一种基于KVM的vTPM虚拟机动态迁移方案

doi:10.6040/j.issn.1671-9352.2.2016.231

山东大学学报（理学版） ›› 2017, Vol. 52 ›› Issue (6): 69-75.doi: 10.6040/j.issn.1671-9352.2.2016.231

一种基于KVM的vTPM虚拟机动态迁移方案

黄宇晴^1,2,赵波^1,2*,肖钰^1,2,陶威^1,2

1.武汉大学计算机学院, 湖北武汉 430072;2.武汉大学空天信息安全与可信计算教育部重点实验室, 湖北武汉 430072

收稿日期:2016-08-16 出版日期:2017-06-20 发布日期:2017-06-21
通讯作者: 赵波(1972— ),男,教授,研究方向为可信计算理论、嵌入式体系结构等. E-mail:zhaobo@whu.edu.cn E-mail:2508096655@qq.com
作者简介:黄宇晴(1988— ),男,硕士,研究方向为信息系统安全、云计算、虚拟化. E-mail:2508096655@qq.com
基金资助:
国家高技术研究发展计划项目(863计划)(2015AA016002);国家重点基础研究发展计划项目(973计划)(2014CB340600);江苏省自然科学基金青年基金(BK20130372)

A vTPM-VM live migration scheme based on KVM

HUANG Yu-qing^1,2, ZHAO Bo^1,2*, XIAO Yu^1,2, TAO Wei^1,2

1. Computer School, Wuhan University, Wuhan 430072, Hubei, China;
2. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China

Received:2016-08-16 Online:2017-06-20 Published:2017-06-21

摘要/Abstract

摘要： 针对当前KVM平台上的带虚拟可信平台模块的vTPM虚拟机无法实现动态迁移的问题,提出并实现了一种基于KVM的vTPM虚拟机动态迁移方案。在分析KVM架构与vTPM虚拟化特征的基础上,将vTPM虚拟机的动态迁移与KVM上原生态普通虚拟机的动态迁移过程相融合,保证了迁移前后系统安全状态的一致性和迁移过程中vTPM实例数据的安全性。实验结果表明,与普通虚拟机的动态迁移相比,利用该方案实现了用户无感知的vTPM虚拟机动态迁移过程,在保证虚拟机迁移后vTPM设备可用性的基础上,迁移中平均停机时间不超过50 ms,性能损失仅为15%。

关键词: 动态迁移, KVM, 云计算, vTPM

Abstract: The virtual machine equipped with virtual Trusted Platform Module(vTPM)could not live migrate in KVM platform. To solve this problem, a live migration scheme of virtual machine equipped vTPM based on KVM is proposed. It is analyzed that the KVM architecture and virtualization features of vTPM and integrated the live migration of virtual machines equipped vTPM with those native normal virtual machines in KVM, thus to ensure the consistency of security state in system before and after the migration and the safety of vTPM instance data during the migration process. Finally, the scheme and did the experiment is realized. The results showed that compared with the live migration of normal virtual machine, our method make the user be unaware of the migration process. Meanwhile, the average downtime of virtual machine equipped with vTPM during the migration process is no more than 50 ms and the performance loss is 15% and after the migration, the user could use the vTPM functions properly.

Key words: live migration, KVM, vTPM, cloud computing

中图分类号:

TP309

黄宇晴,赵波,肖钰,陶威. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报（理学版）, 2017, 52(6): 69-75.

HUANG Yu-qing, ZHAO Bo, XIAO Yu, TAO Wei. A vTPM-VM live migration scheme based on KVM[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 69-75.

