Abstract: In order to increase efficiency of the integrity measurement and prevent some malicious code to continue to run by means of executable redirection when the process is created which can break the integrity of the system， this paper puts forward the parallel and active defense model of trust transfer on Windows using the virtualization technology， white list and Hook technique which can reduce the overhead time of the integrity measurement and prevent the malicious code to run. At the same time， formal verification is given to the presented model which shows the new model can meet the requirement of the trust transfer.

Key words: virtualization technology, white list, Hook technique, parallel and active defense model of trust transfer on Windows, formal verification