基于TPCM的容器云可信环境研究

doi:10.11959/j.issn.2096-109x.2021068

摘要/Abstract

摘要：

容器技术是一种轻量级的操作系统虚拟化技术，被广泛应用于云计算环境，是云计算领域的研究热点，其安全性备受关注。提出了一种采用主动免疫可信计算进行容器云可信环境构建方法，其安全性符合网络安全等级保护标准要求。首先，通过 TPCM 对容器云服务器进行度量，由 TPCM 到容器的运行环境建立一条可信链。然后，通过在 TSB 增加容器可信的度量代理，实现对容器运行过程的可信度量与可信远程证明。最后，基于Docker与Kubernetes建立实验原型并进行实验。实验结果表明，所提方法能保障云服务器的启动过程与容器运行过程的可信，符合网络安全等级保护标准测评要求。

关键词: 可信计算, 可信启动, 可信度量, 远程证明

Abstract:

Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.

Key words: trusted computing, trusted boot, trusted measurement, remote attestation

中图分类号:

TP309

刘国杰, 张建标, 杨萍, 李铮. 基于TPCM的容器云可信环境研究[J]. 网络与信息安全学报, 2021, 7(4): 164-174.

Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI. Research on the trusted environment of container cloud based on the TPCM[J]. Chinese Journal of Network and Information Security, 2021, 7(4): 164-174.

