vTCM:一种基于物理可信计算环境虚拟化的虚拟可信密码模块

doi:10.6040/j.issn.1671-9352.2.2018.211

摘要/Abstract

摘要：

虚拟机的信任问题是虚拟机安全的关键问题之一,可信密码模块作为计算机信任的源头,其在虚拟机上的应用也引起了越来越多的关注。提出了虚拟可信密码模块(virtual trusted cryptography module, vTCM)方案,该方案将现有可信密码模块(trusted cryptography module, TCM)方案扩展为可切换vTCM场景的vTCM物理环境来支持少量物理vTCM场景,通过vTCM场景的虚拟化调度,从而支持多个虚拟机的TCM访问,为每个虚拟机分配一个绑定的vTCM实例,并使这些实例可以轮流在物理vTCM场景中运行,以使vTCM的安全性分析可以借助TCM结论,增强vTCM的安全性。这一方案在vTCM的管理,包括vTCM迁移等操作上,也体现出了其优势。给出了该方案在KVM虚拟化平台下的实现方法,实现结果表明,该方案不但可行,并且对现有的虚拟机机制有良好的兼容性。

关键词: 可信密码模块, 虚拟机可信, 可信迁移, KVM

Abstract:

The trust of virtual machine is one of the key issues of virtual machine security. As the source of computer trust, the application of trust cryptography module(TCM) in virtual machine gets more and more attention. A virtual trust cryptography module scheme is presented, which designs a physical vTCM(virtual trusted cryptography module) running environment which can be implemented by expand current TCM(trusted cryptography module) scheme to several switchable vTCM scene, and schedule these vTCM scene to support the TCM access of virtual machines, assign a bound vTCM instance to each virtual machine, and all vTCM instances would run in vTCM scene in turn. The scheme can enhance the trust of vTCM, make management and migration of vTCM more easier. The scheme is implemented in KVM virtualization platform, it shows a good compatibility with existing systems.

Key words: trusted cryptography module, virtual machine trusting, trust migration, KVM

中图分类号:

TP309

胡俊,刁子朋. vTCM:一种基于物理可信计算环境虚拟化的虚拟可信密码模块[J]. 《山东大学学报(理学版)》, 2019, 54(7): 77-88.

Jun HU,Zi-peng DIAO. vTCM: a virtualized trusted cryptography module based on the virtualization of physical trusted computing environment[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(7): 77-88.

