CN101414279A - Test device for credible software stack - Google Patents

Test device for credible software stack Download PDF

Info

Publication number
CN101414279A
CN101414279A CN 200810197669 CN200810197669A CN101414279A CN 101414279 A CN101414279 A CN 101414279A CN 200810197669 CN200810197669 CN 200810197669 CN 200810197669 A CN200810197669 A CN 200810197669A CN 101414279 A CN101414279 A CN 101414279A
Authority
CN
China
Prior art keywords
test
software stack
credible software
proving installation
credible
Prior art date
Application number
CN 200810197669
Other languages
Chinese (zh)
Inventor
张焕国
严飞
何凡
徐士伟
汤梅
邹冰玉
Original Assignee
武汉大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉大学 filed Critical 武汉大学
Priority to CN 200810197669 priority Critical patent/CN101414279A/en
Publication of CN101414279A publication Critical patent/CN101414279A/en

Links

Abstract

The invention provides a testing device of a trusted software stack. The testing device comprises a service provider testing device for testing a management function of a service provider of the trusted software stack; a core service testing device for testing the management function of the core service of the trusted software stack; and an equipment drive library testing device for testing the management function of a TCG equipment drive library of the trusted software stack. The testing device of the trusted software stack eliminates implementation differences among products, realizes testing versatility and enhances testing efficiency, and the system has good versatility and good expandability.

Description

Test device for credible software stack

Technical field

The present invention relates to the information system security technical field, particularly relate to and follow the credible software stack that Trusted Computing is organized standard.

Background technology

International Trusted Computing tissue (TCG, Trusted Computing Group) formulated a series of technical manual, Trusted Computing (TC wherein, Trusted Computing, document [1] sees reference) technology become the new focus of information security field, to making up safety information system great directive significance arranged.Trusted Computing also begins to move towards to use, and enterprise has all released many Trusted Computing products both at home and abroad.In credible calculating platform (TCP, the Trusted Computing Platform) system that this technology is used, credible platform module (TPM, Trusted Platform Module) is the root of trust of whole platform.This system is by the chain that breaks the wall of mistrust, and will trust from root of trust to pass to BIOS (Basic Input or Output System (BIOS)), operating system and Trusted Computing applied environment successively.

Credible software stack (TSS, TCG Software Stack, the document that sees reference [2]) is used the interface that visit TPM is provided for the Trusted Computing on upper strata, is ingredient important in the whole system.The Related product of TSS has Infineon TPMProfessional Package 3.0, IBM TrouSerS and NTRU CTSS etc. at present, is applied in widely in the credible calculating platform, provides the visit of TPM and the support of management.The described standard of TC is that a kind of product is ideally realized reference, and most of manufacturer is not in strict accordance with this standard development product.For guaranteeing the safety support of TSS, need testing authentication TSS product whether to meet the code requirement of Trusted Computing, and have not yet to see the effective ways that TSS is tested TCP.

Summary of the invention

Technical matters to be solved by this invention is: a kind of test device for credible software stack is provided, and this device can carry out consistent property testing to different TSS products.

The technical solution adopted in the present invention is: it comprises a kind of ISP's proving installation, is used to test ISP's management function of credible software stack; A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack; A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.

Method provided by the invention is compared with domestic prior art has following major advantage:

The first, aspect content measurement, realize effective extraction to the TSS standard, the function that obtains TSS is divided, and has formed the basic test set of TSS, has eliminated the difference on realizing between the product, has realized the versatility of test;

Second, aspect method of testing, load tested TSS by the utilization reflex mechanism, obtain the various attributes of power function in the tested TSS product, trigger the variety of event of tested TSS program, thereby reach the purpose of automatic test, improved the efficient of test, system has good versatility and extendability.

Description of drawings

Fig. 1 is that the function of credible software stack is divided.

Fig. 2 is the test model of credible software stack.

Fig. 3 is based on the TSS test frame of reflex mechanism.

Fig. 4 is the credible software stack test flow chart.

Embodiment

Set forth the present invention according to preferred implementation below, but be not limited to these optimal ways.

As shown in Figure 1, according to the defined content of TSS standard of TCG, test device for credible software stack comprises:

A kind of ISP's proving installation, the ISP's management function that is used to test credible software stack;

A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack;

A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.

(1) ISP's proving installation can comprise:

The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;

The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;

Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.

(2) the kernel service proving installation can comprise:

Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;

Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;

Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.

(3) device drives library test device comprises:

TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.

