Journal on Communications ›› 2018, Vol. 39 ›› Issue (6): 133-145.doi: 10.11959/j.issn.1000-436x.2018090
• Papers • Previous Articles Next Articles
Liang TAN1,2,Neng QI1,Lingbi HU1
Revised:
2018-03-14
Online:
2018-06-01
Published:
2018-07-09
Supported by:
CLC Number:
Liang TAN,Neng QI,Lingbi HU. New extension method of trusted certificate chain in virtual platform environment[J]. Journal on Communications, 2018, 39(6): 133-145.
"
证书类型 | 发布者 | 证书作用 | 证书内容 |
背书证书 | TPM制造商 | 证明TPM身份 | TPM模块、发布者、TPM规范、签名值、公钥等 |
一致性证书 | 可信第三方 | 指出评估者认可TPM的设计和实现符合评估准则 | 评估者名、平台制造商名、平台型号、平台版本号、背书证书 |
平台证书 | 平台制造商 | 确认平台的制造者并且描述平台的属性 | 背书证书、平台模型、发布者、平台规范、签名值等 |
确认证书 | 可信第三方 | 确认系统中某个硬件或软件 | 确认实体名、组件生产商名、组件型号、发布者、签名值等 |
AIK证书 | Privacy CA | 证明TPM及平台的身份 | AIK公钥、TPM模块、发布者、TPM规范、签名值、身份标签(背书证书、验证证书和平台证书)等 |
VMEK证书 | Privacy CA | 用来迁移vTPM及证书信任扩展 | VMEK 公钥、TPM 模块、平台类型、一致性证书、发布者、签名值、源PCR值、源VMEK证书等 |
"
源码名称及版本 | 名称 | 文件路径 | 类型/作用 |
TPM_Emulator-0.7.4 | TPM_KEY_USAGE | //tpm_emulator-0.7.4/tpm/tpm_structures.h | 证书常量 |
PM_KEY_VMEK | 数据结构 | ||
TPM_VMEK_CONTENTS | |||
TPM_CreateVMEKKeyPair | //tpm_emulator-0.7.4/tpm/tpm_structures.h | 函数定义 | |
TPM_ActiveVMEK | |||
TPM_VMEKLoad | |||
TPM_VMEK_Signing | |||
TPM_CreateVMEKKeyPair | //tpm_emulator-0.7.4/tpm/tpm_identity.c | 接口函数 | |
TPM_ActiveVMEK | |||
TPM_VMEKLoad | //tpm_emulator-0.7.4/tpm/tpm_vmekref.c | ||
TPM_VMEK_Signing | |||
Xen-4.4.0 | VEMK_Info | //xen-4.4.0/xen/include/public/xen.h | vmek标识 |
VMEK_Info | //xen-4.4.0/stubdom/vtpmmgr/tpm.h | vmek信息 |
"
应用层接口 | TSP层接口 | TCS层接口 | TPM命令 |
VTPM_CreateVMEKKeyPair | VTSP_CreateVMEKKeyPair | TCSP_CreateVMEKKeyPair | TPM_CreateVMEKKeyPair |
VTPM_TPM_VMEKLoad | VTSP_VMEKLoad | TCSP_VMEKLoad | TPM_VMEKLoad |
VTPM_ActiveVMEK | VTSP_ActiveVMEK | TCSP_ActiveVMEK | TPM_ActiveVMEK |
VTPM_VMEK_Signing | VTSP_VMEK_Signing | TCSP_VMEK_Signing | TPM_VMEK_Signing |
[1] | ZHANG Y , ZHOU Y . 4VP:A novel meta OS approach for streaming programs in ubiquitous computing[C]// International Conference on Advanced Information NETWORKING and Applications. 2007: 394-403. |
[2] | ZHANG Y , ZHOU Y . Transparent computing:a new paradigm for pervasive computing[C]// International Conference on Ubiquitous Intelligence and Computing. 2006: 1-11. |
[3] | 陈康, 郑纬民 . 云计算:系统实例与研究现状[J]. 软件学报, 2009,20(5): 1337-1348. |
CHEN K , ZHENG W M . Cloud computing:system case and research status[J]. Journal of Software, 2009,20(5): 1337-1348. | |
[4] | 罗军舟, 金嘉晖, 宋爱波 ,等. 云计算:体系架构与关键技术[J]. 通信学报, 2011,32(7): 3-21. |
LUO J Z , JIN J H , SONG A B ,et al. Cloud computing:architecture and key technologies[J]. Journal on Communications, 2011,32(7): 3-21. | |
[5] | 林闯, 苏文博, 孟坤 ,等. 云计算安全:架构、机制与模型评价[J]. 计算机学报, 2013,36(9): 1765-1784. |
LIN C , SU W B , MENG K ,et al. Cloud computing security:architecture,mechanism and model evaluation[J]. Chinese Journal of Computers, 2013,36(9): 1765-1784. | |
[6] | 王国峰, 刘川意, 潘鹤中 ,等. 云计算模式内部威胁综述[J]. 计算机学报, 2017,40(2): 296-316. |
WANG G F , LIU C Y , PAN H Z ,et al. An overview of internal threats in cloud computing models[J]. Chinese Journal of Computers, 2017,40(2): 296-316. | |
