OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

- 2015

Ng-vTPM:新一代TPM虚拟化框架设计 Ng-v TPM: A Next Generation Virtualized TPM Architecture

杨永娇,严飞,毛军鹏,张焕国

Keywords: 可信计算,虚拟可信平台模块,TPM 2.0,增强授权

Full-Text Cite this paper Add to My Lib

Abstract:

虚拟可信平台模块v TPM(virtual trusted platform module)是云环境中提供可信功能的重要部件,针对已有v TPM在安全存储属性、可信身份属性、信任传递属性以及迁移时这些属性的保持在设计上的不足,本文提出一个Ng-v TPM框架.该框架结合TPM2.0的新特性,由物理TPM产生v TPM密钥提供安全存储属性,基于物理TPM背书平台种子与虚拟背书密钥的映射关系,提供虚拟机可信身份,将信任链由物理平台扩展到虚拟机平台,并提出使用基于平台配置寄存器策略的封装存储方法解决v TPM迁移后数据的可用性.最后以Xen-4.3.0架构为基础实现此框架.实验分析表明,该框架能够有效保证v TPM设计的安全需求

References

[1]	Trusted Computing Group.Trusted Platform Module Specification Family 2.0 Level 00 Revision 00.99[EB/OL].[2014-03-10].http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
[2]	Sadeghi A,Stuble C,Winandy M.Property-based TPM virtualization[C]//Proceedings of the 11th International Conference on Information Security,ISC’08.Berlin:Springer-Verlag,2008:1-16.
[3]	Jayaram M R,Marforio C,Capkun S.An architecture for concurrent execution of secure environments in clouds[C]//Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop.New York:ACM Press,2013:11-22.
[4]	Santos N,Rodrigues R,Gummadi K P,et al.Policysealed data:A new abstraction for building trusted cloud services[C]//Security’12 Proceedings of the 21st USENIX Conference on Security Symposium.CA USA:USENIX Association,2012:10.
[5]	Li C,Wu X,Liu C,et al.An Implementation of Trusted Remote Attestation Oriented the Iaa SCloud[M].Berlin:Springer-Verlag,2013:194-202.□
[6]	Xen.Xen Source[EB/OL].[2013-03-10].http://www.xenproject.org/downloads/xen-archives/supportedxen-43-series/xen-430.html.
[7]	Danev B,Masti R J,Karame,et al.Enabling secure VM-v TPM migration in private clouds[C]//Proceedings of the 27th Annual Computer Security Applications Conference.New York:ACM Press,2011:187-196.
[8]	Aslam M,Gehrmann C,Bjorkman M.Security and trust preserving VM migrations in public clouds[C]//Trust,Security and Privacy in Computing and Communications(Trust Com),2012 IEEE 11th International Conference on.New York:IEEE Press,2012:869-876.
[9]	Diffie W,Hellman M E.New directions in cryptography[J].Information Theory,IEEE Transactions on,1976,22(6):644-654.
[10]	Berger S,Caceres R,Goldman K,et al.VTPM:Virtualizing the trusted platform module[C]//Proceedings of the15th USENIX Security Symposium.Orlando:VSENIZ,2006:305-320.
[11]	England P,Loeser J:Para-virtualized TPM sharing[C]//Proceedings of the 1st International Conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications,TRUST’08.Berlin:Springer-Verlag,2008:119-132.
[12]	Stumpf F,Eckert C.Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques[C]//Proceedings of the 2nd International Conference on Emerging Security Information,Systems and Technologies(SECURWARE’08).Washington DC:IEEE,2008:1-9.
[13]	Murray D G,Milos G,Hand S.Improving Xen security through disaggregation[C]//Proceedings of the Fourth ACM Sigplan//Sigops International Conference on Virtual Execution Environments.New York:ACM Press,2008:151-160.
[14]	Jin X,Wang L,Yu R,et al.Administrative domain:Security enhancement for virtual TPM[C]//Multimedia Information Networking and Security(MINES),2010 International Conference on.New York:IEEE Press,2010:767-771.
[15]	Yap J Y,Tomlinson A.Para-virtualizing the trusted platform module:An enterprise framework based on version2.0 specification[C]//5th International Conference,INTRUST 2013.Berlin:Springer-Verlag,2013:1-16.
[16]	Intel Corp.Intel Trusted Execution Technology[EB/OL].[2014-03-10].http://www.intel.com/technology/security/.
[17]	Zhang F,Chen J,Chen H,et al.Cloudvisor:Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[C]//Proceedings of the TwentyThird ACM Press Symposium on Operating Systems Principles.New York:ACM,2011:203-216.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133