远程验证执行中的应用程序 [英] Remotely Verifying the Application in execution
问题描述
是否可以向远程方证明我在系统中运行的应用程序与我声称使用DRTM或SRTM运行的应用程序相同?如果是,那么如何?
Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How?
推荐答案
从理论上讲:是.这个概念称为远程证明.
Theoretically: yes. The concept is called remote attestation.
基本思想是:首先,您在平台上建立了良好的信任链,例如:
The basic idea is: First you have a sound chain of trust built on your platform, like:
BIOS ==> Boot loader ==> OS ==> Applications
结果测量结果存储在PCR中.
The resulting measurements are stored in the PCRs.
现在,您可以让TPM对这组PCR进行签名,这称为quote.
Now you can let the TPM sign this set of PCRs, that's called quote.
您可以将此报价提交给远程实体.问题从这里开始:
You can submit this quote to a remote entity. Here the problems start:
-
如何证明报价是由硬件TPM而不是仿真器签名的?
How can you proof that the quote was signed by a hardware TPM and not an emulator?
可能的解决方案:预共享密钥或某种CA.
Possible solutions: pre-shared keys or some kind of CA.
如何确定PCR值代表受信任的系统状态?
How can you be sure that the PCR values represent a trusted system state?
那不是那么容易.如果您有SRTM,则必须考虑以下所有可能的组合: 系统如何加载组件.例如.在BIOS阶段,按什么顺序 Option-ROM已加载?
That's not so easy. If you have SRTM, you have to consider every possible combination of how your system load the components. E.g. in BIOS-phase, in which order are the option-ROMs loaded?
这里有DRTM来进行救援,但这使此事稍微容易些.使用DRTM 您可以忘记所有DRTM之前的内容.如果您的信任环境很小, 例如 闪烁 可管理的一组受信任的配置. 如果您拥有功能齐全的操作系统,那将很难.
Here DRTM comes for the rescue, but it makes the matter just slightly easier. With DRTM you can forget about all the pre-DRTM stuff. If you have a small trusted environment, say like flicker, then you'll have a manageable set of trusted configurations. If you have a full-featured OS, than it's hard.
首先,您必须找到一个可以测量所有内容的操作系统.针对Linux的IBM IMA 内核就是一个例子.
First, you have to find an OS that measures everything. IBM's IMA for the Linux kernel is one example.
然后,加载组件的顺序上的最细微差异将导致 不同的PCR值.此外,考虑所有状态组合 可能会安装不同的已安装软件包.
Then, the slightest difference in the order of loaded components will lead to different PCR values. Furthermore consider all the combinations of states the different installed software packages might be in.
可能的解决方案是限制代表一个PCR值的一组可能的PCR值. 有效的配置.例如,您可以测量整个操作系统映像,而不是每个 二进制的.例如,几年前发布的 acTvSM平台.
Possible solutions are to restrict the possible set of PCR values that represent a valid configuration. For example you can measure a whole OS image instead of each binary. An example is the acTvSM platform published a few years ago.
结论:没有简单的现成解决方案,但是您可以设计一个满足您要求的系统.
这篇关于远程验证执行中的应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