图/表 16

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

表1

图14

表2

参考文献 39

[1]	张玉清, 王晓菲, 刘雪峰 ,等. 云计算环境安全综述[J]. 软件学报, 2016,27(6): 1328-1348.
	ZHANG Y Q , WANG X F , LIU X F ,et al. Survey on cloud computing security[J]. Journal of Software, 2016,27(6): 1328-1348.
[2]	SINGH A , CHATTERJEE K . Cloud security issues and challenges:a survey[J]. Journal of Network and Computer Applications, 2017,79.
[3]	SINGH S , JEONG Y S , PARK J H . A survey on cloud computing security:issues,threats,and solutions[J]. Journal of Network and Computer Applications, 2016,75.
[4]	陈广勇, 祝国邦, 范春玲 . 《信息安全技术网络安全等级保护测评要求》（GB/T 28448-2019）标准解读[J]. 信息网络安全杂志, 2019,19(7): 1-8.
	CHEN G Y , ZHU G B , FAN C L . Information security technology-evaluation requirement for classified protection of cybersecurity (GB/T 28448-2019) standard interpretation[J]. Netinfo Security, 2019,19(7): 1-8.
[5]	吴松, 王坤, 金海 . 操作系统虚拟化的研究现状与展望[J]. 计算机研究与发展, 2019,56(1): 58-68.
	WU S , WANG K , JIN H . Research situation and prospects of operating system virtualization[J]. Journal of Computer Research and Development, 2019,56(1): 58-68.
[6]	FELTER W , FERREIRA A , RAJAMONY R ,et al. An updated performance comparison of virtual machines and Linux containers[C]// 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). 2015.
[7]	MERKEL D . Docker:lightweight linux containers for consistent development and deployment[J]. Linux Journal, 2014(1): 76-90.
[8]	BRENDAN B , BRIAN G , DAVID O ,et al. Borg,Omega,and Kubernetes[J]. Communications of the ACM, 2016,59(5): 50-57.
[9]	SULTAN S , AHMAD I , DIMITRIOU T . Container security:issues,challenges,and the road ahead[J]. IEEE Access, 2019,7(1): 52976-52996.
[10]	RUI S , GU X H , ENCK W . A study of security vulnerabilities on docker hub[C]// Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 2017.
[11]	THANH B . Analysis of docker security[J]. arXiv preprint arXiv:1501.02967, 2015.
[12]	鲁涛, 陈杰, 史军 . Docker 安全性研究[J]. 计算机技术与发展, 2018,28(6): 115-120.
	LU T , CHEN J , SHI J . Research of Docker security[J]. Computer Technology and Development, 2018,28(6): 115-120.
[13]	JAYANTH G , DESIKAN T , TURNER Y . Over 30% of official images in docker hub contain high priority security vulnerabilities[R]. Technical Report. 2015.
[14]	MANU A R , PATEL J K , AKHTAR S ,et al. A study,analysis and deep dive on cloud PAAS security in terms of Docker container security[C]// 2016 International Conference on Circuit,Power and Computing Technologies (ICCPCT). 2016.
[15]	SUN Y Q , SAFFORD D , ZOHAR M ,et al. Security namespace:making Linux security frameworks available to containers[C]// Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18). 2018: 1423-1439.
[16]	BENEDICTIS M D , LIOY A . Integrity verification of Docker containers for a lightweight cloud environment[J]. Future Generation Computer Systems, 2019,97(8): 236-246.
[17]	HOSSEINZADEH S , LAURéN S ,, LEPPNEN V . Security in container-based virtualization through vTPM[C]// IEEE/ACM International Conference on Utility ＆ Cloud Computing. 2017.
[18]	GUO Y , YU A , GONG X ,et al. Building trust in container environment[C]// 2019 18th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). 2019.
[19]	王鹃, 胡威, 张雨菡 ,等. 基于Docker的可信容器[J]. 武汉大学学报(理学版), 2017,63(2): 102-108.
	WANG J , HU W , ZHANG Y H ,et al. Trusted container based on Docker[J]. Journal of Wuhan University (Natural Science Edition), 2017,63(2): 102-108.
[20]	XIE X L , YUAN T W , ZHOU X ,et al. Research on trust model in container-based cloud service[J]. CMC:Computers,Materials ＆Continua, 2018,56(2).
[21]	冯登国, 秦宇, 汪丹 ,等. 可信计算技术研究[J]. 计算机研究与发展, 2011,48(8): 1332-1349.
	FENG D G , QIN Y , WANG D ,et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349.
[22]	SHEN C X , ZHANG H G , WANG H M ,et al. Research on trusted computing and its development[J]. Science China Information Sciences, 2010,53(3): 405-433.
[23]	张焕国, 罗捷, 金刚 ,等. 可信计算研究进展[J]. 武汉大学学报(理学版), 2006(5): 513-518.
	ZHANG H G , LUO J , JIN G ,et al. Development of trusted computing research[J]. Wuhan University Journal of Natural Sciences, 2006(5): 513-518.
[24]	FENG D G , QIN Y , FENG W ,et al. The theory and practice in the evolution of trusted computing[J]. Chinese Science Bulletin, 2014,59(32): 4173-4189.
[25]	郭颖, 毛军捷, 张翀斌 ,等. 基于可信平台控制模块的主动度量方法[J]. 清华大学学报(自然科学版), 2012,52(10): 1465-1473.
	GUO Y , MAO J J , ZHANG C B ,et al. Active measures base on a trusted platform control module[J]. Journal of Tsinghua University (Sci and Tech), 2012,52(10): 1465-1473.
[26]	中国国家标准化委员会. 信息安全技术可信计算规范可信平台控制模块[S]. 征求意见稿, 2019.
	National Information Security Standardization Technical Committee. Information security technology-trusted computing specification-motherboard function and interface of trusted platform[S]. Draft for Comments, 2019.
[27]	沈昌祥 . 用主动免疫可信计算 3.0 筑牢网络安全防线营造清朗的网络空间[J]. 信息安全研究, 2018,4(4): 282-302.
	SHEN C X . To create a positive cyberspace by safeguarding network security with active immune trusted computing 3.0[J]. Journal of Information Security Research, 2018,4(14): 282-302.
[28]	GB/T 37935-2019. 信息安全技术可信计算规范可信软件基[S]. 2020.
	GB/T 37935-2019. Information security technology-Trusted computing specification-Trust software base[S]. 2020.
[29]	沈昌祥, 张大伟, 刘吉强 ,等. 可信3.0战略:可信计算的革命性演变[J]. 中国工程科学, 2016,18(6): 53-57.
	SHEN C X , ZHANG D W , LIU J Q ,et al. The strategy of TC 3.0:a revolutionary evolution in trusted computing[J]. Strategic Study of Chinese Academy of Engineering, 2016,18(6): 53-57.
[30]	田俊峰, 常方舒 . 基于 TPM 联盟的可信云平台管理模型[J]. 通信学报, 2016,37(2): 1-10.
	TIAN J F , CHANG F S . Trusted cloud platform management model based on TPM alliance[J]. Journal on Communications, 2016,37(2): 1-10.
[31]	刘国杰, 张建标 . 基于 TPCM 的服务器可信 PXE 启动方法[J]. 网络与信息安全学报, 2020,6(6): 105-111.
	LIU G J , ZHANG J B . TPCM-based trusted PXE boot method for servers[J]. Chinese Journal of Network and Information Security, 2020,6(6): 105-111.
[32]	BERGER S , CáCERES R ,, GOLDMAN K A ,et al. vTPM:virtualizing the trusted platform module[J]. Usenix Security, 2006,15: 305-320.
[33]	田健生, 詹静 . 基于 TPCM 的主动动态度量机制的研究与实现[J]. 信息网络安全, 2016,16(6): 22-27.
	TIAN J S , ZHAN J . Research and implementation of active dynamic measurement based on TPCM[J]. Netinfo Security, 2016,16(6): 22-27.
[34]	黄坚会, 石文昌 . 基于ATX主板的TPCM主动度量及电源控制设计[J]. 信息网络安全, 2016,16(11): 1-5.
	HUANG J H , SHI W C . The TPCM active measurement and power control design for ATX motherboard[J]. Netinfo Security, 2016,16(11): 1-5.
[35]	黄坚会, 沈昌祥 . TPCM主动防御可信服务器平台设计[J]. 郑州大学学报(理学版), 2019,51(3): 1-6.
	HUANG J H , SHEN C X . Trusted platform design of server with TPCM active defense[J]. Journal of Zhengzhou University (Natural Science Edition) (2019), 2019,51(3): 1-6.
[36]	IBM's software TPM 2[EB].
[37]	EDK Ⅱ project[EB].
[38]	Docker[EB].
[39]	Kubernetes[EB].

