|
|
- 2017
一种基于KVM的vTPM虚拟机动态迁移方案
|
Abstract:
摘要: 针对当前KVM平台上的带虚拟可信平台模块的vTPM虚拟机无法实现动态迁移的问题,提出并实现了一种基于KVM的vTPM虚拟机动态迁移方案。在分析KVM架构与vTPM虚拟化特征的基础上,将vTPM虚拟机的动态迁移与KVM上原生态普通虚拟机的动态迁移过程相融合,保证了迁移前后系统安全状态的一致性和迁移过程中vTPM实例数据的安全性。实验结果表明,与普通虚拟机的动态迁移相比,利用该方案实现了用户无感知的vTPM虚拟机动态迁移过程,在保证虚拟机迁移后vTPM设备可用性的基础上,迁移中平均停机时间不超过50 ms,性能损失仅为15%。
Abstract: The virtual machine equipped with virtual Trusted Platform Module(vTPM)could not live migrate in KVM platform. To solve this problem, a live migration scheme of virtual machine equipped vTPM based on KVM is proposed. It is analyzed that the KVM architecture and virtualization features of vTPM and integrated the live migration of virtual machines equipped vTPM with those native normal virtual machines in KVM, thus to ensure the consistency of security state in system before and after the migration and the safety of vTPM instance data during the migration process. Finally, the scheme and did the experiment is realized. The results showed that compared with the live migration of normal virtual machine, our method make the user be unaware of the migration process. Meanwhile, the average downtime of virtual machine equipped with vTPM during the migration process is no more than 50 ms and the performance loss is 15% and after the migration, the user could use the vTPM functions properly
| [1] | Trusted Computing Group. TPM main specification[EB/OL].[2015-03-10].http://www.trustedcomputinggroup.org/resources/tpm_main_specification. |
| [2] | BERGER S, CáCERES R, GOLDMAN K A, et al. vTPM: Virtualizingthe trusted platform module[J]. Usenix Security, 2006, 15:305-320. |
| [3] | CLARK C, FRASER K, HAND S, et al. Live migration of virtual machines[C] // Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2. USENIX Association, 2005: 273-286. |
| [4] | MASTI R J. On the security of virtual machine migration and related topics[D]. ETH Zurich, 2010. |
| [5] | LIANG Xinlong, JIANG Rui, KONG Huafeng. Secure and reliable VM-vTPM migration in private cloud[C] // Instrumentation and Measurement, Sensor Network and Automation(IMSNA), 2013 2nd International Symposium on. IEEE, 2013: 510-514. |
| [6] | BARHAN P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[C] // ACM SIGOPS Operating Systems Review. ACM, 2003, 37(5):164-177. |
| [7] | Xen Project community, Xen project[EB/OL].[2017-02-08]. https://wiki.xenproject.org/wiki/Main_Page. |
| [8] | 黄婕. 云服务中虚拟机与虚拟可信平台模块数据迁移的研究[J]. 计算机应用与软件, 2014(7):328-333. HUANG Jie. On data migration from virtual machine to trusted virtual platform moudule in cloud service[J]. Computer Applications and Software, 2014(7):328-333. |
| [9] | 杨永娇,严飞,毛军鹏,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015, 02, pp:103-111. YANG Yongjiao, YAN Fei, MAO Junpeng, et al. Ng-vTPM: a next generation virtualized TPM architecture[J]. Journal of Wuhan University(Natural Science Edition), 2015, 02, pp:103-111. |
| [10] | 于颖超, 刘了, 陈左宁. 一种安全VM-vTPM迁移协议的设计与实现[J]. 电子技术应用, 2012, 04:130-133. YU Yinchao, LIU Liao, CHEN Zuoning. Design of one secure VM-vTPM migration protocol and its realization based on Xen Hypervisor[J]. Application of Electronic Technique, 2012, 04:130-133. |
| [11] | THIBAULT S. Stub domains:A step towards dom0 disaggregation[J]. Xen Summit, 2008, http://blog.xen.org/index.php/2008/08/28/xen-33-feature-stub-domains/ |
| [12] | 杨双. 一种改进的基于可信计算技术的虚拟机迁移方法[J]. 计算机与数字工程, 2013, 10:1650-1653. YANG Shuang. An improved virtual machine migration method based on trusted computing technology[J]. Computer & Digital Engineering, 2013, 10:1650-1653. |
| [13] | 刘明芳,李文锋,赵阳. 一种基于XEN平台的可信虚拟机迁移协议[J]. 计算机安全, 2013,03, pp:13-18. LIU Mingfang, LI Wenfeng, ZHAO Yang. An XEN platform based trusted virtual machine migration protocol[J]. Computer & Digital Engineering, 2013,10, pp:13-18. |
| [14] | DANEV B, MASTI R J, KARANE G O, et al. Enabling secure VM-vTPM migration in private clouds[C] //Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011: 187-196. |
| [15] | BELLARD F. QEMU, a fast and portable dynamic translator[C] // USENIX Annual Technical Conference, FREENIX Track. 2005: 41-46. |
| [16] | FAN Peiru, ZHAO Bo, SHI Yuan, et al. An improved vTPM-VM live migration protocol[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):512-520. |
| [17] | SHI Yuan, ZHAO Bo, YU Zhao, et al. A Security-Improved Scheme for Virtual TPM Based on KVM[J]. Wuhan University Journal of Natural Sciences, 2015, 20(6):505-511. |
