学院软件研究所 Android integrity verification methods and device based on credible performing environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
US8756417B1 (en) * 2014-02-04 2014-06-17 Sypris Electronics, Llc Multi-level assurance trusted computing platform
CN107679393A (en) * 2017-09-12 2018-02-09 中国科学院软件研究所 Android integrity verification methods and device based on credible performing environment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Formal Analysis of Trust Chain;Chen Li等;《 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing》;20100607;111-116页 *
可信计算中的可信度量机制;张立强等;《北京工业大学学报》;20100531;586-591页 *
基于TMA的Android平台信任链构建方法研究;纪祥敏等;《计算机仿真》;20141215;第31卷(第12期);346-404页 *
移动可信模块MTM在嵌入式系统中的应用;凌君等;《军事通信技术》;20091231;26-30+57页 *

Also Published As

Publication number Publication date
CN110263545A (en) 2019-09-20

Similar Documents

Publication Publication Date Title
CN110263545B (en) Starting process integrity measurement detection method based on Android system
US9680648B2 (en) Securely recovering a computing device
US8417962B2 (en) Device booting with an initial protection component
US8254568B2 (en) Secure booting a computing device
US7725703B2 (en) Systems and methods for securely booting a computer with a trusted processing module
US8850212B2 (en) Extending an integrity measurement
US8028172B2 (en) Systems and methods for updating a secure boot process on a computer with a hardware security module
KR101120825B1 (en) Method and system for ensuring that a software update may be installed or run only on a specific device or class of devices
US7506380B2 (en) Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US8291480B2 (en) Trusting an unverified code image in a computing device
Muthukumaran et al. Measuring integrity on mobile phone systems
US7669059B2 (en) Method and apparatus for detection of hostile software
US20070180509A1 (en) Practical platform for high risk applications
US8689318B2 (en) Trusted computing entities
Martin The ten-page introduction to Trusted Computing
US20170255775A1 (en) Software verification systems with multiple verification paths
US11397815B2 (en) Secure data protection
CN114021106B (en) Remote authentication method, device and system for credibility measurement
CN114818012B (en) Linux file integrity measuring method based on white list
Korthaus et al. A practical property-based bootstrap architecture
Safford et al. A trusted linux client (tlc)
Sisinni Verification of Software Integrity in Distributed Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant