CN101414279A - Test device for credible software stack - Google Patents
Test device for credible software stack Download PDFInfo
- Publication number
- CN101414279A CN101414279A CN 200810197669 CN200810197669A CN101414279A CN 101414279 A CN101414279 A CN 101414279A CN 200810197669 CN200810197669 CN 200810197669 CN 200810197669 A CN200810197669 A CN 200810197669A CN 101414279 A CN101414279 A CN 101414279A
- Authority
- CN
- China
- Prior art keywords
- test
- software stack
- credible software
- proving installation
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a testing device of a trusted software stack. The testing device comprises a service provider testing device for testing a management function of a service provider of the trusted software stack; a core service testing device for testing the management function of the core service of the trusted software stack; and an equipment drive library testing device for testing the management function of a TCG equipment drive library of the trusted software stack. The testing device of the trusted software stack eliminates implementation differences among products, realizes testing versatility and enhances testing efficiency, and the system has good versatility and good expandability.
Description
Technical field
The present invention relates to the information system security technical field, particularly relate to and follow the credible software stack that Trusted Computing is organized standard.
Background technology
International Trusted Computing tissue (TCG, Trusted Computing Group) formulated a series of technical manual, Trusted Computing (TC wherein, Trusted Computing, document [1] sees reference) technology become the new focus of information security field, to making up safety information system great directive significance arranged.Trusted Computing also begins to move towards to use, and enterprise has all released many Trusted Computing products both at home and abroad.In credible calculating platform (TCP, the Trusted Computing Platform) system that this technology is used, credible platform module (TPM, Trusted Platform Module) is the root of trust of whole platform.This system is by the chain that breaks the wall of mistrust, and will trust from root of trust to pass to BIOS (Basic Input or Output System (BIOS)), operating system and Trusted Computing applied environment successively.
Credible software stack (TSS, TCG Software Stack, the document that sees reference [2]) is used the interface that visit TPM is provided for the Trusted Computing on upper strata, is ingredient important in the whole system.The Related product of TSS has Infineon TPMProfessional Package 3.0, IBM TrouSerS and NTRU CTSS etc. at present, is applied in widely in the credible calculating platform, provides the visit of TPM and the support of management.The described standard of TC is that a kind of product is ideally realized reference, and most of manufacturer is not in strict accordance with this standard development product.For guaranteeing the safety support of TSS, need testing authentication TSS product whether to meet the code requirement of Trusted Computing, and have not yet to see the effective ways that TSS is tested TCP.
Summary of the invention
Technical matters to be solved by this invention is: a kind of test device for credible software stack is provided, and this device can carry out consistent property testing to different TSS products.
The technical solution adopted in the present invention is: it comprises a kind of ISP's proving installation, is used to test ISP's management function of credible software stack; A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack; A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.
Method provided by the invention is compared with domestic prior art has following major advantage:
The first, aspect content measurement, realize effective extraction to the TSS standard, the function that obtains TSS is divided, and has formed the basic test set of TSS, has eliminated the difference on realizing between the product, has realized the versatility of test;
Second, aspect method of testing, load tested TSS by the utilization reflex mechanism, obtain the various attributes of power function in the tested TSS product, trigger the variety of event of tested TSS program, thereby reach the purpose of automatic test, improved the efficient of test, system has good versatility and extendability.
Description of drawings
Fig. 1 is that the function of credible software stack is divided.
Fig. 2 is the test model of credible software stack.
Fig. 3 is based on the TSS test frame of reflex mechanism.
Fig. 4 is the credible software stack test flow chart.
Embodiment
Set forth the present invention according to preferred implementation below, but be not limited to these optimal ways.
As shown in Figure 1, according to the defined content of TSS standard of TCG, test device for credible software stack comprises:
A kind of ISP's proving installation, the ISP's management function that is used to test credible software stack;
A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack;
A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.