On the basis of the TSS proving installation that the present invention divides in front, proposed the test model of a TSS,, according to standard the relevant information of the function among the measurand TSS has been carried out abstractly, be stored in the test database by setting up the database relevant with test.As shown in Figure 2, this proving installation also comprises:

Main proving installation, the main test procedure on it obtain testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, calls the local credible software stack test module on each proving installation simultaneously; Test result with each proving installation feedback stores in the database at last;

Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report.

Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.

Its whole course of work is:

(1) the main test procedure on the main proving installation obtains testing requirement from test call interface, upper strata, need to determine the credible software stack module of test;

(2) main test procedure Query Database obtains the corresponding test case of each tested module, and the local credible software stack test module that calls simultaneously on each proving installation is tested credible software stack;

(3) test result of at last each proving installation being fed back stores in the database.

As shown in Figure 3, main proving installation can utilize reflex mechanism to call local credible software stack test module on each proving installation, comprising:

1) main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case;

2) dynamically create the example of tested module;

3) load the tested module example at last, obtain the various attributes of tested module, call the method for testing of tested module.

As shown in Figure 4, main proving installation calls the local credible software stack test module on each proving installation, and the step that credible software stack is tested comprises:

A) test of beginning credible software stack;

B) begin to test a functional module in the credible software stack;

C) test according to one group of test case of this functional module correspondence, obtain one group of test result;

D) judge whether to be last group test case,, go to step e),, go to step c) if be "No" if be "Yes";

E) judge whether to be last credible software stack functional module,, go to step f),, go to step b) if be "No" if be "Yes".

F) finish the test of credible software stack.

Embodiment:

As shown in Figure 1, test device for credible software stack comprises:

ISP's proving installation, the ISP's management function that is used to test credible software stack;

The kernel service proving installation, the kernel service management function that is used to test credible software stack;

Device drives library test device, the TCG device drives library management function that is used to test credible software stack;

Main proving installation is used for obtaining testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, calls the local credible software stack test module on each proving installation simultaneously; Test result with each proving installation feedback stores in the database at last;

Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report;

Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.

ISP's proving installation specifically comprises again:

The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;

The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;

Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.

The kernel service proving installation specifically comprises again:

Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;

Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;

Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.

Device drives library test device specifically comprises again:

TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.

Its whole course of work is as shown in Figure 2:

1. the main test procedure on the main proving installation obtains testing requirement from test call interface, upper strata, need to determine the credible software stack module of test.

2. main test procedure Query Database obtains the corresponding test case of each tested module.As shown in Figure 3, the test case of a tested functional module of software stack comprises Test1, Test2 ..., Testi ..., Testn (1≤i≤n, i, n are natural number), and form successively testing process Test1, Test2 ..., Testi ... Testn.

3. main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case.As the method program collection of test case Testi correspondence comprise Testi () ....

4. the test of beginning credible software stack.

5. begin to test a functional module of credible software stack.

6. dynamically create the example of tested module.

7. load the tested module example, obtain the various attributes of tested module, call the method for testing of tested module.

8. test according to one group of test case of this functional module correspondence, obtain one group of test result.As shown in Figure 3, call the Test1 test earlier, just call Test2 test when carrying out step 8 next time, and the rest may be inferred.

9. judge whether to be last group test case,, go to step 10,, go to step 8 if be "No" if be "Yes";

10. judge whether to be last credible software stack functional module,, go to step 11,, go to step 5 if be "No" if be "Yes".

11. finish the test of credible software stack.

12. the test result of each proving installation feedback is stored in the database.

13. by apparatus for evaluating the test result in the database is analyzed, is obtained test report.

List of references

[1]Trusted?Computing?Group.TCG?Specification?Architecture?Overview?[EB/OL].[2007-04-08]https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf

[2]Trusted?Computing?Group.TCG?Software?Stack(TSS)Specifiction?[EB/OL].[2005-12-01].https://www.trustedcomputinggroup.org/specs/TSS

Claims (7)

