基于标签的vTPM私密信息保护方案

doi:10.11959/j.issn.1000-436x.2018242

Abstract

Abstract:

The virtual trusted platform module (vTPM) played an important role in virtualization of trusted computing.According to security problems of existed vTPM,a protection scheme based on vTPM label was proposed.Firstly,a vTPM label was created for each virtual machine.This label had four main components,signature information,encryption information,measurement information and status information.Then,the security-enhanced vTPM dynamic migration protocol based on vTPM label status information was designed,to ensure the security of vTPM during live migration based on status information of vTPM label.Experiments show that the proposed scheme can protect vTPM secrets effectively and the increased performance cost during live migration is only 19.36%.

Key words: trusted computing, virtual trusted platform module, TPM2.0, live migration

CLC Number:

TP309.2

Xingshu CHEN,Wei WANG,Xin JIN. Label-based protection scheme of vTPM secret[J]. Journal on Communications, 2018, 39(11): 170-180.

Figures/Tables 14

References 20

[1]	BERGER S , CáCERES R , GOLDMAN K A ,et al. vTPM:virtualizing the trusted platform module[C]// The 15th Conference on USENIX Security Symposium. 2006: 305-320.
[2]	严飞, 龚玉凤, 于钊 . 基于硬件事务内存的 vTPM 安全保护方法:CN105678173[P].2016-06-15.
	YAN F , GONG Y F , YU Z . vTPM security protection method based on hardware transaction memory[P]. CN105678173A,2016-06-15.
[3]	严飞, 于钊, 张立强 ,等. vTSE:一种基于SGX的vTPM安全增强方案[J]. 工程科学与技术, 2017,49(2): 133-139.
	YAN F , YU Z , ZHANG L Q ,et al. vTSE:a solution of SGX-based vTPM secure enhancement[J]. Advanced Engineering Sciences, 2017,49(2): 133-139.
[4]	SHI Y , ZHAO B , YU Z ,et al. A Security-improved scheme for virtual TPM based on KVM[J]. Wuhan University Journal of Natural Sciences, 2015,20(6): 505-511.
[5]	JIN X , CHEN X S , ZHAO C ,et al. Trusted attestation architecture on an infrastructure-as-a-service[J]. Tsinghua Science and Technology, 2017,22(5): 469-477.
[6]	黄宇晴, 赵波, 肖钰 ,等. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报(理学版), 2017,52(6): 69-75.
	HUANG Y Q , ZHAO B , XIAO Y ,et al. A vTPM-VM live migration scheme based on KVM[J]. Journal of Shandong University (Natural Science), 2017,52(6): 69-75.
[7]	石源, 张焕国, 赵波 ,等. 基于SGX的虚拟机动态迁移安全增强方法[J]. 通信学报, 2017,38(9): 65-75.
	SHI Y , ZHANG H G , ZHAO B ,et al. Security-enhanced live migration based on SGX for virtual machine[J]. Journal on Communications, 2017,38(9): 65-75.
[8]	FAN P R , ZHAO B , SHI Y ,et al. An improved vTPM-VM live migration protocol[J]. Wuhan University Journal of Natural Sciences, 2015,20(6): 512-520.
[9]	WAN X , ZHANG X F , CHEN L ,et al. An improved vTPM migration protocol based trusted channel[C]// International Conference on Systems and Informatics. 2012: 871-875.
[10]	DANEV B , MASTI R J , KARAME G O ,et al. Enabling secure VM-VTPM migration in private clouds[C]// The 27th Annual Computer Security Applications Conference. 2011: 187-196.
[11]	CHALLENER D , YODER K , CATHERMAN R ,et al. A practical guide to trusted computing[M]. Beijing: China Machine PressPress, 2008.
[12]	BERGER S , GOLDMAN K , PENDARAKIS D ,et al. Scalable attestation:a step toward secure and trusted clouds[C]// IEEE International Conference on Cloud Engineering. 2015: 185-194.
[13]	ARTHUR W , CHALLENER D , GOLDMAN K . A practical guide to TPM 20:using the trusted platform module in the new age of security[M]. Berkeley: ApressPress, 2015.
[14]	CUCURULL J , GUASCH S . Virtual TPM for a secure cloud:fallacy or reality?[C]// The 13th Spanish Meeting on Cryptology and Information Security.Alicante. 2014: 197-202.
[15]	杨永娇, 严飞, 毛军鹏 ,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015,61(2): 103-111.
	YANG Y J , YAN F , MAO J P ,et al. Ng-vTPM:a next generation virtualized TPM architecture[J]. Wuhan University Journal of Natural Sciences, 2015,61(2): 103-111.
[16]	王丽娜, 高汉军, 余荣威 . 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报, 2011,32(9): 1-8.
	WANG L N , GAO H J , YU R W . Research of constructing trusted virtual execution environment based on trust extension[J]. Journal on Communications, 2011,32(9): 1-8.
[17]	HOHMUTH M , PETER M , H¨ARTIG H , .et al Reducing TCB size by using untrusted components—small kernels versus virtual-machine monitors[C]// The 11th workshop on ACM SIGOPS European Workshop. 2004:22.
[18]	RAZAVI K , KIELMANN T . Scalable virtual machine deployment using VM image caches[C]// The International Conference on High Performance Computing,Networking,Storage and Analysis. 2013:65.
[19]	MAYES K , MARKANTONAKIS K . Smart cards,tokens,security and applications[M]. New York: Springer PublishingPress, 2010.
[20]	TCG Infrastructure Working Group. A CMC profile for AIK certificate enrollment[M]. Beaverton,Oregon: TCGPress, 2011.

