云虚拟化平台可信证明技术研究综述

doi:10.11959/j.issn.1000-436x.2021213

通信学报 ›› 2021, Vol. 42 ›› Issue (12): 212-225.doi: 10.11959/j.issn.1000-436x.2021213

云虚拟化平台可信证明技术研究综述

涂碧波¹^,², 程杰¹^,², 夏豪骏¹^,², 张坤¹^,², 孙瑞娜¹^,²^,³

¹ 中国科学院信息工程研究所，北京 100093
² 中国科学院大学网络空间安全学院，北京 100049
³ 新疆财经大学信息管理学院，新疆乌鲁木齐 830012

修回日期:2021-11-03 出版日期:2022-01-21 发布日期:2021-12-01
作者简介:涂碧波（1977- ），男，湖北红安人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为数据中心前沿技术与安全体系
程杰（1994- ），女，河北秦皇岛人，中国科学院大学博士生，主要研究方向为可信计算与云计算安全
夏豪骏（1987- ），男，湖北鄂州人，中国科学院大学博士生，中国科学院信息工程研究所工程师，主要研究方向为安全可信嵌入式系统
张坤（1987- ），女，山东济南人，中国科学院大学博士生，中国科学院信息工程研究所高级工程师，主要研究方向为操作系统、虚拟化安全等
孙瑞娜（1982- ），女，新疆乌鲁木齐人，中国科学院大学博士生，新疆财经大学讲师，主要研究方向为云安全、软件定义网络
基金资助:
广东省重点领域研发计划基金资助项目(2019B010137002)

Overview of research on trusted attestation technology of cloud virtualization platform

Bibo TU¹^,², Jie CHENG¹^,², Haojun XIA¹^,², Kun ZHANG¹^,², Ruina SUN¹^,²^,³

¹ Institute of Information Engineering， Chinese Academy of Sciences， Beijing 100093， China
² School of Cyber Security， University of Chinese Academy of Sciences， Beijing 100049， China
³ China School of Information Management， Xinjiang University of Finance and Economics， Urumqi 830012， China

Revised:2021-11-03 Online:2022-01-21 Published:2021-12-01
Supported by:
Guangdong Province Key Area Research and Development Program(2019B010137002)

摘要/Abstract

摘要：

伴随云计算的飞速发展，云平台的安全问题也备受关注。可信计算是云安全体系中重要支撑技术，可信证明是可信计算的一个重要特性，用于验证云虚拟化平台是否具有可信性，为保证云平台安全提供基础。现基于可信证明的定义，系统梳理虚拟化平台的可信根虚拟化、平台身份证明、平台状态证明、虚拟机的可信证明框架等关键技术的研究进展，分析并对比典型方案，探讨现有的工作的局限性，最后指出未来的研究趋势。

关键词: 云平台, 可信证明, 证书链扩展, 完整性度量, 远程证明

Abstract:

With the rapid development of cloud computing， the security issues of cloud platforms have also attracted much attention.Trusted computing is an essential supporting technology in the cloud computing security system.Trusted attestation is an important feature in trusted computing.The use of trusted attestation technology verifies whether the cloud virtualization platform is trustworthy， thereby providing a foundation for ensuring the security of the cloud platform.Now based on the definition of trusted attestation， the research progress of key technologies such as the root of trust virtualization， platform identity authentication， platform status certification， and trusted attestation framework for virtual machines were systematically sorted out， typical schemes were analyzed and compared.Furthermore， the limitations of existing work were discussed.Finally， the future research trend of this area were pointed out.

Key words: cloud platform, trusted attestation, certificate chain extension, integrity measurement, remote attestation

中图分类号:

TP309

涂碧波, 程杰, 夏豪骏, 张坤, 孙瑞娜. 云虚拟化平台可信证明技术研究综述[J]. 通信学报, 2021, 42(12): 212-225.

Bibo TU, Jie CHENG, Haojun XIA, Kun ZHANG, Ruina SUN. Overview of research on trusted attestation technology of cloud virtualization platform[J]. Journal on Communications, 2021, 42(12): 212-225.

