摘要
虚拟可信平台模块v TPM(virtual trusted platform module)是云环境中提供可信功能的重要部件,针对已有v TPM在安全存储属性、可信身份属性、信任传递属性以及迁移时这些属性的保持在设计上的不足,本文提出一个Ng-v TPM框架.该框架结合TPM2.0的新特性,由物理TPM产生v TPM密钥提供安全存储属性,基于物理TPM背书平台种子与虚拟背书密钥的映射关系,提供虚拟机可信身份,将信任链由物理平台扩展到虚拟机平台,并提出使用基于平台配置寄存器策略的封装存储方法解决v TPM迁移后数据的可用性.最后以Xen-4.3.0架构为基础实现此框架.实验分析表明,该框架能够有效保证v TPM设计的安全需求.
As a vital important security component in cloud,v TPM( virtual trusted platform module) should provide the abilities of seal storage,trust identity and chain of trust,as well as trust migration. Unfortunately,those requirements are far from ongoing research works. In this paper,a Ng-v TPM framework is proposed. This framework has three features,the first one is a novel v TPM key hierarchies to protect sensitive data,the second one is the extension of chain of trust from physical host hardware to virtualized guest environment based on EPS( Endorsement Platform Seed),the third one is a novel PCR( platform configuration register) policy based on sealing to solve brittleness problem for migratable v TPM. At last,we also implement this framework on Xen and TPM 2. 0 platform. According to the experiments and data analysis,our work can satisfy the above requirements correctly and efficiently.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2015年第2期103-111,共9页
Journal of Wuhan University:Natural Science Edition
基金
国家重点基础研究发展计划(973)项目(2014CB340600)
国家自然科学基金(61272452
61003268
61173138
91118003
61303024)资助项目
关键词
可信计算
虚拟可信平台模块
TPM
2.0
增强授权
trusted computing virtual trusted platform module TPM 2.0 enhancement authorization