(1) ISP's proving installation can comprise:
The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;
The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;
Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.
(2) the kernel service proving installation can comprise:
Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;
Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;
Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.
(3) device drives library test device comprises:
TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.
On the basis of the TSS proving installation that the present invention divides in front, proposed the test model of a TSS,, according to standard the relevant information of the function among the measurand TSS has been carried out abstractly, be stored in the test database by setting up the database relevant with test.As shown in Figure 2, this proving installation also comprises:
Main proving installation, the main test procedure on it obtain testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, calls the local credible software stack test module on each proving installation simultaneously; Test result with each proving installation feedback stores in the database at last;
Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report.
Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.
Its whole course of work is:
(1) the main test procedure on the main proving installation obtains testing requirement from test call interface, upper strata, need to determine the credible software stack module of test;
(2) main test procedure Query Database obtains the corresponding test case of each tested module, and the local credible software stack test module that calls simultaneously on each proving installation is tested credible software stack;
(3) test result of at last each proving installation being fed back stores in the database.
As shown in Figure 3, main proving installation can utilize reflex mechanism to call local credible software stack test module on each proving installation, comprising:
1) main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case;
2) dynamically create the example of tested module;
3) load the tested module example at last, obtain the various attributes of tested module, call the method for testing of tested module.
As shown in Figure 4, main proving installation calls the local credible software stack test module on each proving installation, and the step that credible software stack is tested comprises:
A) test of beginning credible software stack;
B) begin to test a functional module in the credible software stack;
C) test according to one group of test case of this functional module correspondence, obtain one group of test result;
D) judge whether to be last group test case,, go to step e),, go to step c) if be "No" if be "Yes";
E) judge whether to be last credible software stack functional module,, go to step f),, go to step b) if be "No" if be "Yes".
F) finish the test of credible software stack.
Embodiment:
As shown in Figure 1, test device for credible software stack comprises:
ISP's proving installation, the ISP's management function that is used to test credible software stack;
The kernel service proving installation, the kernel service management function that is used to test credible software stack;
Device drives library test device, the TCG device drives library management function that is used to test credible software stack;
Main proving installation is used for obtaining testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, calls the local credible software stack test module on each proving installation simultaneously; Test result with each proving installation feedback stores in the database at last;
Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report;
Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.
ISP's proving installation specifically comprises again:
The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;
The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;
Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.
The kernel service proving installation specifically comprises again:
Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;
Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;
Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.
Device drives library test device specifically comprises again:
TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.
Its whole course of work is as shown in Figure 2:
1. the main test procedure on the main proving installation obtains testing requirement from test call interface, upper strata, need to determine the credible software stack module of test.
2. main test procedure Query Database obtains the corresponding test case of each tested module.As shown in Figure 3, the test case of a tested functional module of software stack comprises Test1, Test2 ..., Testi ..., Testn (1≤i≤n, i, n are natural number), and form successively testing process Test1, Test2 ..., Testi ... Testn.
3. main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case.As the method program collection of test case Testi correspondence comprise Testi () ....
4. the test of beginning credible software stack.
5. begin to test a functional module of credible software stack.
6. dynamically create the example of tested module.
7. load the tested module example, obtain the various attributes of tested module, call the method for testing of tested module.
8. test according to one group of test case of this functional module correspondence, obtain one group of test result.As shown in Figure 3, call the Test1 test earlier, just call Test2 test when carrying out step 8 next time, and the rest may be inferred.
9. judge whether to be last group test case,, go to step 10,, go to step 8 if be "No" if be "Yes";
10. judge whether to be last credible software stack functional module,, go to step 11,, go to step 5 if be "No" if be "Yes".
11. finish the test of credible software stack.
12. the test result of each proving installation feedback is stored in the database.
13. by apparatus for evaluating the test result in the database is analyzed, is obtained test report.
