摘要
针对虚拟化技术给计算平台带来的一些新的安全问题,提出一种以虚拟机应用安全为核心的虚拟可信计算平台安全体系结构,为计算平台建立一种层次化的可信计算基(TCB):由硬件信任根TPM/TCM支持、可信虚拟机监控器(TVMM)以及安全管理器(SM)由底至上3个层次共同组成.基于开源XEN,设计了一种可保证虚拟机(VM s)及其应用安全的虚拟可信平台实例,它支持远程证实、信息流控制、安全迁移和私密性保护等安全机制.分析结果表明,实例系统可灵活支持其上虚拟机应用实现不同安全目标.
In view of some new security issues in the computing platform with virtualization technology, this paper proposes the application of the security-oriented virtualized trusted platform (VTP) architecture, whose trusted computing base (TCB) is hierarehal and self-contained with three layer-by-layer facilities from the trust root-hardware TPM/TCM, trusted virtual machine monitor (TVMM) to security manager(SM). Based on opensource project-XEN, it gives a sample design of the virtualized trusted platform for the virtual machine and its application's security with such mechanisms as remote attestation, information flow control, secure migration and privacy protection. Scenario analysis shows that the sample VTP can support different security goals of its applications flexibly.
出处
《北京工业大学学报》
EI
CAS
CSCD
北大核心
2010年第5期605-610,共6页
Journal of Beijing University of Technology
基金
国家自然科学基金项目(60873238
60970135)
国家科技支撑计划项目(2008BAH33B02)
关键词
虚拟化
可信计算
安全体系结构
虚拟机监控器
virtualization
trusted computing
security architecture
virtual machine monitor