Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (12): 32-43.doi: 10.11959/j.issn.2096-109x.2018098

• Papers • Previous Articles     Next Articles

VMI-based virtual machine remote attestation scheme

Wei WANG1,2,Xingshu CHEN2,3(),Xiao LAN2,Xin JIN1,2   

  1. 1 College of Computer Science,Sichuan University,Chengdu 610065,China
    2 Cybersecurity Research Institute,Sichuan University,Chengdu 610065,China
    3 College of Cybersecurity,Sichuan University,Chengdu 610065,China
  • Revised:2018-11-29 Online:2018-12-15 Published:2018-12-30
  • Supported by:
    The National Natural Science Foundation of China(61802270);The Transformational Technology International Research Platform for National Dual Innovation Base(C700011)

Abstract:

The virtual machine attestation scheme proposed by trusted computing group (TCG) can provide attestation service of virtual machine for cloud computing.However,the service using the scheme proposed by the TCG directly would be threatened by the cuckoo attack and its performance would be lower.Therefore,a new virtual machine remote attestation scheme based on virtual machine introspection (VMI) was proposed.Firstly,it eliminated the path to perform cuckoo attacks in virtual machines via obtaining virtual machines′ remote attestation evidence in virtual machine monitor (VMM).Secondly,it used physical trusted platform module (TPM) to ensure the integrity of virtual machines’ remote attestation evidence and reduced the number of attestation identity key (AIK) certificates required during remote attestation to balance the load of private CA.Experiments show that the proposed scheme can verify the status of virtual machines correctly and increase the performance of bulk virtual machines’ remote attestation significantly.

Key words: virtual machine remote attestation, the cuckoo attack, virtual machine introspection, TPM, attestation identity key

CLC Number: 

No Suggested Reading articles found!