通信学报 ›› 2018, Vol. 39 ›› Issue (11): 170-180.doi: 10.11959/j.issn.1000-436x.2018242

• 学术通信 • 上一篇    下一篇

基于标签的vTPM私密信息保护方案

陈兴蜀1,2(),王伟1,3,金鑫1,3   

  1. 1 四川大学网络空间安全研究院,四川 成都 610065
    2 四川大学网络空间安全学院,四川 成都 610065
    3 四川大学计算机学院,四川 成都 610065
  • 修回日期:2018-05-17 出版日期:2018-11-01 发布日期:2018-12-10
  • 作者简介:高博|高博|高博
  • 基金资助:
    国家自然科学基金资助项目(61802270);国家自然科学基金资助项目(61802271)

Label-based protection scheme of vTPM secret

Xingshu CHEN1,2(),Wei WANG1,3,Xin JIN1,3   

  1. 1 Cybersecurity Research Institute,Sichuan University,Chengdu 610065,China
    2 College of Cybersecurity,Sichuan University,Chengdu 610065,China
    3 College of Computer Science,Sichuan University,Chengdu 610065,China
  • Revised:2018-05-17 Online:2018-11-01 Published:2018-12-10
  • Supported by:
    The National Natural Science Foundation of China(61802270);The National Natural Science Foundation of China(61802271)

摘要:

虚拟可信平台模块是可信计算技术虚拟化的重要组件。vTPM的私密信息存在被窃取、滥用的风险,为此,提出一种基于标签的安全保护方案。首先,为每个虚拟机建立vTPM标签,标签包括签名信息、加密信息、度量信息和状态信息。然后,基于vTPM标签的状态信息设计安全增强的vTPM动态迁移协议,保障迁移前后vTPM私密信息的机密性、完整性以及虚拟机与vTPM实例关联关系的一致性。实验表明,所提方案能够有效保护vTPM的私密信息,并且给虚拟机动态迁移带来的性能开销只有19.36%。

关键词: 可信计算, 虚拟可信平台模块, TPM2.0, 动态迁移

Abstract:

The virtual trusted platform module (vTPM) played an important role in virtualization of trusted computing.According to security problems of existed vTPM,a protection scheme based on vTPM label was proposed.Firstly,a vTPM label was created for each virtual machine.This label had four main components,signature information,encryption information,measurement information and status information.Then,the security-enhanced vTPM dynamic migration protocol based on vTPM label status information was designed,to ensure the security of vTPM during live migration based on status information of vTPM label.Experiments show that the proposed scheme can protect vTPM secrets effectively and the increased performance cost during live migration is only 19.36%.

Key words: trusted computing, virtual trusted platform module, TPM2.0, live migration

中图分类号: 

No Suggested Reading articles found!