山东大学学报(理学版) ›› 2017, Vol. 52 ›› Issue (6): 69-75.doi: 10.6040/j.issn.1671-9352.2.2016.231
黄宇晴1,2,赵波1,2*,肖钰1,2,陶威1,2
HUANG Yu-qing1,2, ZHAO Bo1,2*, XIAO Yu1,2, TAO Wei1,2
摘要: 针对当前KVM平台上的带虚拟可信平台模块的vTPM虚拟机无法实现动态迁移的问题,提出并实现了一种基于KVM的vTPM虚拟机动态迁移方案。在分析KVM架构与vTPM虚拟化特征的基础上,将vTPM虚拟机的动态迁移与KVM上原生态普通虚拟机的动态迁移过程相融合,保证了迁移前后系统安全状态的一致性和迁移过程中vTPM实例数据的安全性。实验结果表明,与普通虚拟机的动态迁移相比,利用该方案实现了用户无感知的vTPM虚拟机动态迁移过程,在保证虚拟机迁移后vTPM设备可用性的基础上,迁移中平均停机时间不超过50 ms,性能损失仅为15%。
中图分类号:
[1] Trusted Computing Group. TPM main specification[EB/OL].[2015-03-10].http://www.trustedcomputinggroup.org/resources/tpm_main_specification. [2] BERGER S, CÁCERES R, GOLDMAN K A, et al. vTPM: Virtualizingthe trusted platform module[J]. Usenix Security, 2006, 15:305-320. [3] CLARK C, FRASER K, HAND S, et al. Live migration of virtual machines[C] // Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2. USENIX Association, 2005: 273-286. [4] MASTI R J. On the security of virtual machine migration and related topics[D]. ETH Zurich, 2010. [5] LIANG Xinlong, JIANG Rui, KONG Huafeng. Secure and reliable VM-vTPM migration in private cloud[C] // Instrumentation and Measurement, Sensor Network and Automation(IMSNA), 2013 2nd International Symposium on. IEEE, 2013: 510-514. [6] 于颖超, 刘了, 陈左宁. 一种安全VM-vTPM迁移协议的设计与实现[J]. 电子技术应用, 2012, 04:130-133. YU Yinchao, LIU Liao, CHEN Zuoning. Design of one secure VM-vTPM migration protocol and its realization based on Xen Hypervisor[J]. Application of Electronic Technique, 2012, 04:130-133. [7] 杨双. 一种改进的基于可信计算技术的虚拟机迁移方法[J]. 计算机与数字工程, 2013, 10:1650-1653. YANG Shuang. An improved virtual machine migration method based on trusted computing technology[J]. Computer & Digital Engineering, 2013, 10:1650-1653. [8] 刘明芳,李文锋,赵阳. 一种基于XEN平台的可信虚拟机迁移协议[J]. 计算机安全, 2013,03, pp:13-18. LIU Mingfang, LI Wenfeng, ZHAO Yang. An XEN platform based trusted virtual machine migration protocol[J]. Computer & Digital Engineering, 2013,10, pp:13-18. [9] BARHAN P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[C] // ACM SIGOPS Operating Systems Review. ACM, 2003, 37(5):164-177. [10] Xen Project community, Xen project[EB/OL].[2017-02-08]. https://wiki.xenproject.org/wiki/Main_Page. [11] DANEV B, MASTI R J, KARANE G O, et al. Enabling secure VM-vTPM migration in private clouds[C] //Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011: 187-196. [12] 黄婕. 云服务中虚拟机与虚拟可信平台模块数据迁移的研究[J]. 计算机应用与软件, 2014(7):328-333. HUANG Jie. On data migration from virtual machine to trusted virtual platform moudule in cloud service[J]. Computer Applications and Software, 2014(7):328-333. [13] 杨永娇,严飞,毛军鹏,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015, 02, pp:103-111. YANG Yongjiao, YAN Fei, MAO Junpeng, et al. Ng-vTPM: a next generation virtualized TPM architecture[J]. Journal of Wuhan University(Natural Science Edition), 2015, 02, pp:103-111. [14] THIBAULT S. Stub domains:A step towards dom0 disaggregation[J]. Xen Summit, 2008, http://blog.xen.org/index.php/2008/08/28/xen-33-feature-stub-domains/ [15] BELLARD F. QEMU, a fast and portable dynamic translator[C] // USENIX Annual Technical Conference, FREENIX Track. 2005: 41-46. [16] FAN Peiru, ZHAO Bo, SHI Yuan, et al. An improved vTPM-VM live migration protocol[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):512-520. [17] SHI Yuan, ZHAO Bo, YU Zhao, et al. A Security-Improved Scheme for Virtual TPM Based on KVM[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):505-511. |
[1] | 王小艳,陈兴蜀,王毅桐,葛龙. 基于OpenStack的云计算网络性能测量与分析[J]. 山东大学学报(理学版), 2018, 53(1): 30-37. |
[2] | 韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报(理学版), 2017, 52(9): 41-53. |
[3] | 赵丹丹,陈兴蜀,金鑫. KVM Hypervisor安全能力增强技术研究[J]. 山东大学学报(理学版), 2017, 52(3): 38-43. |
[4] | 陈广瑞,陈兴蜀,王毅桐,葛龙. 一种IaaS多租户环境下虚拟机软件更新服务机制[J]. 山东大学学报(理学版), 2017, 52(3): 60-67. |
[5] | 姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报(理学版), 2017, 52(11): 11-22. |
[6] | 岳猛,吴志军,姜军. 云计算中基于可用带宽欧氏距离的LDoS攻击检测方法[J]. 山东大学学报(理学版), 2016, 51(9): 92-100. |
[7] | 蔡红云, 田俊峰. 云计算中的数据隐私保护研究[J]. 山东大学学报(理学版), 2014, 49(09): 83-89. |
[8] | 罗海燕, 吕萍, 刘林忠, 杨洵. 云环境下基于模糊粗糙AHP的企业信任综合评估[J]. 山东大学学报(理学版), 2014, 49(08): 111-117. |
[9] | 刘洋,秦丰林,葛连升. 云计算测量研究综述[J]. J4, 2013, 48(11): 27-35. |
|