计算机应用 ›› 2018, Vol. 38 ›› Issue (2): 327-336.DOI: 10.11772/j.issn.1001-9081.2017082159

• 网络空间安全 • 上一篇    下一篇

具有瀑布特征的可信虚拟平台信任链模型

齐能1, 谭良1,2   

  1. 1. 四川师范大学 计算机科学学院, 成都 610101;
    2. 中国科学院 计算技术研究所, 北京 100190
  • 收稿日期:2017-08-21 修回日期:2017-09-06 出版日期:2018-02-10 发布日期:2018-02-10
  • 通讯作者: 齐能
  • 作者简介:齐能(1993-),男,河南商丘人,硕士研究生,主要研究方向:可信计算、云计算;谭良(1972-),男,四川泸州人,教授,博士,CCF高级会员,主要研究方向:可信计算、网络安全。
  • 基金资助:
    国家自然科学基金资助项目(61373162);四川省科技支撑项目(2014GZ007)。

Trust chain model with waterfall characteristic based on trusted virtualization platform

QI Neng1, TAN Liang1,2   

  1. 1. College of Computer Science, Sichuan Normal University, Chengdu Sichuan 610101, China;
    2. Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China
  • Received:2017-08-21 Revised:2017-09-06 Online:2018-02-10 Published:2018-02-10
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61373162), the Science and Technology Support Project of Sichuan Province (2014GZ007).

摘要: 将虚拟化技术与可信计算相结合构建的可信虚拟平台及其信任链模型是目前的一个研究热点。目前大部分的研究成果采用在虚拟平台上扩展传统信任链的构建方法,不仅模型过粗且逻辑不完全合理,而且还存在底层虚拟化平台和顶层用户虚拟机两条分离的信任链问题。为此,提出一种具有瀑布特征的信任链模型——TVP-QT,该模型以硬件可信平台模块(TPM)为起点,在底层虚拟化平台和顶层用户虚拟机信任链之间加入可信衔接点。当信任链从底层虚拟化平台传递到可信衔接点时,由可信衔接点负责对用户虚拟机的可信虚拟平台模块(vTPM)进行度量,之后将控制权交给vTPM,由vTPM负责对用户虚拟机启动的组件及应用进行度量。该模型中可信衔接点具有承上启下的瀑布特征,能满足虚拟化环境的层次性和动态性特征,保证了整个可信虚拟平台的可信性。不仅从理论上证明了该模型的正确性,而且对实例系统的分析和讨论也表明了该模型的通用性与可行性;在Xen中对该模型进行了仿真实验,实验结果表明该信任链传递理论可以保证可信虚拟化环境在整个运行过程是安全可信的。

关键词: 虚拟化, 可信计算, 可信虚拟平台, 信任链, 可信衔接点

Abstract: The trusted virtual platform constructed by the combination of virtualization technology and trusted computing and its trust chain have become a research hot spot. But at present, most of the research achievements construct the trust chain by extending the conventional trust chain model, as a result, the model is not precise and the logic is not completely reasonable. Moreover, there are two separate trust chains, one starts from the underlying virtual platform, the other starts from the top-level user Virtual Machine (VM). In order to solve this problem, a trust chain model with waterfall characteristic called TVP-QT was proposed for the trusted virtual platform. This model starts with the physical Trusted Platform Module (TPM), and adds a Trusted-Joint Point (TJP) between the chain of the underlying virtual platform and the chain of the top-level user VM. The TJP is in charge of the measurement of virtualization TPM (vTPM) for VM after the trusted chain is transmitted from the underlying virtual platform to the TJP, then the vTPM gets the control and is in charge of the measurement of the related components and applications of the top-level user VM in the starting process. The TJP which has the waterfall characteristic between the underlying virtual platform and the top-level user VM can be viewed as a connecting link, and it can satisfy the hierarchical and dynamic characteristics of the virtual platform, moreover guarantee the trust of the whole virtual platform. Finally, the correctness of the model was proved in theory, and the generality and feasibility of the proposed trust chain model in the instantiation system was analyzed and discussed. Simulation results on Xen show that the trust chain can ensure the trust and credibility of the trusted cloud platform in the whole running process.

Key words: virtualization, trusted computing, trusted virtual platform, trust chain, Trusted-Joint Point (TJP)

中图分类号: