您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

《山东大学学报(理学版)》 ›› 2019, Vol. 54 ›› Issue (7): 77-88.doi: 10.6040/j.issn.1671-9352.2.2018.211

•   • 上一篇    下一篇

vTCM:一种基于物理可信计算环境虚拟化的虚拟可信密码模块

胡俊(),刁子朋   

  1. 北京工业大学信息学部计算机学院, 北京 100124
  • 收稿日期:2018-09-20 出版日期:2019-07-20 发布日期:2019-06-27
  • 作者简介:胡俊(1972—),男,博士,讲师,研究方向为可信计算、云安全和安全操作系统. E-mail:algorist@bjut.edu.cn
  • 基金资助:
    国家自然科学基金资助项目(61501007)

vTCM: a virtualized trusted cryptography module based on the virtualization of physical trusted computing environment

Jun HU(),Zi-peng DIAO   

  1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
  • Received:2018-09-20 Online:2019-07-20 Published:2019-06-27
  • Supported by:
    国家自然科学基金资助项目(61501007)

摘要:

虚拟机的信任问题是虚拟机安全的关键问题之一,可信密码模块作为计算机信任的源头,其在虚拟机上的应用也引起了越来越多的关注。提出了虚拟可信密码模块(virtual trusted cryptography module, vTCM)方案,该方案将现有可信密码模块(trusted cryptography module, TCM)方案扩展为可切换vTCM场景的vTCM物理环境来支持少量物理vTCM场景,通过vTCM场景的虚拟化调度,从而支持多个虚拟机的TCM访问,为每个虚拟机分配一个绑定的vTCM实例,并使这些实例可以轮流在物理vTCM场景中运行,以使vTCM的安全性分析可以借助TCM结论,增强vTCM的安全性。这一方案在vTCM的管理,包括vTCM迁移等操作上,也体现出了其优势。给出了该方案在KVM虚拟化平台下的实现方法,实现结果表明,该方案不但可行,并且对现有的虚拟机机制有良好的兼容性。

关键词: 可信密码模块, 虚拟机可信, 可信迁移, KVM

Abstract:

The trust of virtual machine is one of the key issues of virtual machine security. As the source of computer trust, the application of trust cryptography module(TCM) in virtual machine gets more and more attention. A virtual trust cryptography module scheme is presented, which designs a physical vTCM(virtual trusted cryptography module) running environment which can be implemented by expand current TCM(trusted cryptography module) scheme to several switchable vTCM scene, and schedule these vTCM scene to support the TCM access of virtual machines, assign a bound vTCM instance to each virtual machine, and all vTCM instances would run in vTCM scene in turn. The scheme can enhance the trust of vTCM, make management and migration of vTCM more easier. The scheme is implemented in KVM virtualization platform, it shows a good compatibility with existing systems.

Key words: trusted cryptography module, virtual machine trusting, trust migration, KVM

中图分类号: 

  • TP309

图1

vTCM方案整体架构"

图2

vTCM物理环境结构图"

图3

vTCM命令与返回数据格式"

图4

vTCM管理命令格式"

图5

vTCM通道-vTCM虚拟化调度模块传输数据格式"

图6

vTCM虚拟化调度结构图"

图7

vTCM虚拟化调度模块结构图"

图8

vTCM创建机制流程图"

图9

vTCM启动度量机制流程图"

图10

vTCM虚拟可信根迁移机制"

表1

vTCM管理命令设置"

