期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

虚拟可信平台层次化安全体系结构设计 被引量:3

Hierarchal Security Architecture of Virtualized Trusted Platform
下载PDF
导出
摘要 针对虚拟化技术给计算平台带来的一些新的安全问题,提出一种以虚拟机应用安全为核心的虚拟可信计算平台安全体系结构,为计算平台建立一种层次化的可信计算基(TCB):由硬件信任根TPM/TCM支持、可信虚拟机监控器(TVMM)以及安全管理器(SM)由底至上3个层次共同组成.基于开源XEN,设计了一种可保证虚拟机(VM s)及其应用安全的虚拟可信平台实例,它支持远程证实、信息流控制、安全迁移和私密性保护等安全机制.分析结果表明,实例系统可灵活支持其上虚拟机应用实现不同安全目标. In view of some new security issues in the computing platform with virtualization technology, this paper proposes the application of the security-oriented virtualized trusted platform (VTP) architecture, whose trusted computing base (TCB) is hierarehal and self-contained with three layer-by-layer facilities from the trust root-hardware TPM/TCM, trusted virtual machine monitor (TVMM) to security manager(SM). Based on opensource project-XEN, it gives a sample design of the virtualized trusted platform for the virtual machine and its application's security with such mechanisms as remote attestation, information flow control, secure migration and privacy protection. Scenario analysis shows that the sample VTP can support different security goals of its applications flexibly.
作者 沈晴霓 杜虹 卿斯汉
机构地区 北京大学软件与微电子学院 北京大学软件研究所信息安全研究室 北京大学高可信软件技术教育部实验室 国家保密科学技术研究所 中国科学院软件研究所
出处 《北京工业大学学报》 EI CAS CSCD 北大核心 2010年第5期605-610,共6页 Journal of Beijing University of Technology
基金 国家自然科学基金项目(60873238 60970135) 国家科技支撑计划项目(2008BAH33B02)
关键词 虚拟化 可信计算 安全体系结构 虚拟机监控器 virtualization trusted computing security architecture virtual machine monitor
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1Trusted Computing Group. TPM Main Specification Level 2 Version 1.2, Revision 103 [ EB/OL]. (2007-07-09) [ 2007-07- 09]. http:///www, trustedcomputinggroup, org/resources/tpm_main_specification.
  • 2中国国家密码管理局.可信计算密码支撑平台功能与接口与规范[EB/OL].(2007-12-29)[2007-12-29].http:∥www.oscca.gov.cn/Doc/6/News_1132.htm.
  • 3STUMPF F, BENZ M, HERMANOWSKI M, et al. An approach to a trustworthy system architecture using virtualization[ C]// Proc. of the 4th International conference on Autonomic and Trusted Computing. Heidelberg: Springer-Verlag, 2007: 191-202.
  • 4GARFINKEL T, PFAFF B, CHOW J, et al. Terra: a virtual machine-based platform for trusted computing[ C ] ,//Proc. of 19th ACM Symposium on Operating Systems Principles, SOSP 2003. New York, NY: ACM Press, 2003: 193-206.
  • 5SAILER R, JAEGER T, VALDEZ E, et al. Building a MAC-based security architecture for the XEN open-source hypervisor [ C]//Proc. of the 21st Annual Computer Security Applications Conference. Washington, DC: IEEE Computer Society, 2005 : 276-285.
  • 6KUHLMANN D, LANDFERMANN R, RAMASAMY H, et al. An open trusted computing architecture-secure virtual machines enabling user-defined policy enforcement [ EB/OL]. Washington, DC: IBM Research Division, (2006-06-28) [ 2006-08- 21 ]. http: // domino, watson, ibm. com/library/cyberdig, nsf/papers/7024C307EAODFAEE852571DOO03B10F3/S File/ rz3655, pdf.
  • 7GARFINKEL T, MENDEL R. When virtual is harder than real: Security challenges in virtual machine based computing environments[ C]//Proc. of the 10th Workshop on Hot Topics in Operating Systems. Berkeley, CA: USENIX Association, 2005 : 210-217.
  • 8SAILER R, ZHANG X, JAEGER T, et al. Design and implementation of a TCG-based integrity measurement architecture[ C] /// Proc. of the 13th USENIX Security Symposium. Berkeley, CA: USENIX Association, 2004: 223-238.
  • 9MURRAY D, MILOS G, HAND S. Improving XEN security through disaggregation[ C]//Proc. of the 4th ACM SIGPLAN/ SIGOPS International Conference on Virtual Execution Environments. New York, NY: ACM press, 2008: 151-160.

共引文献1

同被引文献12

引证文献3

二级引证文献5

北京工业大学学报
2010年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部