| 虚拟计算平台远程可信认证技术研究 |
| |
| 引用本文: | 郑志蓉,刘毅.虚拟计算平台远程可信认证技术研究[J].信息网络安全,2014(10):77-80. |
| |
| 作者姓名: | 郑志蓉 刘毅 |
| |
| 作者单位: | 海军计算技术研究所,北京,100841 |
| |
| 摘 要: | 与传统的单机系统按照可信平台模块、可信BIOS、操作系统装载器、操作系统内核的信任链传递方式不同,虚拟化计算环境信任链按照可信平台模块、可信BIOS、虚拟机监控器和管理虚拟机、用户虚拟机装载器、用户虚拟机操作系统装载器、用户虚拟机操作系统内核的方式进行.文章对虚拟计算平台远程完整性验证的安全需求进行了分析.为防止恶意的虚拟机监控器篡改虚拟机的完整性证明,文章提出虚拟机平台和虚拟机管理器两级的深度认证.在对虚拟机认证过程中,远程挑战者需要通过虚拟机或者直接与虚拟平台建立联系来认证平台的虚拟机管理器层.为防止中间人攻击,文章提出将物理平台寄存器映射到各虚拟平台寄存器的方式解决虚拟机与物理平台的绑定问题.
|
| 关 键 词: | 虚拟计算平台 完整性度量 可信认证 |
Research on Remote Trust Authentication in the Virtual Computing Platform |
| |
| ZHENG Zhi-rong,LIU Yi.Research on Remote Trust Authentication in the Virtual Computing Platform[J].Netinfo Security,2014(10):77-80. |
| |
| Authors: | ZHENG Zhi-rong LIU Yi |
| |
| Affiliation: | (Computer Technology Institute of Navy, Beijing 100841, China) |
| |
| Abstract: | In the traditional computing platform, the trust chain is constructed in the way of trusted platform module, trusted BIOS, OS Loader, OS kernel. In the virtual computing platform, the trust chain is constructed in the way of trusted platform module, trusted BIOS, virtual machine monitor, manage virtual machine, user virtual machine OS Loader, user virtual machine OS kernel. The security requirement of the remote trust authentication in the virtual computing platform is analyzed. The authentication way of the virtual computing platform and the virtual machine management is put forward in order to prevent malicious virtual machine management to modify the virtual machine's integrity proven. In the process of virtual machine authentication, remote challenger authenticate visual machine or virtual platform. The combination of the physical PCRs and virtual PCRs way is put forward to prevent middleman attack. |
| |
| Keywords: | virtual computing platform integrity measurement trust authentication |
| 本文献已被 维普 万方数据 等数据库收录! |
|
