| 云环境中可信虚拟平台的远程证明方案研究 |
| |
| 引用本文: | 胡玲碧,谭良.云环境中可信虚拟平台的远程证明方案研究[J].软件学报,2018,29(9):2874-2895. |
| |
| 作者姓名: | 胡玲碧 谭良 |
| |
| 作者单位: | 四川师范大学 计算机科学学院, 四川 成都 610068,四川师范大学 计算机科学学院, 四川 成都 610068;中国科学院 计算机技术研究所, 北京 100190 |
| |
| 基金项目: | 国家自然科学基金(61373162);四川省科技支撑项目(2014GZ007) |
| |
| 摘 要: | 云环境中如何证明虚拟平台的可信,是值得研究的问题.由于云环境中虚拟平台包括运行于物理平台上的虚拟机管理器和虚拟机,它们是不同的逻辑运行实体,具有层次性和动态性,因此,现有的可信终端远程证明方案,包括隐私CA (privacy certification authority,简称PCA)方案和直接匿名证明(direct anonymous attestation,简称DAA)方案,都并不能直接用于可信虚拟平台.而TCG发布的Virtualized Trusted Platform Architecture Specification 1.0版中,可信虚拟平台的远程证明方案仅仅是个框架,并没有具体实施方案.为此,提出了一种自顶向下的可信虚拟平台远程证明实施方案——TVP-PCA.该方案是在虚拟机中设置一个认证代理,在虚拟机管理器中新增一个认证服务,挑战方首先通过顶层的认证代理证明虚拟机环境可信,然后通过底层的认证服务证明运行于物理平台上的虚拟机管理器可信,顶层和底层证明合起来确保了整个虚拟平台的可信,有效解决了顶层证明和底层证明的同一性问题.实验结果表明,该方案不仅能够证明虚拟机的可信,而且还能证明虚拟机管理器和物理平台的可信,因而证明了云环境中的虚拟平台是真正可信的.
|
| 关 键 词: | 可信计算 可信虚拟平台 远程证明 可信云环境 |
| 收稿时间: | 2016/9/4 0:00:00 |
| 修稿时间: | 2016/12/7 0:00:00 |
Research on Trusted Virtual Platform Remote Attestation Method in Cloud Computing |
| |
| HU Ling-Bi and TAN Liang.Research on Trusted Virtual Platform Remote Attestation Method in Cloud Computing[J].Journal of Software,2018,29(9):2874-2895. |
| |
| Authors: | HU Ling-Bi and TAN Liang |
| |
| Affiliation: | College of Computer Science, Sichuan Normal University, Chengdu 610068, China and College of Computer Science, Sichuan Normal University, Chengdu 610068, China;Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China |
| |
| Abstract: | In cloud computing, how to prove the trust of a virtual platform is a hot problem. A virtual platform includes the virtual machine manager that runs on the physical platform and the virtual machines that are different logical entities with hierarchy and dynamics. Existing trusted computing remote attestation schemes, such as the privacy certification authority (PCA) scheme and the direct anonymous attestation (DAA) scheme, cannot be directly used for trusted virtual platform. Moreover, the remote attestation scheme of trusted virtual platform in virtualized trusted platform architecture specification of TCG is only a framework without concrete implementation plan. To address these issues, this paper proposes a top-down remote attestation project, called TVP-PCA, for trusted virtual platform. This project designs and implements an attestation agent in the top-level virtual machine and an attestation service in the underlying virtual machine manager. With this approach, a challenger can first use the top-level agent to prove that the virtual machine is trusted, and then use the underlying service to prove that the virtual machine manager can be trusted, both attestations together ensure the credibility of the entire virtual platform. This paper solves the identity problem of the top-level attestation and the underlying attestation effectively. Experiments show that this project can not only prove the trust of the virtual machine, but also prove the trust of the virtual machine manager and the physical platform, thus establishing that the virtual platform of the cloud computing is trusted. |
| |
| Keywords: | trusted computing trusted virtual platform remote attestation trusted cloud computing |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
