摘要
针对大多数现有技术主要依据可信硬件来保护虚拟机(VM,virtual machine)运行平台的安全,而缺乏对VM安全存储和可信启动保护的问题,提出了一种解决在云平台基础设施服务策略(IaaS,Infrastructure as a Service)下VM的安全存储和可信启动(SSTL,secure storage and trusted launch)方案.根据可信平台模块(TPM,trusted platform module)的一些核心功能,分别从VM镜像加解密、VM宿主平台信息的远程证明和VM度量机制来保证VM存储安全、VM运行环境的安全以及VM可信启动.实验测试与分析表明该系统能够防止非授权启动VM,并能检测针对VM的系统服务描述符表(SSDT,system services descriptor table)以及Kernel Module等系统核心模块攻击.并且对原有系统的性能损耗在允许范围之内,不影响用户的正常使用.
Aiming at most of the existing technologies mainly based on trusted hardware technology to protect the running environment of Virtual Machine (VM, Virtual Machine) are lacking of protection for VM storage and launch, a mechanism on secure storage and trusted launch of VM in haS(Infrastructure as a Service)is designed. According to some core functions of TPM(trusted platform module), the secure storage , running environment and trusted launch of VM can be assured by the VM image encryption, the remote attestation of VM host platform and VM measurement mechanism. Experimental test and analysis show that the system can protect the VM from unauthorized launching and detect the attack on the core modules of VM, such as SSDT, Kernel Module and so on. And its performance payload is in the range of acceptance, without affecting the user's daily use.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2014年第3期231-236,共6页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金资助项目(61272452,61003268,9111803,61303024,61173138)
国家重点基础研究发展计划项目(973)(2014CB340600)
关键词
虚拟机
远程证明
虚拟机存储
虚拟机度量
virtual machine; remote attestation; VM(virtual machine) storage; VM(virtual machine) measurement