图/表 10

图1

图2

图3

表1

表2

表3

表4

表5

图4

表6

参考文献 52

[1]	朱民, 涂碧波, 孟丹 . 虚拟化软件栈安全研究[J]. 计算机学报, 2017,40(2): 481-504.
	ZHU M , TU B B , MENG D . The security research of virtualization software stack[J]. Chinese Journal of Computers, 2017,40(2): 481-504.
[2]	张玉清, 王晓菲, 刘雪峰 ,等. 云计算环境安全综述[J]. 软件学报, 2016,27(6): 1328-1348.
	ZHANG Y Q , WANG X F , LIU X F ,et al. Survey on cloud computing security[J]. Journal of Software, 2016,27(6): 1328-1348.
[3]	沈昌祥 . 用可信计算构筑云计算安全[J]. 中国经贸导刊, 2017(16): 56-57.
	SHEN C X . Constructing cloud security with trusted computing[J]. China Economic ＆ Trade Herald, 2017(16): 56-57.
[4]	马力, 祝国邦, 陆磊 . 《网络安全等级保护基本要求》(GB/T 22239-2019)标准解读[J]. 信息网络安全, 2019(2): 77-84.
	MA L , ZHU G B , LU L . Baseline for classified protection of cybersecurity (GB/T 22239-2019) standard interpretation[J]. Netinfo Security, 2019(2): 77-84.
[5]	COKER G , GUTTMAN J , LOSCOCCO P ,et al. Attestation:evidence and trust[C]// Information and Communications Security. Berlin:Springer, 2008: 1-18.
[6]	施光源, 张建标 . 可信计算领域中可信证明的研究与进展[J]. 计算机应用研究, 2011,28(12): 4414-4419.
	SHI G Y , ZHANG J B . Research and development of trustworthiness attestation in trusted computing[J]. Application Research of Computers, 2011,28(12): 4414-4419.
[7]	BRICKELL E , CAMENISCH J , CHEN L Q . Direct anonymous attestation[C]// Proceedings of the 11th ACM conference on Computer and communications security. New York:ACM Press, 2004: 132-145.
[8]	CHEN L Q , . A DAA scheme using batch proof and verification[C]// Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Berlin:Springer, 2010: 166-180.
[9]	SAILER R , ZHANG X , JAEGER T ,et al. Design and implementation of a TCG-based integrity measurement architecture[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2004: 223-238.
[10]	JAEGER T , SAILER R , SHANKAR U . PRIMA:policy-reduced integrity measurement architecture[C]// Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies. New York:ACM Press, 2006: 19-28.
[11]	SON J , KOO S , CHOI J ,et al. Quantitative analysis of measurement overhead for integrity verification[C]// Proceedings of the Symposium on Applied Computing. New York:ACM Press, 2017: 1528-1533.
[12]	PORITZ J , SCHUNTER M , VAN HERREWEGHEN E ,et al. Property attestation—scalable and privacy-friendly security assessment of peer computers[R]. IBM Research,Technical Report RZ 3548, 2004.
[13]	秦宇, 冯登国 . 基于组件属性的远程证明[J]. 软件学报, 2009,20(6): 1625-1641.
	QIN Y , FENG D G . Component property based remote attestation[J]. Journal of Software, 2009,20(6): 1625-1641.
[14]	BERGER S , CERES R , GOLDMAN K A ,et al. vTPM:virtualizing the trusted platform module[C]// Proceedings of the 15th Usenix Security Symposium. Berkeley:USENIX Association, 2006: 305-320.
[15]	HE R Y , WU S J , JIANG L . A user-specific trusted virtual environment for cloud computing[J]. Information Technology Journal, 2013,12(10): 1905-1913.
[16]	严飞, 石翔, 李志华 ,等. VirtinSpector:一种基于UEFI的虚拟机动态安全度量框架设计与实现[J]. 四川大学学报(工程科学版), 2014,46(1): 22-28.
	YAN F , SHI X , LI Z H ,et al. VirtinSpector:a UEFI based dynamic secure measurement framework for virtual machine[J]. Journal of Sichuan University (Engineering Science Edition), 2014,46(1): 22-28.
[17]	SUN H N , HE R Y , ZHANG Y ,et al. eTPM:a trusted cloud platform enclave TPM scheme based on intel SGX technology[J]. Sensors, 2018,18(11): 3807.
[18]	STUMPF F , ECKERT C . Enhancing trusted platform modules with hardware-based virtualization techniques[C]// Proceedings of 2008 Second International Conference on Emerging Security Information,Systems and Technologies. Piscataway:IEEE Press, 2008: 1-9.
[19]	ENGLAND P , LOESER J . Para-virtualized TPM sharing[C]// International Conference on Trusted Computing. Berlin:Springer, 2008: 119-132.
