Biblio

Trusted computing is one of the main development trend in information security. However, there are still two limitations in existing trusted computing model. One is that the measurement process of the existing trusted computing model can be bypassed. Another is it lacks of effective runtime detection methods to protect the system, even the measurement process itself. In this paper, we introduce an active trusted model which can solve those two problems. Our active trusted computing model is comprised of two components: normal computation world and isolated security world. All the security tasks of active trusted computing model are assigned to the isolated security world. In this model, the static trusted measurement measures BIOS and operating system at the start-up of the computer system; and the dynamic trusted measurement measures the code segment, the data segment, and other critical structures actively and periodically at runtime. We have implemented a prototype of the active trusted computing model and done preliminary evaluation. Our experimental results show that this prototype can perform trusted computing on-the-fly effectively with an acceptable performance overhead.