摘要
在多种信息系统中,将虚拟化技术与可信计算相结合的方式是一种保障系统安全的有效手段.然而,传统基于可信平台模块(TPM)的可信系统存在着系统信任基础不明确与数据迁移计算开销大的不足.本文应用便携式可信模块(PTM)信任模型,基于Xen虚拟化平台提出了一种客户端可信虚拟化平台方案——OASIS,设计并实现了OASIS平台结构、可信启动信任链建立方法及数据迁移机制.本方案具有灵活高效、以用户为中心的特点,使用PTM作为系统信任基础,为用户提供个人化可信计算环境,为用户在多平台间漫游的应用场景提供极大的便利性.原型系统测试结果表明,本方案具有可行性.
In information systems, the method that combines virtualization with trusted computing is effective for system security insurance. However, the trusted root of the system is unclear to the user in traditional trusted systems based on TPM, and the computational overhead of data mi- gration is extremely high. A client side trusted virtualization platform scheme, OASIS, based on the Xen hypervisor is proposed by applying the PTM trust model. We design and implement the platform architecture, the trust chain establishing method, and the data migration mechanism. The system is flexible, efficient, and user-centered. It provides personalized trusted computing environment by utilizing PTM as the root of trust in a system, and can be convenient in the see- narios that the user roams between devices. The experiment results of the prototype system indicate that the scheme of our Matform is feasible.
出处
《北京交通大学学报》
CAS
CSCD
北大核心
2013年第5期67-74,共8页
JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金
中央高校基本科研业务费专项资金资助(2011JBM228)
关键词
信息安全
可信计算
虚拟化
便携式可信模块
information security
trusted computing
virtualization
portable trusted module