[20]	WANG J , FAN C , WANG J ,et al. SvTPM:a secure and efficient vTPM in the cloud[J]. arXiv Preprint,arXiv:1905.08493, 2019.
[21]	刘明达, 曹慧渊, 拾以娟 ,等. 基于SR-IOV的TCM硬件虚拟化构建可信虚拟环境[J]. 武汉大学学报(理学版), 2017,63(2): 117-124.
	LIU M D , CAO H Y , SHI Y J ,et al. Building trusted virtual environment by TCM hardware virtualization based on SR-IOV[J]. Journal of Wuhan University (Natural Science Edition), 2017,63(2): 117-124.
[22]	胡俊, 刁子朋 . vTCM:一种基于物理可信计算环境虚拟化的虚拟可信密码模块[J]. 山东大学学报(理学版), 2019,54(7): 77-88.
	HU J , DIAO Z P . vTCM:a virtualized trusted cryptography module based on the virtualization of physical trusted computing environment[J]. Journal of Shandong University (Natural Science), 2019,54(7): 77-88.
[23]	黄坚会, 沈昌祥, 谢文录 . TPCM 三阶三路安全可信平台防护架构[J]. 武汉大学学报(理学版), 2018,64(2): 109-114.
	HUANG J H , SHEN C X , XIE W L . The TPCM 3P3C defense architecture of safety and trusted platform[J]. Journal of Wuhan University (Natural Science Edition), 2018,64(2): 109-114.
[24]	GOYETTE R . A review of vTPM:virtualizing the trusted platform module[J]. Proceedings of Network Security and Cryptography, 2007: 1-17.
[25]	STUMPF F , BENZ M , HERMANOWSKI M ,et al. An approach to a trustworthy system architecture using virtualization[C]// International Conference on Autonomic and Trusted Computing. Berlin:Springer, 2007: 191-202.
[26]	王丽娜, 高汉军, 余荣威 ,等. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报, 2011,32(9): 1-8.
	WANG L N , GAO H J , YU R W ,et al. Research of constructing trusted virtual execution environment based on trust extension[J]. Journal on Communications, 2011,32(9): 1-8.
[27]	谭良, 齐能, 胡玲碧 . 虚拟平台环境中一种新的可信证书链扩展方法[J]. 通信学报, 2018,39(6): 133-145.
	TAN L , QI N , HU L B . New extension method of trusted certificate chain in virtual platform environment[J]. Journal on Communications, 2018,39(6): 133-145.
[28]	王冠, 郭一清, 陈建中 . 云环境下可信系统架构与虚拟证书链生成研究[J]. 计算机科学与应用, 2018,8(5): 738-747.
	WANG G , GUO Y Q , CHEN J Z . Research on trusted system architecture and virtual certificate chain in cloud environment[J]. Computer Science and Application, 2018,8(5): 738-747.
[29]	BENDER A , KATZ J , MORSELLI R . Ring signatures:stronger definitions,and constructions without random oracles[C]// Theory of Cryptography Conference. Berlin:Springer, 2006: 60-79.
[30]	LIU J Q , ZHAO J , HAN Z . A remote anonymous attestation protocol in trusted computing[C]// Proceedings of 2008 IEEE International Symposium on Parallel and Distributed Processing. Piscataway:IEEE Press, 2008: 1-6.
[31]	荣星, 赵勇 . 基于无证书环签名的虚拟机可信证明方案[J]. 计算机应用, 2017,37(2): 378-382.
	RONG X , ZHAO Y . Trustworthiness attestation scheme for virtual machine based on certificateless ring signature[J]. Journal of Computer Applications, 2017,37(2): 378-382.
[32]	STELTE B , KOCH R , ULLMANN M . Towards integrity measurement in virtualized environments—a hypervisor based sensory integrity measurement architecture (SIMA)[C]// Proceedings of 2010 IEEE International Conference on Technologies for Homeland Security (HST). Piscataway:IEEE Press, 2010: 106-112.
[33]	LITTY L , LAGAR-CAVILLA H A ,, LIE D . Hypervisor support for identifying covertly executing binaries[C]// Proceedings of the 17th USENIX Security Symposium. Berkeley:USENIX Association, 2008: 243-258.
[34]	AZAB A M , NING P , SEZER E C ,et al. HIMA:a hypervisor-based integrity measurement agent[C]// Proceedings of 2009 Annual Computer Security Applications Conference. Piscataway:IEEE Press, 2009: 461-470.
[35]	XING B , HAN Z , CHANG X L ,et al. OB-IMA:out-of-the-box integrity measurement approach for guest virtual machines[J]. Concurrency and Computation:Practice and Experience, 2015,27(5): 1092-1109.
[36]	邢彬, 韩臻, 常晓林 ,等. 基于虚拟机监控技术的可信虚拟域[J]. 信息安全学报, 2016,1(1): 75-94.
	XING B , HAN Z , CHANG X L ,et al. Trusted virtual domain based on virtual machine introspection technology[J]. Journal of Cyber Security, 2016,1(1): 75-94.
