信息网络安全 ›› 2018, Vol. 18 ›› Issue (1): 1-8.doi: 10.3969/j.issn.1671-1122.2018.01.001

• •    下一篇

云环境下可重构虚拟可信根的设计框架

张建标1,2,3, 赵子枭1,2,3(), 胡俊1,2,3, 王晓1,2,3   

  1. 1.北京工业大学信息学部, 北京 100124
    2.可信计算北京市重点实验室, 北京 100124
    3.信息安全等级保护关键技术国家工程实验室,北京 100124
  • 收稿日期:2017-11-01 出版日期:2018-01-20 发布日期:2020-05-11
  • 作者简介:

    作者简介:张建标(1969—),男,江苏,教授,博士,主要研究方向为可信计算、网络信息安全、安全性测试;赵子枭(1992—),男,黑龙江,硕士研究生,主要研究方向为云安全与可信计算;胡俊(1972—),男,湖南,讲师,博士,主要研究方向为可信计算;王晓(1983—),女,河北,讲师,博士,主要研究方向为可信计算、云安全。

  • 基金资助:
    国家自然科学基金[61671030];国家高技术研究发展计划(863计划)[2015AA016002]

The Design Framework of Reconfi gurable Virtual Root of Trust in Cloud Environment

Jianbiao ZHANG1,2,3, Zixiao ZHAO1,2,3(), Jun HU1,2,3, Xiao WANG1,2,3   

  1. 1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
    2. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China
    3. National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing 100124,China
  • Received:2017-11-01 Online:2018-01-20 Published:2020-05-11

摘要:

可信计算技术与云计算技术的结合,使得可信云逐渐成为解决云安全问题的一大重要手段。但是目前可信云的可信原点——虚拟可信根仍存在一些问题:仅支持TPM而不支持TPCM,无法做到主动防御;内部结构不便修改与扩展;所使用的密码算法符合国外标准,国内无法达到自主可控。因此,文章提出了一种全新的虚拟可信根设计方案,该方案以模块化的结构对可信根进行重构,各个模块之间通过内部统一的消息格式来协调合作,为云环境提供安全可靠的计算保障。基于此方案的可重构虚拟可信根具有以下特点:具备高可扩展性,其结构易改造从而达到多元异构,能够模拟不同的TPM或TPCM架构;同时具备自主可控性,其核心密码算法遵循国家标准。

关键词: 可信计算, 虚拟可信根, vTPCM, 可重构, 自主可控

Abstract:

With the emergence of trusted computing technology trusted cloud has gradually become a major solution to the problem of cloud security. However, the trusted source of the trusted cloud -- virtual root of trust still has some problems: support TPM only, does not support TPCM, can not do active defense; internal structure is inconvenient to modify or extend; the use of cryptographic algorithm meet foreign standards only which is not autonomous and controllable. Therefore, we present a new design scheme of virtual root of trust, which reconstructs the root of trust in a modular structure. The modules cooperate with each other through the internal unified message format to provide security and reliable environment for the cloud. Based on this scheme, the reconfigurable virtual root or trust has the following characteristics: high scalability, its structure is easy to transform so as to achieve multiple heterogeneous, can simulate different TPM or TPCM architecture; autonomous and controllable, its cryptographic algorithm follows the national standard.

Key words: trusted computing, virtual root of trust, vTPCM, reconfigurable, autonomous and controllable

中图分类号: