Research on vTPCM Trust Management Technology for Cloud Computing Environment

doi:10.3969/j.issn.1671-1122.2018.04.002

Abstract

Abstract:

With the continuous expansion of cloud computing technology, its security issues have been worried about. In the face of the urgent need to solve the cloud computing security issues, the Trusted Computing TPCM-based dual-system architecture enables the provision of proactive immune trusted security mechanisms for each virtual machine on the cloud computing platform, thus preventing the cloud environment virtual machine technology-related security issues. However, this paper first puts forward the overall architecture of managing vTPCM instances, which aims at solving the management of the lifecycle of vTPCM instance and virtual machine. Then, the paper analyzes the vTPCM instance and the virtual machine lifecycle, This paper proposes a management scheme based on Trusted Computing to solve the problem of lifecycle synchronization in virtual machine migration process and the mapping between virtual machine accesses vTPCM instance and physical machine access TPCM, so as to effectively improve the association between vTPCM and virtual machine.

Key words: cloud computing, trusted computing, vTPCM management, VM migration, strong association

CLC Number:

TP309

Jianbiao ZHANG, Shisong YANG, Shanshan TU, Xiao WANG. Research on vTPCM Trust Management Technology for Cloud Computing Environment[J]. Netinfo Security, 2018, 18(4): 9-14.

Figures/Tables 3

References 14

[1]	CHAWLA V, SOGANI P.Cloud Computing-The Future[J]. 2011(169):113-118.
[2]	QING Sihan.Security Protection of Critical Infrastructure[J]. Netinfo Security,2015(2):1-6.
	卿斯汉. 关键基础设施安全防护[J]. 信息网络安全,2015(2):1-6.
[3]	CHEN Danwei, SHAO Ju, FAN Xiaowei, et al.MAH-ABE Based Privacy Access Control in Cloud Computing[J]. Acta Electronia Sinica, 2014,42(4):821-827.
	陈丹伟, 邵菊, 樊晓唯,等. 基于MAH-ABE的云计算隐私保护访问控制[J]. 电子学报, 2014,42(4):821-827.
[4]	Trusted Computing Group. TCG Specification Architecture Overview Specification, Revision1.4[EB/OL]., 2017-11-1.
[5]	ZHANG Jianbiao, ZHAO Zixiao, HU Jun, et al.The Design Framework of Reconfigurable Virtual Root of Trust in Cloud Environment[J]. Netinfo Security, 2018(1): 1-8.
	张建标, 赵子枭, 胡俊, 等. 云环境下可重构虚拟可信根的设计框架[J]. 信息网络安全, 2018(1): 1-8.
[6]	DING Yan, WANG Huaimin SHI Peichang, et al. Trusted Cloud Service[J]. Chinese Journal of Computers, 2015, 38(1):133-149.
	丁滟, 王怀民, 史佩昌, 等. 可信云服务[J]. 计算机学报, 2015, 38(1):133-149.
[7]	WEN Weiping, GUO Ronghua, MENG Zheng, et al.Research and Implementation on Information Security Risk Assessment Key Technology[J]. Netinfo Security, 2015 (2): 7-14.
	文伟平,郭荣华,孟正,等. 信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015(2):7-14.
[8]	HOSSEINZADEH S, LAURÉN S, LEPPÄNEN V. Security in Container-based Virtualization through vTPM[C] // IEEE. International Conference on Utility and Cloud Computing, November 16-18, Zhangjiajie, China. New York: IEEE, 2017:214-219.
[9]	WAN X, XIAO Z, REN Y.Building Trust into Cloud Computing Using Virtualization of TPCM[C] //IEEE. 2012 Fourth International Conference on Multimedia Information Networking and Security (MINES), November 2, Nanjing, China. New York: IEEE, 2012:59-63.
[10]	HU Jun, SHEN Changxiang, GONG Bei, et al.Trusted Computing 3.0 Engineering Fundamentals[M]. Beijing: The People's Posts and Telecommunications Press, 2017.
	胡俊,沈昌祥,公备,等. 可信计算3.0工程初步[M]. 北京:人民邮电出版社,2017.
[11]	IBM. IBM's Software Trusted Platform Module(TPM)[EB/OL]. .
[12]	STUMPF F, ECKERT C.Enhancing Trusted Platform Modules with Hardware-based Virtualization Techniques[C] // IEEE. SECURWARE'08 Second International Conference on Emerging Security Information, Systems and Technologies, August 25, 2008, New York, USA. New York: IEEE, 2008:1-9.
[13]	ENGLAND P, LOESER J.Para-virtualized TPM Sharing[C] // IEEE. 11th Information Security Conference, March 11-12, 2008, Villach, Austria. Berlin Heidelberg: Springer, 2008: 119-132.
[14]	SADEGHI A R, STÜBLE C, WINANDY M. Property-based TPM Virtualization[J]. Information Security, 2008(1):1-16.

[1]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[2]	Yuan LIU, Wei QIAO. Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment [J]. Netinfo Security, 2020, 20(3): 36-44.
[3]	Xiao WANG, Jun ZHAO, Jianbiao ZHANG. Research on Dynamic Monitoring Mechanism for Virtual Machine Based on Trusted Software Base [J]. Netinfo Security, 2020, 20(2): 7-13.
[4]	Jiameng BAI, Yingshuai KOU, Zeyi LIU, Daren ZHA. Docker-based RBAC Task Management System [J]. Netinfo Security, 2020, 20(1): 75-82.
[5]	Hongsheng WU. Intelligent Government System Based on Trusted Computing and UEBA [J]. Netinfo Security, 2020, 20(1): 89-93.
[6]	Liangqin REN, Wei WANG, Qiongxiao WANG, Linli LU. A New Cloud Cryptographic Computing Platform Architecture and Implementation [J]. Netinfo Security, 2019, 19(9): 91-95.
[7]	Yi YU, Liangshuang LV, Xiaojian LI, Tianbo WANG. Dynamic Network Topology Description Language for Mobile Cloud Computing Scenario [J]. Netinfo Security, 2019, 19(9): 120-124.
[8]	Zixuan WANG, Liangshuang LV, Xiaojian LI, Tianbo WANG. A Shared Storage-based Virtual Machine Application Distribution Strategy for OpenStack [J]. Netinfo Security, 2019, 19(9): 125-129.
[9]	Yanpeng CUI, Luming FENG, Zheng YAN, Huaqing LIN. Research on Software Security Model of Cloud Computing Based on Program Slicing Technology [J]. Netinfo Security, 2019, 19(7): 31-41.
[10]	Xinrui GE, Wei CUI, Rong HAO, Jia YU. Verifiable Keywords Ranked Search Scheme over Encrypted Cloud Data [J]. Netinfo Security, 2019, 19(7): 82-89.
[11]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[12]	Wenli SHANG, Xiule ZHANG, Xianda LIU, Long YIN. Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network [J]. Netinfo Security, 2019, 19(4): 1-10.
[13]	Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG. A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning [J]. Netinfo Security, 2019, 19(4): 11-19.
[14]	Pu ZHAO, Wei CUI, Rong HAO, Jia YU. A Secure Outsourcing Computation Scheme for El-Gamal Signature Generation [J]. Netinfo Security, 2019, 19(3): 81-86.
[15]	Zhenfeng ZHANG, Zhiwen ZHANG, Ruichao WANG. Model of Cloud Computing Security and Compliance Capability for Classified Protection of Cybersecurity 2.0 [J]. Netinfo Security, 2019, 19(11): 1-7.