[37]	林杰, 刘川意, 方滨兴 . IVirt:基于虚拟机自省的运行环境完整性度量机制[J]. 计算机学报, 2015,38(1): 191-203.
	LIN J , LIU C Y , FANG B X . IVirt:runtime environment integrity measurement mechanism based on virtual machine introspection[J]. Chinese Journal of Computers, 2015,38(1): 191-203.
[38]	JIANG F , CAI Q , GUAN L ,et al. Enforcing access controls for the cryptographic cloud service invocation based on virtual machine introspection[C]// International Conference on Information Security. Berlin:Springer, 2018: 213-230.
[39]	JIANG F J , CAI Q W , LIN J Q ,et al. TF-BIV:transparent and fine-grained binary integrity verification in the cloud[C]// Proceedings of the 35th Annual Computer Security Applications Conference. New York:ACM Press, 2019: 57-69.
[40]	GARFINKEL T , PFAFF B , CHOW J ,et al. Terra:a virtual machine-based platform for trusted computing[C]// Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles. New York:ACM Press, 2003: 193-206.
[41]	SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing[J]. HotCloud, 2009,9(9): 3.
[42]	WANG H Z , HUANG L S . An improved trusted cloud computing platform model based on DAA and privacy CA scheme[C]// Proceedings of 2010 International Conference on Computer Application and System Modeling (ICCASM 2010). Piscataway:IEEE Press, 2010: 13-33.
[43]	荣星, 沈昌祥, 江荣 ,等. 基于双层非平衡散列树的云平台远程验证方案[J]. 通信学报, 2017,38(9): 31-38.
	RONG X , SHEN C X , JIANG R ,et al. Remote attestation scheme for cloud platform based on double-layer unbalanced hash tree[J]. Journal on Communications, 2017,38(9): 31-38.
[44]	KAMHOUA C A , RUAN A B , MARTIN A ,et al. On the feasibility of an open-implementation cloud infrastructure:a game theoretic analysis[C]// Proceedings of 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC). Piscataway:IEEE Press, 2015: 217-226.
[45]	XIN S Y , ZHAO Y , LI Y . Property-based remote attestation oriented to cloud computing[C]// Proceedings of 2011 Seventh International Conference on Computational Intelligence and Security. Piscataway:IEEE Press, 2011: 1028-1032.
[46]	AWAD A , KADRY S , LEE B ,et al. Property based attestation for a secure cloud monitoring system[C]// Proceedings of 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing. Piscataway:IEEE Press, 2014: 934-940.
[47]	VARADHARAJAN V , TUPAKULA U . Counteracting security attacks in virtual machines in the cloud using property based attestation[J]. Journal of Network and Computer Applications, 2014,40: 31-45.
[48]	ZHANG T W , LEE R B . CloudMonatt:an architecture for security health monitoring and attestation of virtual machines in cloud computing[C]// Proceedings of the 42nd Annual International Symposium on Computer Architecture. New York:ACM Press, 2015: 362-374.
[49]	ZHOU Z , WU L , HONG Z ,et al. DTSTM:dynamic tree style trust measurement model for cloud computing[J]. KSII Transactions on Internet and Information Systems, 2014,8(1): 305-325.
[50]	胡玲碧, 谭良 . 云环境中可信虚拟平台的远程证明方案研究[J]. 软件学报, 2018,29(9): 2874-2895.
	HU L B , TAN L . Research on trusted virtual platform remote attestation method in cloud computing[J]. Journal of Software, 2018,29(9): 2874-2895.
[51]	LAUER H , KUNTZE N . Hypervisor-based attestation of virtual environments[C]// Proceedings of 2016 IEEE Conferences on Ubiquitous Intelligence ＆ Computing,Advanced and Trusted Computing,Scalable Computing and Communications,Cloud and Big Data Computing,Internet of People,and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld). Piscataway:IEEE Press, 2016: 333-340.
[52]	王伟, 陈兴蜀, 兰晓 ,等. 基于 VMI 的虚拟机远程证明方案[J]. 网络与信息安全学报, 2018,4(12): 32-43.
	WANG W , CHEN X S , LAN X ,et al. VMI-based virtual machine remote attestation scheme[J]. Chinese Journal of Network and Information Security, 2018,4(12): 32-43.