List of references
[1]Trusted?Computing?Group.TCG?Specification?Architecture?Overview?[EB/OL].[2007-04-08]https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf
[2]Trusted?Computing?Group.TCG?Software?Stack(TSS)Specifiction?[EB/OL].[2005-12-01].https://www.trustedcomputinggroup.org/specs/TSS
Claims (7)
1. test device for credible software stack is characterized in that comprising:
A kind of ISP's proving installation, the ISP's management function that is used to test credible software stack;
A kind of kernel service proving installation, the kernel service management function that is used to test credible software stack;
A kind of device drives library test device, the TCG device drives library management function that is used to test credible software stack.
2. test device for credible software stack as claimed in claim 1 is characterized in that ISP's proving installation comprises:
The integrity protection proving installation, whether be used to test credible software stack provides and is used for proving the local application of local completeness of platform and the interface function between the remote entity;
The authentic authentication proving installation, whether be used to test credible software stack provides the function performance of system identity authentication and the function performance of system platform Identity Management;
Whether the data protection proving installation, being used to test credible software stack provides the protection user function performance of sensitive data.
3. test device for credible software stack as claimed in claim 1 is characterized in that the kernel service proving installation comprises:
Key and certificate management proving installation, whether be used to test credible software stack provides the function interface function of creating key, loading key, and whether the authorization message and the certificate of the corresponding key that generates exist, and whether meet corresponding code requirement;
Confidence level measures trial assembly and puts, and is used to test the function performance whether credible software stack provides storage confidence level value, and whether metric charges to the platform configuration register of appointment, and whether platform can provide the platform configuration register value of appointment to the verifier;
Whether TPM resource management proving installation, being used to test credible software stack provides the function performance that the TPM resource is managed.
4. test device for credible software stack as claimed in claim 1 is characterized in that device drives library test device comprises:
TPM driving interface proving installation, whether be used to test credible software stack provides visit TPM the management function of driving interface for upper level applications.
5. as the described test device for credible software stack of arbitrary claim in the claim 1~4, it is characterized in that also comprising:
Main proving installation is used for obtaining testing requirement from test call interface, upper strata, need to determine the credible software stack module of test; Query Database obtains the corresponding test case of each tested module then, and the local credible software stack test module that calls simultaneously on each proving installation is tested credible software stack; Test result with each proving installation feedback stores in the database at last;
Apparatus for evaluating is used for the test result data of database is analyzed, and obtains test report;
Data library device is used to store the corresponding test case of each local credible software stack test module; Store the test result of each proving installation feedback.
6. test device for credible software stack as claimed in claim 5 is characterized in that main proving installation utilizes reflex mechanism to call local credible software stack test module on each proving installation, comprising:
1) main proving installation Query Database obtains the correlation attribute information of the test case of tested module correspondence, then the method program collection of packaging and testing use-case;
2) dynamically create the example of tested module;
3) load the tested module example at last, obtain the various attributes of tested module, call the method for testing of tested module.
7. test device for credible software stack as claimed in claim 5 is characterized in that main proving installation calls the local credible software stack test module on each proving installation, and the step that credible software stack is tested comprises:
A) test of beginning credible software stack;
B) begin to test a functional module in the credible software stack;
C) test according to one group of test case of this functional module correspondence, obtain one group of test result;
D) judge whether to be last group test case,, go to step f),, go to step c) if be "No" if be "Yes";
F) judge whether to be last credible software stack functional module,, go to step g),, go to step b) if be "No" if be "Yes".
