基于可信平台模块的虚拟机安全协议

为了保证虚拟机间通信的安全,存取控制是经常采用的手段。但是存取控制的灵活性和扩展性都有一定的限制。为了克服这一局限性,本文提出了一套针对虚拟机系统的安全协议。安全协议以可信平台模块作为可信根,建立起从底层硬件到虚拟机中应用的信任路径,从而有效并安全地实现了密钥及证书的发放、身份认证、虚拟机间保密通信和密钥及证书更新的功能。此外,本文在Xen中成功实现了这套安全协议。

Security protocols based on trusted platform module for virtual machine system

Access control is the widely used way to guarantee the security of communication between virtual machines(VMs).But it is limited in flexibility and scalability.To overcome this limitation,this paper proposes a suite of security protocols for virtual machine systems.These security protocols establish a trusted path from bottom hardware to applications in VMs,by utilizing trusted platform module(TPM) as the trusted root.As a result,security functions,including granting key and certificate,identity authenticat...