Open Access iconOpen Access

ARTICLE

crossmark

PIMS: An Efficient Process Integrity Monitoring System Based on Blockchain and Trusted Computing in Cloud-Native Context

Miaomiao Yang1,2, Guosheng Huang1,2, Junwei Liu3, Yanshuang Gui1,2, Qixu Wang1,2,*, Xingshu Chen1,2

1 Cyber Science Research Institute of Sichuan University, Chengdu, 610207, China
2 Cyber Science and Engineering of Sichuan University, Chengdu, 610207, China
3 China Mobile (Suzhou) Software Technology, China Mobile, Suzhou, 215163, China

* Corresponding Author: Qixu Wang. Email: email

(This article belongs to this Special Issue: Emerging Trends on Blockchain: Architecture and Dapp Ecosystem)

Computer Modeling in Engineering & Sciences 2023, 136(2), 1879-1898. https://doi.org/10.32604/cmes.2023.026371

Abstract

With the advantages of lightweight and high resource utilization, cloud-native technology with containers as the core is gradually becoming the mainstream technical architecture for information infrastructure. However, malware attacks such as Doki and Symbiote threaten the container runtime’s security. Malware initiates various types of runtime anomalies based on process form (e.g., modifying the process of a container, and opening the external ports). Fortunately, dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime. Nevertheless, the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions. As a result, the existing dynamic monitoring mechanism is still not practical enough. To ensure the trustworthiness of the baseline value data and, simultaneously, to achieve the integrity verification of the monitored process, we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS. Firstly, the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature. Then, design a new format for storing measurement logs, easily distinguishing files with the same name in different containers from log information. Meanwhile, the baseline value data is stored on the blockchain to avoid malicious damage. Finally, trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container, detect abnormal containers in time and control them. We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS. Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.

Keywords


Cite This Article

Yang, M., Huang, G., Liu, J., Gui, Y., Wang, Q. et al. (2023). PIMS: An Efficient Process Integrity Monitoring System Based on Blockchain and Trusted Computing in Cloud-Native Context. CMES-Computer Modeling in Engineering & Sciences, 136(2), 1879–1898.



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 872

    View

  • 443

    Download

  • 0

    Like

Share Link