摘要
现有虚拟机监控器(VMM)动态完整性度量架构在度量信任根的安全性方面存在问题,同时没有综合考虑VMM中需要进行完整性度量的数据,为此提出了一种基于动态信任根的VMM动态完整性度量架构。采用基于AMD的安全虚拟机技术构建动态信任根,可以实现对度量程序加载执行前的完整性度量;同时构建封闭独立的执行环境,从而可以有效地解决度量信任根的问题。通过分析VMM运行时的内存状态,对所有需要进行完整性保护的静态持久化数据进行完整性度量,从而可以保证度量内容的完备性。同时给出该架构在Xen上的实现。实验结果表明,该架构可以有效地解决度量信任根的问题,并且对度量内容具有良好的扩展性,从而保证度量内容的完备性;此外,该度量架构与现有架构Hyper Check-SMM相比有23.3%的性能提升。
There are problems in the existing Virtual Machine Monitor( VMM) dynamic integrity measurement architecture, such as the security of the root of trust for measurement, and not considering the data that needs to be used in the VMM for integrity measurement. A new architecture of dynamic integrity measurement architecture for VMM based on dynamic root of trust was presented in this paper. By using secure virtual machine to construct the dynamic root of trust for measurement based on AMD, it could realize the integrity measurement program before execution, and built a closed independent execution environment, which could effectively solve the problem of the root of trust for measurement. By analyzing the memory state of the runtime VMM, it could measure the integrity of all the static persistent data that needed to be protected for guaranteezing the completeness of measurement content. The architecture was implemented on Xen. The experimental results show that the architecture can effectively solve the problem of root of trust for measurement, while ensuring the extensibility of the measurement content to guarantee its completeness, in addition, the measurement architecture can achieve 23. 3%performance boost compared with Hyper Check-SMM.
出处
《计算机应用》
CSCD
北大核心
2014年第A02期194-199,共6页
journal of Computer Applications
基金
信息网络安全公安部重点实验室开放基金资助课题(C12610)
江西省教育厅青年科学基金资助项目(GJJ13013)
关键词
虚拟机监控器
完整性保护
可信计算
动态信任根
动态完整性度量
Virtual Machine Monitor (VMM)
integrity protection
trusted computing
dynamic root of trust
dynamic integrity measurement