[7] | MAHAJAN A , SHARMA S . The malicious insiders threat in the cloud[J]. International Journal of Engineering Research and General Science, 2015,3(2): 245-256. |
[8] | BOUCHé J , KAPPES M . Attacking the cloud from an insider perspective[C]// Internet Technologies and Applications. 2015. |
[9] | 王焘, 张文博, 魏峻 ,等. 一种基于故障预测的云计算系统自适应监测方法[P]. CN105677538A, 2016. |
WANG H , ZHANG W B , WEI J ,et al. An adaptive monitoring method for cloud computing systems based on fault prediction[P]. CN105677538A, 2016. | |
[10] | 沈昌祥, 张焕国, 王怀民 ,等. 可信计算的研究与发展[J]. 中国科学:信息科学, 2010(2): 139-166. |
SHEN C X , ZHANG H G , WANG H M ,et al. Research and development of trusted computing[J]. Chinese Science:Information Science, 2010(2): 139-166. | |
[11] | 冯登国, 秦宇, 汪丹 ,等. 可信计算技术研究[J]. 计算机研究与发展, 2011,48(8): 1332-1349. |
FENG D G , QIN Y , WANG D ,et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349. | |
[12] | CHEN Y , PAXSON V , KATZ R H . What’s new about cloud computing security?[J]. 2014,20. |
[13] | KO R K L , JAGADPRAMANA P , MOWBRAY M ,et al. Trust cloud:a framework for accountability and trust in cloud computing[C]// Services. 2011: 584-588. |
[14] | 刘川意, 王国峰, 林杰 ,等. 可信的云计算运行环境构建和审计[J]. 计算机学报, 2016,39(2): 339-350. |
LIU C Y , WANG G F , LIN J ,et al. Trusted cloud computing operating environment construction and auditing[J]. Chinese Journal of Computers, 2016,39(2): 339-350. | |
[15] | 田俊峰, 常方舒 . 基于 TPM 联盟的可信云平台管理模型[J]. 通信学报, 2016,37(2): 1-10. |
TIAN J F , CHANG F S . Trusted cloud platform management model based on TPM alliance[J]. Journal on Communications, 2016,37(2): 1-10. | |
[16] | 吴吉义, 沈千里, 章剑林 ,等. 云计算:从云安全到可信云[J]. 计算机研究与发展, 2011,48(S1): 229-233. |
WU J Y , SHEN Q L , ZHANG J L ,et al. Cloud computing:from cloud security to trusted clouds[J]. Journal of Computer Research and Development, 2011,48(S1): 229-233. | |
[17] | BERGER S , GOLDMAN K A , PEREZ R ,et al. vTPM:virtualizing the trusted platform module[C]// Conference on Usenix Security Symposium. 2006:21. |
[18] | ENGLAND P , LOESER J . Para-virtualized TPM sharing[C]// International Conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications. 2008: 119-132. |
[19] | STUMPF F , ECKERT C . Enhancing trusted platform modules with hardware-based virtualization techniques[C]// Second International Conference on Emerging Security Information,Systems and Technologies. 2008: 1-9. |
[20] | ALBELOOSHI B , SALAH K , MARTIN T ,et al. Securing cryptographic keys in the IaaS cloud model[C]// IEEE/ACM International Conference on Utility and Cloud Computing. 2016: 42-56. |
[21] | YU Z , WANG Q , ZHANG W ,et al. A cloud certificate authority architecture for virtual machines with trusted platform module[C]// IEEE International Conference on High PERFORMANCE Computing and Communications. 2015: 1377-1380. |
[22] | CHANG D , CHU X , QIN Y ,et al. TSD:a flexible root of trust for the cloud[C]// IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2012: 119-126. |
[23] | WAN X , XIAO Z , REN Y . Building trust into cloud computing using virtualization of TPM[C]// Fourth International Conference on Multimedia Information NETWORKING and Security. 2013: 59-63. |
