基于可信平台控制模块的可信虚拟执行环境构建方法

    Construction Method of Trusted Virtual Execution Environment Based on Trusted Platform Control Module

    • 摘要: 针对云计算环境中单个计算节点可信性问题以及虚拟机迁移过程中多个节点间信任关系保持问题,基于我国可信计算技术的可信平台控制模块(trusted platform control module,TPCM)提出了一种可信虚拟执行环境构建方法.该方法通过将国产可信根TPCM虚拟化为云中的每个虚拟机生成了虚拟可信根,并将云信任链从物理层传递到虚拟层,实现了单个计算节点可信执行环境的构造;针对云虚拟机的动态迁移特性,基于多级认证中心设计了适合虚拟可信根迁移的证书生成及管理机制,并提出了一种虚拟可信根动态可信迁移方案,保障了迁移过程中信任关系在多个节点间的保持.实验结果表明:该方案能构造虚拟可信执行环境,实现虚拟可信根的动态可信迁移.

       

      Abstract: To solve problems of trustworthiness of a single virtual computing node in cloud computing environment and the maintenance of trust relationship among multiple nodes during the migration process, based on trusted platform control module (TPCM), the trusted root of trusted computing technology in China, a method was proposed to construct a trusted virtual execution environment. By virtualizing the TPCM, the virtual trusted root was generated for each virtual computing node in the cloud, and the cloud trusted chain was transferred from the physical node to the virtual node. For the dynamic migration characteristics of cloud virtual computing nodes, based on multi-level certificate authority (CA), a mechanism for certificate generation and management suitable for virtual root migration was designed, and a virtual root dynamic trusted migration scheme was proposed, which guaranteed the maintenance of trust relationship among multiple nodes in the migration process. Experimental results show that the scheme proposed can construct a virtual trusted execution environment and realize the dynamic trusted migration of virtual trusted roots.

       

    /

    返回文章
    返回