虚拟机监视器类型	虚拟化方式	方案	并发访问支持	与物理TPM关系	性能	安全性
		软件vTPM^[14]	多虚拟机并发	绑定	中	低
	软件模拟	基于SMM保护^[16]	多虚拟机并发	绑定	差	高
Xen		eTPM^[17]	多虚拟机并发	绑定	好	高
	半虚拟化	半虚拟化vTPM^[19]	单虚拟机独占	直接访问	受限	中
	硬件	硬件辅助vTPM^[18]	单虚拟机独占	直接访问	受限	高
		基于函数库模拟	多虚拟机并发	完全脱离	较好	低
Qemu-KVM	软件模拟	CUSE TPM	多虚拟机并发	完全脱离	较好	低
		SvTPM^[20]	多虚拟机并发	绑定	较好	高
	硬件	TPM passthrough	单虚拟机独占	直接访问	受限	高

方案	签名方式	匿名性	效率	实现	适用范围
PCA方案	一次一密	差	低	容易	较小或实名认证的局域网
DAA方案	群签名	较好	低	较难	高性能服务器之间
基于环签名的身份证明方案	环签名	好	较高	困难	较大规模云数据中心

方式	原理	安全性	透明性	语义信息	虚拟化支持
虚拟机内度量	利用操作系统的安全机制	差	不透明	丰富	不需要
虚拟机外度量	操作系统外实现的安全机制	好	透明	空白	需要

特性	安全性	灵活性	性能	实现
二进制	中	低	很快	较易
属性	较高	高	中	难
行为	高	高	中	很难

原则	新鲜信息	综合信息	约束泄露	语义明确	可信通信机制	同一性	可扩展性
虚实分离模式	好	好	好	好	好	差	差
虚拟机模式	差	好	好	好	好	好	较差
宿主机模式	好	好	好	好	好	好	好

云虚拟化平台可信证明技术研究综述

Overview of research on trusted attestation technology of cloud virtualization platform

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 52

相关文章 15

Metrics

推荐阅读 0

方案	遵守规范	增加密钥冗余	增加隐私CA负担	依赖TPM
EK→AIK→vEK→vAIK	否	否	是	是
EK→vEK→vAIK	否	否	否	是
EK→AIK→vAIK	否	否	是	是
EK→AIK→SK→vAIK	是	是（多）	否	是
VMEK→vEK→vAIK	是	是（1）	否	是
EK→tEK→vEK→vAIK	是	否	否	否

[1]	何欣枫,田俊峰,刘凡鸣. 可信云平台技术综述[J]. 通信学报, 2019, 40(2): 154-163.
[2]	谭良,齐能,胡玲碧. 虚拟平台环境中一种新的可信证书链扩展方法[J]. 通信学报, 2018, 39(6): 133-145.
[3]	杨宏宇,孟令现. Hadoop云平台用户动态访问控制模型[J]. 通信学报, 2017, 38(9): 9-17.
[4]	荣星,沈昌祥,江荣,赵勇. 基于双层非平衡散列树的云平台远程验证方案[J]. 通信学报, 2017, 38(9): 31-38.
[5]	石源,张焕国,赵波,于钊. 基于SGX的虚拟机动态迁移安全增强方法[J]. 通信学报, 2017, 38(9): 65-75.
[6]	田俊峰,常方舒. 基于TPM联盟的可信云平台管理模型[J]. 通信学报, 2016, 37(2): 1-10.
[7]	冯伟,秦宇,冯登国,杨波,张英骏. 基于TCM的安全Windows平台设计与实现[J]. 通信学报, 2015, 36(8): 91-103.
[8]	王吉，包卫东，朱晓敏. 虚拟化云平台中实时任务容错调度算法研究[J]. 通信学报, 2014, 35(10): 20-180.
[9]	王吉,包卫东,朱晓敏. 虚拟化云平台中实时任务容错调度算法研究[J]. 通信学报, 2014, 35(10): 171-180.
[10]	杨力，张俊伟，马建峰，刘志宏. 改进的移动计算平台直接匿名证明方案[J]. 通信学报, 2013, 34(6): 8-75.
[11]	杨力,张俊伟,马建峰,刘志宏. 改进的移动计算平台直接匿名证明方案[J]. 通信学报, 2013, 34(6): 69-75.
[12]	王丽娜,高汉军,余荣威,任正伟,董永峰. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报, 2011, 32(9): 1-8.
[13]	施光源,沈昌祥,刘毅. 基于安全虚拟机内省的动态可信证明方法[J]. 通信学报, 2011, 32(11A): 24-38.
[14]	杨力,马建峰,裴庆祺,马卓. 直接匿名的无线网络可信接入认证方案[J]. 通信学报, 2010, 31(8): 98-104.
[15]	杨力,马建峰,朱建明. 可信的匿名无线认证协议[J]. 通信学报, 2009, 30(9): 29-35.