1. test device for credible software stack is characterized in that comprising:
A kind of ISP's proving installation, the ISP's management function that is used to test credible software stack;
A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack;
A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.
2. test device for credible software stack as claimed in claim 1 is characterized in that ISP's proving installation comprises:
The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;
The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;
Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.
3. test device for credible software stack as claimed in claim 1 is characterized in that the kernel service proving installation comprises:
Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;
Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;
Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.
4. test device for credible software stack as claimed in claim 1 is characterized in that device drives library test device comprises:
TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.
5. as the described test device for credible software stack of arbitrary claim in the claim 1~4, it is characterized in that also comprising:
Main proving installation is used for obtaining testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, and the local credible software stack test module that calls simultaneously on each proving installation is tested credible software stack; Test result with each proving installation feedback stores in the database at last;
Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report;
Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.
6. test device for credible software stack as claimed in claim 5 is characterized in that main proving installation utilizes reflex mechanism to call local credible software stack test module on each proving installation, comprising:
1) main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case;
2) dynamically create the example of tested module;
3) load the tested module example at last, obtain the various attributes of tested module, call the method for testing of tested module.
7. test device for credible software stack as claimed in claim 5 is characterized in that main proving installation calls the local credible software stack test module on each proving installation, and the step that credible software stack is tested comprises:
A) test of beginning credible software stack;
B) begin to test a functional module in the credible software stack;
C) test according to one group of test case of this functional module correspondence, obtain one group of test result;
D) judge whether to be last group test case,, go to step f),, go to step c) if be "No" if be "Yes";
F) judge whether to be last credible software stack functional module,, go to step g),, go to step b) if be "No" if be "Yes".
G) finish the test of credible software stack.
CN 200810197669 2008-11-18 2008-11-18 Test device for credible software stack CN101414279A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810197669 CN101414279A (en) 2008-11-18 2008-11-18 Test device for credible software stack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810197669 CN101414279A (en) 2008-11-18 2008-11-18 Test device for credible software stack

Publications (1)

Publication Number Publication Date
CN101414279A true CN101414279A (en) 2009-04-22

Family

ID=40594817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810197669 CN101414279A (en) 2008-11-18 2008-11-18 Test device for credible software stack

Country Status (1)

Country Link
CN (1) CN101414279A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045355A (en) * 2010-12-20 2011-05-04 西安西电捷通无线网络通信股份有限公司 Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG)
CN102193862A (en) * 2010-03-10 2011-09-21 微软公司 Testing user interfaces in multiple execution environments
CN102736975A (en) * 2011-04-13 2012-10-17 国民技术股份有限公司 Test method and test system for testing trusted computing password support platform
CN102193862B (en) * 2010-03-10 2016-12-14 微软技术许可有限责任公司 User interface is tested in multiple execution environment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102193862A (en) * 2010-03-10 2011-09-21 微软公司 Testing user interfaces in multiple execution environments
CN102193862B (en) * 2010-03-10 2016-12-14 微软技术许可有限责任公司 User interface is tested in multiple execution environment
CN102045355A (en) * 2010-12-20 2011-05-04 西安西电捷通无线网络通信股份有限公司 Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG)
CN102045355B (en) * 2010-12-20 2013-01-16 西安西电捷通无线网络通信股份有限公司 Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG)
CN102736975A (en) * 2011-04-13 2012-10-17 国民技术股份有限公司 Test method and test system for testing trusted computing password support platform
CN102736975B (en) * 2011-04-13 2016-01-20 国民技术股份有限公司 A kind of method of testing that trusted computing password support platform is tested and system

Similar Documents

Publication Publication Date Title
Braun et al. Verifying computations with state
Jensen et al. Colored Petri nets: a graphical language for formal modeling and validation of concurrent systems
CN105283852B (en) A kind of method and system of fuzzy tracking data
Gokhale Architecture-based software reliability analysis: Overview and limitations
Halfond et al. Combining static analysis and runtime monitoring to counter SQL-injection attacks
Mellado et al. A common criteria based security requirements engineering process for the development of secure information systems
Basili et al. Improve soft-ware quality by reusing knowledge and experience
JP2014112892A (en) Method and apparatus for providing security to devices
Le Goues et al. Genprog: A generic method for automatic software repair
EP1982270B1 (en) Context based code analysis
Behrouz et al. Ecodroid: An approach for energy-based ranking of android apps
Garavel et al. SVL: a scripting language for compositional verification
Newsome et al. Replayer: Automatic protocol replay by binary analysis
Kwiatkowska et al. Quantitative analysis with the probabilistic model checker PRISM
US9037448B2 (en) Computer system, program, and method for assigning computational resource to be used in simulation
CN102880546B (en) Software integration testing method and system based on extensible markup language (XML) database
Bradley et al. Analysing distributed internet worm attacks using continuous state-space approximation of process algebra models
Moore et al. Static analysis for efficient hybrid information-flow control
KR20170063662A (en) Automated verification of a software system
Schlingloff et al. Modeling and model checking web services
US7890808B2 (en) Testing software applications based on multiple data sources
Fraser et al. Generating parameterized unit tests
Corin et al. An improved constraint-based system for the verification of security protocols
US20070220341A1 (en) Software testing automation framework
US9118713B2 (en) System and a method for automatically detecting security vulnerabilities in client-server applications

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Open date: 20090422

C12 Rejection of a patent application after its publication