Metrics

Recommended 0

No Suggested Reading articles found!

服务器	个数	CPU	内存/GB	磁盘空间/TB	TPM
控制节点服务器	1	Intel(R)Core(TM) i5-6400	8	1	无
计算节点服务器	2	Intel(R)Core(TM) i5-6400	8	1	TPM2.0

Label-based protection scheme of vTPM secret

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163.
[2]	Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124.
[3]	Junfeng TIAN,Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method [J]. Journal on Communications, 2018, 39(6): 52-63.
[4]	Liang TAN,Neng QI,Lingbi HU. New extension method of trusted certificate chain in virtual platform environment [J]. Journal on Communications, 2018, 39(6): 133-145.
[5]	Tian-shu WANG,Gong-xuan ZHANG,Xi-chen YANG. Trusted solution monitoring system based on ZigBee wireless sensor network [J]. Journal on Communications, 2017, 38(Z2): 67-77.
[6]	Yuan SHI,Huan-guo ZHANG,Bo ZHAO,Zhao YU. Security-enhanced live migration based on SGX for virtual machine [J]. Journal on Communications, 2017, 38(9): 65-75.
[7]	Lei WANG,Ming-hua YANG,Zeng-liang LIU,Jian-qun ZHENG. Trust chain generating and updating algorithm for dual redundancy system [J]. Journal on Communications, 2017, 38(1): 1-8.
[8]	Yong CUI,Yu-song LIN,Run-zhi LI,Zong-min WANG. Cooperative game based bandwidth allocation mechanism live migration of multiple virtual machines [J]. Journal on Communications, 2016, 37(4): 149-158.
[9]	Hong-wei MENG,Zhong CHEN,Zi-qian MENG,Chuck SONG. VM migration across subnets in future internet architecture—XIA [J]. Journal on Communications, 2016, 37(3): 107-116.
[10]	xin ZOUQing,yu HAOZhi,chun YUNXiao. Live migration based on the characteristics of operation stages for virtual machine [J]. Journal on Communications, 2016, 37(1): 170-179.
[11]	Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM [J]. Journal on Communications, 2015, 36(8): 91-103.
[12]	Qian-ying ZHANG,Shi-jun ZHAO,Wei FENG,Yu QIN,Deng-guo FENG. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 72-85.
[13]	Zhen-ji ZHOU,Li-fa WU,Zheng HONG,Hai-guang LAI,Cheng-hui ZHENG. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 94-105.
[14]	. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 11-85.
[15]	. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 13-105.