Research on theory and key technology of trusted computing platform security testing and evaluation

Trusted computing has become a new trend in the area of international information security, and the products of trusted computing platform begin to be used in application. Users will not use the products of information security, unless it goes through the testing and evaluation. Here we concentrate on the testing and evaluation problem of trusted computing platform, begin with constructing proper formalization model of trusted computing platform for testing, and establish a mathematical chain of trust model based on SPA. Moreover, we give a verification method of composite characteristics and find the potential factors threatening the trusted system in the process of remote attestation through analysis. For trusted software stack, we study the problem of automatic generation of test case and propose an improved method of generating the random test case, to raise the quality of test case. Finally, we give a prototype system of trusted computing platform and the actual test data related. The result demonstrates that there exist some flaws in the architecture of the present TCG computing platform. At the same time, some flaws are found in the products of existing trusted computing platform, thus a basis is laid for the improvement and development of trusted platform technology and its products.