命令码名称命令码取值命令码功能
VTCM_INIT0x01初始化一个vTCM示例
VTCM_STOP0x02停止一个vTCM实例
VTCM_CLEAN0x03清除一个vTCM实例,并输出vTCM清除的校验信息。
VTCM_STARTUP0x04启动特定vTCM实例
VTCM_KEYSET0x05为特定vTCM实例设置上下文密钥
VTCM_KEYUPDATE0x06更新特定vTCM实例的上下文密钥
VTCM_KEYEXPORT0x07导出vTCM实例的上下文密钥
VTCM_KEYIMPORT0x08导入vTCM实例的上下文密钥
VTCM_EXPORT0x09导出vTCM实例上下文
VTCM_IMPORT0x0a导入vTCM实例上下文
VTCM_MIG_READY0x10在移植目标机上执行,准备vTCM实例移植,生成一个移植封装密钥
VTCM_MIG_EXPORTKEY0x11在移植源机器上执行,输入移植封装密钥,输出封装的上下文密钥
VTCM_MIG_IMPORTKEY0x12  在移植目标机上执行,输入封装的上下文密钥,返回解封成功/失败消息,如解封成功,移植目标机将可以直接导入vTCM上下文,但需待激活后才可以使用
VTCM_MIG_CLEAN0x13  在移植源机器上完成VTCM_MIG_EXPORTKEY命令后执行,输出vTCM本地清除的校验信息
VTCM_MIG_ACTIVE0x14  在移植目标机导入vTCM上下文后使用,输入移植源机器vTCM本地清除后的校验信息,输出激活结果。如校验信息验证通过则激活成功,此时vTCM可以正常使用。这一机制是为了确保同一时刻只有一个vTCM实例存在。
1 国家密码管理局.GM/T 0012—2012可信计算-可信密码模块接口规范[S].北京:中国标准出版社, 2012: 11.
State Cryptography Administration.GM/T 0012—2012, Trusted computing.Interface specification of trusted cryptography module[S]. Beijing: Standards Press of China, 2012: 11.
2 沈昌祥, 公备. 基于国产密码体系的可信计算体系框架[J]. 密码学报, 2015, 2 (5): 381- 389.
SHEN Changxiang , GONG Bei . The innovation of trusted computing based on the domestic cryptography[J]. Journal of Cryptologic Research, 2015, 2 (5): 381- 389.
3 国家密码管理局.GM/T 0013—2012,可信计算-可信密码模块接口符合性测试规范[S].北京:中国标准出版社, 2012: 11.
State Cryptography Administration.GM/T 0013—2012, Trusted computing.Trusted cryptography module interface compliance[S]. Beijing: Standards Press of China, 2012: 11.
4 Trusted Computing Group. TCG PC client specific implementation specification for conventional BIOS[EB/OL]. (2005-07-13[2018-10-10]. https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Implementation-for-BIOS.pdf
5 WAN X, XIAO Z T, REN Y. Trusted virtual private datacenter: a model toward secure IaaS cloud[C]// 2012 Fourth International Conference on Multimedia Information Networking and Security. Nanjing: IEEE, 2012: 55-58.
6 WANG Chunlu , LIU Chuanyi , LIU Bin , et al. DIV: dynamic integrity validation framework for detecting compromises on virtual machine based cloud services in real time[J]. China Communications, 2014, 11 (8): 15- 27.
doi: 10.1109/CC.2014.6911084
7 SUN Y Z , FANG H F , SONG Y , et al. TRainbow: a new trusted virtual machine based platform[J]. Frontiers of Computer Science in China, 2010, 4 (1): 47- 64.
doi: 10.1007/s11704-009-0076-5
8 YU Z L , ZHANG W P , DAI H J . A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority[J]. Journal of Signal Processing Systems, 2017, 86 (2/3): 327- 336.
9 SINGH J , PASQUIER T , BACON J , et al. Twenty security considerations for cloud-supported internet of things[J]. IEEE Internet of Things Journal, 2016, 3 (3): 269- 284.
doi: 10.1109/JIOT.2015.2460333
10 BERGER S, GOLDMAN K A, PEREZ R, et al. vTPM: virtualizing the trusted platform module[C]// Conference on Usenix Security Symposium. California: USENIX Association, 2006.
11 STUMPF F, ECKERT C. Enhancing trusted platform modules with hardware-based virtualization techniques[C]// 2008 Second International Conference on Emerging Security Information, Systems and Technologies. Cap Esterel: IEEE, 2008: 1-9.
12 CHEN C, RAJ H, SAROIU S, et al. cTPM: a cloud TPM for cross-device trusted applications[C]// NSDI′14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation. California: USENIX Association, 2014: 187-201.
13 Trusted Computing Group. Virtualized platform architecture specification[EB/OL]. (2011-9-27)[2018-10-12] https://trustedcomputinggroup.org/virtualized-trusted-platform-architecture-specification/.
14 DANEV B. Enabling secure VM-vTPM migration in private clouds[C]// Twenty-seventh Computer Security Applications Conference. Florida: DBLP, 2011.
15 HONG Z , WANG J , ZHANG H G . A trusted VM-vTPM live migration protocol in clouds[J]. Proceedings of International Workshop on Cloud Computing & Information Security, 2013, 52 (1391): 299- 302.
[1] 黄宇晴,赵波,肖钰,陶威. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报(理学版), 2017, 52(6): 69-75.
[2] 赵丹丹,陈兴蜀,金鑫. KVM Hypervisor安全能力增强技术研究[J]. 山东大学学报(理学版), 2017, 52(3): 38-43.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 孙小婷1,靳岚2*. DOSY在寡糖混合物分析中的应用[J]. J4, 2013, 48(1): 43 -45 .
[2] 冒爱琴1, 2, 杨明君2, 3, 俞海云2, 张品1, 潘仁明1*. 五氟乙烷灭火剂高温热解机理研究[J]. J4, 2013, 48(1): 51 -55 .
[3] 任敏1,2,张光辉1. 右半直线上依分布收敛独立随机环境中随机游动的吸收概率[J]. J4, 2013, 48(1): 93 -99 .
[4] 赵君1,赵晶2,樊廷俊1*,袁文鹏1,3,张铮1,丛日山1. 水溶性海星皂苷的分离纯化及其抗肿瘤活性研究[J]. J4, 2013, 48(1): 30 -35 .
[5] 杨永伟1,2,贺鹏飞2,李毅君2,3. BL-代数的严格滤子[J]. 山东大学学报(理学版), 2014, 49(03): 63 -67 .
[6] 李敏1,2,李歧强1. 不确定奇异时滞系统的观测器型滑模控制器[J]. 山东大学学报(理学版), 2014, 49(03): 37 -42 .
[7] 唐风琴1,白建明2. 一类带有广义负上限相依索赔额的风险过程大偏差[J]. J4, 2013, 48(1): 100 -106 .
[8] 邱桃荣,王璐,熊树洁,白小明. 一种基于粒计算的知识隐藏方法[J]. J4, 2010, 45(7): 60 -64 .
[9] 薛秋芳1,2,高兴宝1*,刘晓光1. H-矩阵基于外推GaussSeidel迭代法的几个等价条件[J]. J4, 2013, 48(4): 65 -71 .
[10] 史爱玲1,马明2*,郑莹2. 齐次泊松响应的客户寿命值及性质[J]. 山东大学学报(理学版), 2014, 49(03): 96 -100 .