摘要
分析IBM的vTPM方案缺乏对可信虚拟平台底层环境隐私保护的问题,提出一种具有平台底层隐私保护的底层环境验证方案。改变IBM方案中的物理PCR与vPCR映射关系、远程证明方案,防止上层虚拟机获取底层配置信息;提出可信虚拟平台下的二级远程证明方案;设计可信验证模块,建立底层平台环境完整性、安全策略的静态和动态验证机制。实验结果表明,该方案能够在平台底层隐私保护前提下为用户进行平台底层环境验证,建立用户对底层平台的信任关系。
IBM’s vTPM solution lacks the privacy protection of the underlying environment of the trusted virtual platform, so an underlying environment verification scheme to the underlying platform privacy protection is proposed. We changed the mapping relationship between physical PCR and vPCR and remote attestation scheme in IBM solution, to prevent upper-layer virtual machine from getting the underlying configuration information. We proposed the second-level remote attestation scheme on trusted virtual platform and designed trusted verification module to establish the static and dynamic verification mechanism for the environmental integrity of the underlying platform and security policy. The experimental results show that this scheme can verify the underlying environment of the platform under the premise of protecting the underlying privacy of the platform and establish the trust relationship between users and the underlying platform.
作者
孙浩男
鹤荣育
郭丽
Sun Haonan1,He Rongyu1,Guo Li2(1.PLA Information Engineering University, Zhengzhou 450001, Henan,China;2.Henan Province Industrial Technology School, Zhengzhou 450001, Henan, Chin)
出处
《计算机应用与软件》
北大核心
2018年第8期307-313,328,共8页
Computer Applications and Software
基金
国家自然科学基金项目(61572517)
关键词
隐私保护
二级远程证明
可信验证模块
信任传递
Privacy protection
Second-level remote attestation
Trusted verification module
Trust transfer