[24] | XUE D , WU X , GAO Y ,et al. TrustVP:construction and evolution of trusted chain on virtualization computing platform[C]// Eighth International Conference on Computational Intelligence and Security. 2013: 623-630. |
[25] | GOYETTE R . A review of “vTPM:virtualizing the trusted platform module”[R]. Network Security and Cryptography Symposium, 2007: 1-17. |
[26] | 王丽娜, 高汉军, 余荣威 ,等. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报, 2011,32(9): 1-8. |
WANG L N , GAO H J , YU R W ,et al. Research on the construction method of trusted virtual execution environment based on trust extension[J]. Journal on Communications, 2011,32(9): 1-8. | |
[27] | 杨永娇, 严飞, 毛军鹏 ,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015,61(2): 103-111. |
YANG Y J , YAN F , MAO J P ,et al. Ng-vTPM:a new generation of TPM virtualization framework design[J]. Journal of Wuhan University (Science Materials), 2015,61(2): 103-111. |
[1] | Bibo TU, Jie CHENG, Haojun XIA, Kun ZHANG, Ruina SUN. Overview of research on trusted attestation technology of cloud virtualization platform [J]. Journal on Communications, 2021, 42(12): 212-225. |
[2] | Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163. |
[3] | Junfeng TIAN,Tianle LI. Data integrity verification based on model cloud federation of TPA [J]. Journal on Communications, 2018, 39(8): 113-124. |
[4] | Junfeng TIAN,Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method [J]. Journal on Communications, 2018, 39(6): 52-63. |
[5] | Xingshu CHEN,Wei WANG,Xin JIN. Label-based protection scheme of vTPM secret [J]. Journal on Communications, 2018, 39(11): 170-180. |
[6] | Tian-shu WANG,Gong-xuan ZHANG,Xi-chen YANG. Trusted solution monitoring system based on ZigBee wireless sensor network [J]. Journal on Communications, 2017, 38(Z2): 67-77. |
[7] | Lei WANG,Ming-hua YANG,Zeng-liang LIU,Jian-qun ZHENG. Trust chain generating and updating algorithm for dual redundancy system [J]. Journal on Communications, 2017, 38(1): 1-8. |
[8] | Wei FENG,Yu QIN,Deng-guo FENG,Bo YANG,Ying-jun ZHANG. Design and implementation of secure Windows platform based on TCM [J]. Journal on Communications, 2015, 36(8): 91-103. |
[9] | . Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 11-85. |
[10] | . Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 13-105. |
[11] | Qian-ying ZHANG,Shi-jun ZHAO,Wei FENG,Yu QIN,Deng-guo FENG. Research of a trusted execution environment module for multiple platforms [J]. Journal on Communications, 2014, 35(Z2): 72-85. |
[12] | Zhen-ji ZHOU,Li-fa WU,Zheng HONG,Hai-guang LAI,Cheng-hui ZHENG. Trusted virtual machine management model for cloud computing [J]. Journal on Communications, 2014, 35(Z2): 94-105. |
[13] | . Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 13-106. |
[14] | Qian-ying ZHANG,Deng-guo FENG,Shi-jun ZHAO. Research of platform identity attestation based on trusted chip [J]. Journal on Communications, 2014, 35(8): 94-106. |
[15] | Yue-lei XIAO,Yu-min WANG,Liao-jun PANG,Shi-chong TAN. WLAN Mesh security association scheme in trusted computing environment [J]. Journal on Communications, 2014, 35(7): 94-103. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|