JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2017, Vol. 52 ›› Issue (6): 69-75.doi: 10.6040/j.issn.1671-9352.2.2016.231

Previous Articles     Next Articles

A vTPM-VM live migration scheme based on KVM

HUANG Yu-qing1,2, ZHAO Bo1,2*, XIAO Yu1,2, TAO Wei1,2   

  1. 1. Computer School, Wuhan University, Wuhan 430072, Hubei, China;
    2. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China
  • Received:2016-08-16 Online:2017-06-20 Published:2017-06-21

PDF (PC)

1464

Abstract: The virtual machine equipped with virtual Trusted Platform Module(vTPM)could not live migrate in KVM platform. To solve this problem, a live migration scheme of virtual machine equipped vTPM based on KVM is proposed. It is analyzed that the KVM architecture and virtualization features of vTPM and integrated the live migration of virtual machines equipped vTPM with those native normal virtual machines in KVM, thus to ensure the consistency of security state in system before and after the migration and the safety of vTPM instance data during the migration process. Finally, the scheme and did the experiment is realized. The results showed that compared with the live migration of normal virtual machine, our method make the user be unaware of the migration process. Meanwhile, the average downtime of virtual machine equipped with vTPM during the migration process is no more than 50 ms and the performance loss is 15% and after the migration, the user could use the vTPM functions properly.

Key words: live migration, KVM, vTPM, cloud computing

CLC Number: 

  • TP309
[1] Trusted Computing Group. TPM main specification[EB/OL].[2015-03-10].http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
[2] BERGER S, CÁCERES R, GOLDMAN K A, et al. vTPM: Virtualizingthe trusted platform module[J]. Usenix Security, 2006, 15:305-320.
[3] CLARK C, FRASER K, HAND S, et al. Live migration of virtual machines[C] // Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2. USENIX Association, 2005: 273-286.
[4] MASTI R J. On the security of virtual machine migration and related topics[D]. ETH Zurich, 2010.
[5] LIANG Xinlong, JIANG Rui, KONG Huafeng. Secure and reliable VM-vTPM migration in private cloud[C] // Instrumentation and Measurement, Sensor Network and Automation(IMSNA), 2013 2nd International Symposium on. IEEE, 2013: 510-514.
[6] 于颖超, 刘了, 陈左宁. 一种安全VM-vTPM迁移协议的设计与实现[J]. 电子技术应用, 2012, 04:130-133. YU Yinchao, LIU Liao, CHEN Zuoning. Design of one secure VM-vTPM migration protocol and its realization based on Xen Hypervisor[J]. Application of Electronic Technique, 2012, 04:130-133.
[7] 杨双. 一种改进的基于可信计算技术的虚拟机迁移方法[J]. 计算机与数字工程, 2013, 10:1650-1653. YANG Shuang. An improved virtual machine migration method based on trusted computing technology[J]. Computer & Digital Engineering, 2013, 10:1650-1653.
[8] 刘明芳,李文锋,赵阳. 一种基于XEN平台的可信虚拟机迁移协议[J]. 计算机安全, 2013,03, pp:13-18. LIU Mingfang, LI Wenfeng, ZHAO Yang. An XEN platform based trusted virtual machine migration protocol[J]. Computer & Digital Engineering, 2013,10, pp:13-18.
[9] BARHAN P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[C] // ACM SIGOPS Operating Systems Review. ACM, 2003, 37(5):164-177.
[10] Xen Project community, Xen project[EB/OL].[2017-02-08]. https://wiki.xenproject.org/wiki/Main_Page.
[11] DANEV B, MASTI R J, KARANE G O, et al. Enabling secure VM-vTPM migration in private clouds[C] //Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011: 187-196.
[12] 黄婕. 云服务中虚拟机与虚拟可信平台模块数据迁移的研究[J]. 计算机应用与软件, 2014(7):328-333. HUANG Jie. On data migration from virtual machine to trusted virtual platform moudule in cloud service[J]. Computer Applications and Software, 2014(7):328-333.
[13] 杨永娇,严飞,毛军鹏,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015, 02, pp:103-111. YANG Yongjiao, YAN Fei, MAO Junpeng, et al. Ng-vTPM: a next generation virtualized TPM architecture[J]. Journal of Wuhan University(Natural Science Edition), 2015, 02, pp:103-111.
[14] THIBAULT S. Stub domains:A step towards dom0 disaggregation[J]. Xen Summit, 2008, http://blog.xen.org/index.php/2008/08/28/xen-33-feature-stub-domains/
[15] BELLARD F. QEMU, a fast and portable dynamic translator[C] // USENIX Annual Technical Conference, FREENIX Track. 2005: 41-46.
[16] FAN Peiru, ZHAO Bo, SHI Yuan, et al. An improved vTPM-VM live migration protocol[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):512-520.
[17] SHI Yuan, ZHAO Bo, YU Zhao, et al. A Security-Improved Scheme for Virtual TPM Based on KVM[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):505-511.
[1] WANG Xiao-yan, CHEN Xing-shu, WANG Yi-tong, GE Long. Performance measurement and analysis of cloud computing network based on OpenStack [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 30-37.
[2] HAN Pan-pan, QIN Jing. Verifiable and searchable encryption scheme for outsourced database in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(9): 41-53.
[3] ZHAO Dan-dan, CHEN Xing-shu, JIN Xin. A study on security enhancement technology for KVM Hypervisor [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 38-43.
[4] CHEN Guang-rui, CHEN Xing-shu, WANG Yi-tong, GE Long. A software update mechanism for virtual machines in IaaS multi-tenant environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 60-67.
[5] YAO Ke, ZHU Bin-rui, QIN Jing. Verifiable public key searchable encryption protocol based on biometrics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(11): 11-22.
[6] . An approach of detecting LDoS attacks based on the euclidean distance of available bandwidth in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 92-100.
[7] CAI Hong-yun, TIAN Jun-feng. Research of data privacy protection for cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 83-89.
[8] LUO hai-yan, LÜ Ping, LIU Lin-zhong, YANG Xun. Enterprises trust comprehensive evaluation based on fussy rough AHP in cloud computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(08): 111-117.
[9] LIU Yang, QIN Feng-lin, GE Lian-sheng. Measurement study of cloud computing: a survey [J]. J4, 2013, 48(11): 27-35.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd