Research on Trusted Computing Device Virtualization Critical Assurance Mechanisms

doi:10.3969/j.issn.1671-1122.2015.09.017

Abstract

Abstract:

This paper analyzes the virtualization requirements of trusted computing hardware device, and studies the virtual support mode and assurance mechanism, and puts forward two principles of key independent principle and complete state independent principle that are needed when constructs trusted computing mechanism on virtual platform. On the basis of analyzing virtualization mechanisms of the main I/O equipments, this paper also puts forward two key virtualization assurance mechanisms of trusted computing hardware device: to ensure the secure inter-domain communication in the virtualization software layer; to ensure the trusted computing hardware device has an expandable internal storage space.

Key words: trusted computing, virtualization, assurance mechanism

CLC Number:

TP309

Qiang HUANG, De-hua ZHANG, Lun-wei WANG. Research on Trusted Computing Device Virtualization Critical Assurance Mechanisms[J]. Netinfo Security, 2015, 15(9): 70-73.

Figures/Tables 5

References 14

[1]	沈昌祥,张焕国,王怀民,等.可信计算的研究与发展[J].中国科学:信息科学. 2010,(40):139-166.
[2]	郑志蓉,刘毅. 虚拟计算平台远程可信认证技术研究[J]. 信息网络安全,2014,(10):77-80.
[3]	Trusted Computing Group. Virtualized Trusted Platform Architecture Specification Version 1.0 Revision 0.26[EB/OL]. .
[4]	甘宏,潘丹. 虚拟化系统安全的研究与分析[J]. 信息网络安全,2012,(05):43-45.
[5]	Jordi C, Sandra G.Virtual TPM for a secure cloud: fallacy or reality?[C]//RECSI 2014, Alicante, 2014:198-202.
[6]	李海威,范博,李文锋. 一种可信虚拟平台构建方法的研究和改进[J]. 信息网络安全,2015,(1):1-5.
[7]	Berger S, Cáceres R, Goldman K, et al.vTPM: Virtualizing the Trusted Platform Module[C]// Proceedings of the 15th USENIX Security Symposium, 2006:305-320.
[8]	England P, Loeser J.Para-Virtualized TPM Sharing[C]//1st International Conference on Trusted Computing and Trust in Information Technologies, Villach, Austria, 2008.
[9]	Sadeghi A R, stuble C, Winandy M. Property-Based TPM Virtualization[C]// 11th International Conference on Information Security, Taipei, Taiwan, 2008.
[10]	武越,刘向东. 涉密环境桌面虚拟化多级安全系统设计与实现[J]. 信息网络安全,2014,(9):101-104.
[11]	孙宇琼,宋成,辛阳等.可信虚拟平台中的双AIK签名机制[J],计算机工程,2011,(16):114-116.
[12]	金刚,郑志蓉,顾燕.虚拟化环境下的可信计算机制应用研究[J].舰船电子工程,2013,(5)::17-109.
[13]	段宁. 基于可信计算的带外网络存储虚拟化模型的实现[J].计算机光盘软件与应用,2013,(22):283-284.
[14]	蔡谊,左晓栋.面向虚拟化技术的可信计算平台研究[J].信息安全与通信保密,2013,(6):77-79.

[1]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[2]	Xiao WANG, Jun ZHAO, Jianbiao ZHANG. Research on Dynamic Monitoring Mechanism for Virtual Machine Based on Trusted Software Base [J]. Netinfo Security, 2020, 20(2): 7-13.
[3]	Jiameng BAI, Yingshuai KOU, Zeyi LIU, Daren ZHA. Docker-based RBAC Task Management System [J]. Netinfo Security, 2020, 20(1): 75-82.
[4]	Hongsheng WU. Intelligent Government System Based on Trusted Computing and UEBA [J]. Netinfo Security, 2020, 20(1): 89-93.
[5]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[6]	Wenli SHANG, Xiule ZHANG, Xianda LIU, Long YIN. Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network [J]. Netinfo Security, 2019, 19(4): 1-10.
[7]	Jin WANG, Xiao YU, Chang LIU, Bo ZHAO. A Remote Attestation Scheme for Intelligent Mobile Terminal Based on SDKey in Smart Grid Environment [J]. Netinfo Security, 2018, 18(7): 1-6.
[8]	LI Yue, JIANG Wei, JI Jiahua, DUAN Dezhong. Research on the Security Outsourcing Technology Based on Virtualization Platform [J]. 信息网络安全, 2018, 18(5): 82-88.
[9]	Yue LI, Wei JIANG, Jiahua JI, Dezhong DUAN. Research on the Security Outsourcing Technology Based on Virtualization Platform [J]. Netinfo Security, 2018, 18(5): 82-88.
[10]	Jianbiao ZHANG, Shisong YANG, Shanshan TU, Xiao WANG. Research on vTPCM Trust Management Technology for Cloud Computing Environment [J]. Netinfo Security, 2018, 18(4): 9-14.
[11]	Weijun ZHU, Yongwen FAN, Shaohuan BAN. A Mimic-automaton-based Model for the MSISDN Virtualization and Its Method for Verifying the Security [J]. Netinfo Security, 2018, 18(4): 15-22.
[12]	Jianbiao ZHANG, Zixiao ZHAO, Jun HU, Xiao WANG. The Design Framework of Reconfi gurable Virtual Root of Trust in Cloud Environment [J]. Netinfo Security, 2018, 18(1): 1-8.
[13]	Bo FAN, Runkai YANG, Lin LI. Research on Establish SSH-based Trusted Channels [J]. Netinfo Security, 2018, 18(1): 45-51.
[14]	ZHANG Jiawei, ZHANG Dongmei, HUANG Siqi. Design and Implementation of Anti APT Attack Trusted Software Base [J]. 信息网络安全, 2017, 17(6): 49-55.
[15]	Qiang HUANG, Gaojian WANG, Wenzhi MI, Lunwei WANG. Centralized and Unified Trusted Computing Platform Management Model and Its Application [J]. Netinfo Security, 2017, 17(4): 9-14.