参考文献

[1] Trusted Computing Group. TPM main specification[EB/OL].[2015-03-10].http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
[2] BERGER S, CÁCERES R, GOLDMAN K A, et al. vTPM: Virtualizingthe trusted platform module[J]. Usenix Security, 2006, 15:305-320.
[3] CLARK C, FRASER K, HAND S, et al. Live migration of virtual machines[C] // Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2. USENIX Association, 2005: 273-286.
[4] MASTI R J. On the security of virtual machine migration and related topics[D]. ETH Zurich, 2010.
[5] LIANG Xinlong, JIANG Rui, KONG Huafeng. Secure and reliable VM-vTPM migration in private cloud[C] // Instrumentation and Measurement, Sensor Network and Automation(IMSNA), 2013 2nd International Symposium on. IEEE, 2013: 510-514.
[6] 于颖超, 刘了, 陈左宁. 一种安全VM-vTPM迁移协议的设计与实现[J]. 电子技术应用, 2012, 04:130-133. YU Yinchao, LIU Liao, CHEN Zuoning. Design of one secure VM-vTPM migration protocol and its realization based on Xen Hypervisor[J]. Application of Electronic Technique, 2012, 04:130-133.
[7] 杨双. 一种改进的基于可信计算技术的虚拟机迁移方法[J]. 计算机与数字工程, 2013, 10:1650-1653. YANG Shuang. An improved virtual machine migration method based on trusted computing technology[J]. Computer & Digital Engineering, 2013, 10:1650-1653.
[8] 刘明芳,李文锋,赵阳. 一种基于XEN平台的可信虚拟机迁移协议[J]. 计算机安全, 2013,03, pp:13-18. LIU Mingfang, LI Wenfeng, ZHAO Yang. An XEN platform based trusted virtual machine migration protocol[J]. Computer & Digital Engineering, 2013,10, pp:13-18.
[9] BARHAN P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[C] // ACM SIGOPS Operating Systems Review. ACM, 2003, 37(5):164-177.
[10] Xen Project community, Xen project[EB/OL].[2017-02-08]. https://wiki.xenproject.org/wiki/Main_Page.
[11] DANEV B, MASTI R J, KARANE G O, et al. Enabling secure VM-vTPM migration in private clouds[C] //Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011: 187-196.
[12] 黄婕. 云服务中虚拟机与虚拟可信平台模块数据迁移的研究[J]. 计算机应用与软件, 2014(7):328-333. HUANG Jie. On data migration from virtual machine to trusted virtual platform moudule in cloud service[J]. Computer Applications and Software, 2014(7):328-333.
[13] 杨永娇,严飞,毛军鹏,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015, 02, pp:103-111. YANG Yongjiao, YAN Fei, MAO Junpeng, et al. Ng-vTPM: a next generation virtualized TPM architecture[J]. Journal of Wuhan University(Natural Science Edition), 2015, 02, pp:103-111.
[14] THIBAULT S. Stub domains:A step towards dom0 disaggregation[J]. Xen Summit, 2008, http://blog.xen.org/index.php/2008/08/28/xen-33-feature-stub-domains/
[15] BELLARD F. QEMU, a fast and portable dynamic translator[C] // USENIX Annual Technical Conference, FREENIX Track. 2005: 41-46.
[16] FAN Peiru, ZHAO Bo, SHI Yuan, et al. An improved vTPM-VM live migration protocol[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):512-520.
[17] SHI Yuan, ZHAO Bo, YU Zhao, et al. A Security-Improved Scheme for Virtual TPM Based on KVM[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):505-511.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

一种基于KVM的vTPM虚拟机动态迁移方案

A vTPM-VM live migration scheme based on KVM

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 9

多维度评价

本文评价

推荐阅读 0

[1]	王小艳,陈兴蜀,王毅桐,葛龙. 基于OpenStack的云计算网络性能测量与分析[J]. 山东大学学报（理学版）, 2018, 53(1): 30-37.
[2]	韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报（理学版）, 2017, 52(9): 41-53.
[3]	赵丹丹,陈兴蜀,金鑫. KVM Hypervisor安全能力增强技术研究[J]. 山东大学学报（理学版）, 2017, 52(3): 38-43.
[4]	陈广瑞,陈兴蜀,王毅桐,葛龙. 一种IaaS多租户环境下虚拟机软件更新服务机制[J]. 山东大学学报（理学版）, 2017, 52(3): 60-67.
[5]	姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报（理学版）, 2017, 52(11): 11-22.
[6]	岳猛,吴志军,姜军. 云计算中基于可用带宽欧氏距离的LDoS攻击检测方法[J]. 山东大学学报（理学版）, 2016, 51(9): 92-100.
[7]	蔡红云, 田俊峰. 云计算中的数据隐私保护研究[J]. 山东大学学报（理学版）, 2014, 49(09): 83-89.
[8]	罗海燕, 吕萍, 刘林忠, 杨洵. 云环境下基于模糊粗糙AHP的企业信任综合评估[J]. 山东大学学报（理学版）, 2014, 49(08): 111-117.
[9]	刘洋，秦丰林，葛连升. 云计算测量研究综述[J]. J4, 2013, 48(11): 27-35.