摘要
为保证可信虚拟机迁移的安全性,并减少迁移后在目的端密钥的重新生成,采用一种适于迁移的vTPM密钥层次,并在此基础上提出一种增加了双方身份和平台状态认证的可信虚拟机迁移协议。首先,引入中间层gSRK、SK实现对vSRK、vAIK的间接保护和签名,以此确保vTPM密钥在目的平台的重新使用;其次,在迁移前增加双方身份和平台状态认证,并使用D-H算法协商会话密钥,为双方建立一个可信的通信通道。最后,基于XEN平台利用协商好的会话密钥进行可信虚拟机的迁移。分析表明,该协议能够有效保证可信虚拟机迁移的安全性要求。
A suitable vTPM key hierarchy for migration was used to ensure the safety of the trusted virtual machine migration And to reduce the key reduction in the destination After migrAtion. Based on the vTPM key hierarchy ,proposed an improved trusted virtual machine migration protocol,which was Added with matual identity and platform state certification. Firstly,to ensure the vTPM key reused in the destination,a intermediate layer ,which was consists of gSR, K and SK ,was imported to realize the indirect protection And signature to vSR,K And vAIK. Secondly,added the mAtual identity and platform state certification before migration,And used the D-H algorithm to negotiate session key, establishing a trusted communication channel for both sides. Finally, realized the trusted virtual machine migration based on the XEN platform And the session Key. AnAlysis shows that, the protocol can effectively guArAntee the trusted virtual machine migration safety requirements.
出处
《计算机安全》
2013年第3期13-18,共6页
Network & Computer Security
关键词
可信虚拟机
迁移
身份认证
平台状态认证
trusted virtual machine
migrAtion
identity certification
platform state certification
