摘要
虚拟机的信任问题是虚拟机安全的关键问题之一,可信密码模块作为计算机信任的源头,其在虚拟机上的应用也引起了越来越多的关注。提出了虚拟可信密码模块(virtual trusted cryptography module, vTCM)方案,该方案将现有可信密码模块(trusted cryptography module, TCM)方案扩展为可切换vTCM场景的vTCM物理环境来支持少量物理vTCM场景,通过vTCM场景的虚拟化调度,从而支持多个虚拟机的TCM访问,为每个虚拟机分配一个绑定的vTCM实例,并使这些实例可以轮流在物理vTCM场景中运行,以使vTCM的安全性分析可以借助TCM结论,增强vTCM的安全性。这一方案在vTCM的管理,包括vTCM迁移等操作上,也体现出了其优势。给出了该方案在KVM虚拟化平台下的实现方法,实现结果表明,该方案不但可行,并且对现有的虚拟机机制有良好的兼容性。
The trust of virtual machine is one of the key issues of virtual machine security. As the source of computer trust, the application of trust cryptography module(TCM) in virtual machine gets more and more attention. A virtual trust cryptography module scheme is presented, which designs a physical vTCM(virtual trusted cryptography module) running environment which can be implemented by expand current TCM(trusted cryptography module) scheme to several switchable vTCM scene, and schedule these vTCM scene to support the TCM access of virtual machines, assign a bound vTCM instance to each virtual machine, and all vTCM instances would run in vTCM scene in turn. The scheme can enhance the trust of vTCM, make management and migration of vTCM more easier. The scheme is implemented in KVM virtualization platform, it shows a good compatibility with existing systems.
作者
胡俊
刁子朋
HU Jun;DIAO Zi-peng(Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China)
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2019年第7期77-88,共12页
Journal of Shandong University(Natural Science)
基金
国家自然科学基金资助项目(61501007)
关键词
可信密码模块
虚拟机可信
可信迁移
KVM
trusted cryptography module
virtual machine trusting
trust migration
KVM