图/表 11

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

表1

参考文献 15

1	国家密码管理局.GM/T 0012—2012可信计算-可信密码模块接口规范[S].北京:中国标准出版社, 2012: 11.
	State Cryptography Administration.GM/T 0012—2012, Trusted computing.Interface specification of trusted cryptography module[S]. Beijing: Standards Press of China, 2012: 11.
2	沈昌祥, 公备. 基于国产密码体系的可信计算体系框架[J]. 密码学报, 2015, 2 (5): 381- 389.
	SHEN Changxiang , GONG Bei . The innovation of trusted computing based on the domestic cryptography[J]. Journal of Cryptologic Research, 2015, 2 (5): 381- 389.
3	国家密码管理局.GM/T 0013—2012,可信计算-可信密码模块接口符合性测试规范[S].北京:中国标准出版社, 2012: 11.
	State Cryptography Administration.GM/T 0013—2012, Trusted computing.Trusted cryptography module interface compliance[S]. Beijing: Standards Press of China, 2012: 11.
4	Trusted Computing Group. TCG PC client specific implementation specification for conventional BIOS[EB/OL]. (2005-07-13[2018-10-10]. https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Implementation-for-BIOS.pdf
5	WAN X, XIAO Z T, REN Y. Trusted virtual private datacenter: a model toward secure IaaS cloud[C]// 2012 Fourth International Conference on Multimedia Information Networking and Security. Nanjing: IEEE, 2012: 55-58.
6	WANG Chunlu , LIU Chuanyi , LIU Bin , et al. DIV: dynamic integrity validation framework for detecting compromises on virtual machine based cloud services in real time[J]. China Communications, 2014, 11 (8): 15- 27. doi: 10.1109/CC.2014.6911084
7	SUN Y Z , FANG H F , SONG Y , et al. TRainbow: a new trusted virtual machine based platform[J]. Frontiers of Computer Science in China, 2010, 4 (1): 47- 64. doi: 10.1007/s11704-009-0076-5
8	YU Z L , ZHANG W P , DAI H J . A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority[J]. Journal of Signal Processing Systems, 2017, 86 (2/3): 327- 336.
9	SINGH J , PASQUIER T , BACON J , et al. Twenty security considerations for cloud-supported internet of things[J]. IEEE Internet of Things Journal, 2016, 3 (3): 269- 284. doi: 10.1109/JIOT.2015.2460333
10	BERGER S, GOLDMAN K A, PEREZ R, et al. vTPM: virtualizing the trusted platform module[C]// Conference on Usenix Security Symposium. California: USENIX Association, 2006.
11	STUMPF F, ECKERT C. Enhancing trusted platform modules with hardware-based virtualization techniques[C]// 2008 Second International Conference on Emerging Security Information, Systems and Technologies. Cap Esterel: IEEE, 2008: 1-9.
12	CHEN C, RAJ H, SAROIU S, et al. cTPM: a cloud TPM for cross-device trusted applications[C]// NSDI′14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation. California: USENIX Association, 2014: 187-201.
13	Trusted Computing Group. Virtualized platform architecture specification[EB/OL]. (2011-9-27)[2018-10-12] https://trustedcomputinggroup.org/virtualized-trusted-platform-architecture-specification/.
14	DANEV B. Enabling secure VM-vTPM migration in private clouds[C]// Twenty-seventh Computer Security Applications Conference. Florida: DBLP, 2011.
15	HONG Z , WANG J , ZHANG H G . A trusted VM-vTPM live migration protocol in clouds[J]. Proceedings of International Workshop on Cloud Computing & Information Security, 2013, 52 (1391): 299- 302.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

命令码名称	命令码取值	命令码功能
VTCM_INIT	0x01	初始化一个vTCM示例
VTCM_STOP	0x02	停止一个vTCM实例
VTCM_CLEAN	0x03	清除一个vTCM实例,并输出vTCM清除的校验信息。
VTCM_STARTUP	0x04	启动特定vTCM实例
VTCM_KEYSET	0x05	为特定vTCM实例设置上下文密钥
VTCM_KEYUPDATE	0x06	更新特定vTCM实例的上下文密钥
VTCM_KEYEXPORT	0x07	导出vTCM实例的上下文密钥
VTCM_KEYIMPORT	0x08	导入vTCM实例的上下文密钥
VTCM_EXPORT	0x09	导出vTCM实例上下文
VTCM_IMPORT	0x0a	导入vTCM实例上下文
VTCM_MIG_READY	0x10	在移植目标机上执行,准备vTCM实例移植,生成一个移植封装密钥
VTCM_MIG_EXPORTKEY	0x11	在移植源机器上执行,输入移植封装密钥,输出封装的上下文密钥
VTCM_MIG_IMPORTKEY	0x12	在移植目标机上执行,输入封装的上下文密钥,返回解封成功/失败消息,如解封成功,移植目标机将可以直接导入vTCM上下文,但需待激活后才可以使用
VTCM_MIG_CLEAN	0x13	在移植源机器上完成VTCM_MIG_EXPORTKEY命令后执行,输出vTCM本地清除的校验信息
VTCM_MIG_ACTIVE	0x14	在移植目标机导入vTCM上下文后使用,输入移植源机器vTCM本地清除后的校验信息,输出激活结果。如校验信息验证通过则激活成功,此时vTCM可以正常使用。这一机制是为了确保同一时刻只有一个vTCM实例存在。

[1]	黄宇晴,赵波,肖钰,陶威. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报（理学版）, 2017, 52(6): 69-75.
[2]	赵丹丹,陈兴蜀,金鑫. KVM Hypervisor安全能力增强技术研究[J]. 山东大学学报（理学版）, 2017, 52(3): 38-43.