G) finish the test of credible software stack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200810197669 CN101414279A (en) | 2008-11-18 | 2008-11-18 | Test device for credible software stack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200810197669 CN101414279A (en) | 2008-11-18 | 2008-11-18 | Test device for credible software stack |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101414279A true CN101414279A (en) | 2009-04-22 |
Family
ID=40594817
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200810197669 Pending CN101414279A (en) | 2008-11-18 | 2008-11-18 | Test device for credible software stack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101414279A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045355A (en) * | 2010-12-20 | 2011-05-04 | 西安西电捷通无线网络通信股份有限公司 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
CN102736975A (en) * | 2011-04-13 | 2012-10-17 | 国民技术股份有限公司 | Test method and test system for testing trusted computing password support platform |
CN102193862B (en) * | 2010-03-10 | 2016-12-14 | 微软技术许可有限责任公司 | User interface is tested in multiple execution environment |
CN110086760A (en) * | 2013-09-24 | 2019-08-02 | 微软技术许可有限责任公司 | Pass through the automated production of the authentication controls of transfer framework control |
-
2008
- 2008-11-18 CN CN 200810197669 patent/CN101414279A/en active Pending
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102193862A (en) * | 2010-03-10 | 2011-09-21 | 微软公司 | Testing user interfaces in multiple execution environments |
CN102193862B (en) * | 2010-03-10 | 2016-12-14 | 微软技术许可有限责任公司 | User interface is tested in multiple execution environment |
CN102045355A (en) * | 2010-12-20 | 2011-05-04 | 西安西电捷通无线网络通信股份有限公司 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
CN102045355B (en) * | 2010-12-20 | 2013-01-16 | 西安西电捷通无线网络通信股份有限公司 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
CN102736975A (en) * | 2011-04-13 | 2012-10-17 | 国民技术股份有限公司 | Test method and test system for testing trusted computing password support platform |
CN102736975B (en) * | 2011-04-13 | 2016-01-20 | 国民技术股份有限公司 | A kind of method of testing that trusted computing password support platform is tested and system |
CN110086760A (en) * | 2013-09-24 | 2019-08-02 | 微软技术许可有限责任公司 | Pass through the automated production of the authentication controls of transfer framework control |
CN110086760B (en) * | 2013-09-24 | 2021-10-22 | 微软技术许可有限责任公司 | Method, computing device and memory device for automated production of authentication controls |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Manadhata et al. | A formal model for a system’s attack surface | |
Vigano | Automated security protocol analysis with the AVISPA tool | |
Armando et al. | The AVISPA tool for the automated validation of internet security protocols and applications | |
US9118713B2 (en) | System and a method for automatically detecting security vulnerabilities in client-server applications | |
EP2643753B1 (en) | Method to measure software reuse and corresponding computer program product | |
US20040064806A1 (en) | Verifiable processes in a heterogeneous distributed computing environment | |
CN105335287B (en) | A kind of automated testing method and device | |
Philipps et al. | Model-based test case generation for smart cards | |
CN105022958B (en) | Vulnerability of application program determination method based on code library secure protocol in a kind of Android application | |
Stephanow et al. | Towards continuous security certification of software-as-a-service applications using web application testing techniques | |
CN101379504B (en) | Access control management method and system for composite application based on roles | |
Dawoud et al. | Bringing balance to the force: Dynamic analysis of the android application framework | |
Jing et al. | Model-based conformance testing for android | |
Muniz et al. | TCG-a model-based testing tool for functional and statistical testing | |
Guan et al. | A model-based testing technique for component-based real-time embedded systems | |
CN101414279A (en) | Test device for credible software stack | |
Emmi et al. | RAPID: checking API usage for the cloud in the cloud | |
CN109446053A (en) | Test method, computer readable storage medium and the terminal of application program | |
Laranjeiro et al. | A learning-based approach to secure web services from SQL/XPath Injection attacks | |
Frey et al. | MAMBA: A measurement architecture for model-based analysis | |
CN111126962A (en) | New energy grid-connected standard reporting system and method based on block chain | |
Kakarontzas et al. | Component certification as a prerequisite forwidespread oss reuse | |
Brada et al. | Repository and meta-data design for efficient component consistency verification | |
Barber et al. | Enabling iterative software architecture derivation using early non-functional property evaluation | |
Lukell et al. | Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20090422 |