攻击类型	TPCM的防御效果	TPM的防御效果
修改 MBR 启动代码	实时发现并阻止操作系统加载	TPM 不能发现这个问题，不能阻止启动
BIOS Bootblock 入侵	实时发现并阻止启动	无此功能
Main BIOS 入侵	实时发现并阻止启动	TPM 不能发现这个问题，不能阻止启动
使用未经认证的 PCIE 设备	实时发现并阻止启动	TPM 不能发现这个问题，不能阻止启动
破坏平台完整性	实时发现并阻止启动	TPM 不能发现这个问题，不能阻止启动

功能类别	TPCM	TPM或vTPM
是否能够保护BIOS固件	先于主CPU启动，能够验证BIOS固件	TPM与vTPM是被动调用，不能验证BIOS固件
可信度量时间	只需要初始化一次，相对vTPM较短	vTPM需要每次启动容器是初始化，时间较长
是否易受攻击	采用物理芯片，作为信任根，不易受攻击	vTPM容易被恶意篡改
是否需要外部保护	采用物理芯片，作为信任根，不需要额外保护	vTPM是虚拟的，作为OS的一个进程，容易被破坏篡改，需要保护
远程证明复杂度	采用可信度量代理，每个容器根据度量策略，生成一个度量列表，对于同一台主机调用一次TPCM就可以完成验证与证明	每个容器对应一个 vTPM，对于同一台主机的多个容器需要调用每一个容器的vTPM进行验证与证明