Research and Improvement on Constructing Method of A Trusted Virtualization Platform

doi:10.3969/j.issn.1671-1122.2015.01.001

Abstract

Abstract:

In order to reduce the size of the virtual trusted platform module (vTPM) instances and trusted computing base(TCB) of system software in virtual environment, and further to protect the confidentiality, integrity and security of the vTPM components, and solve the problem that the credibility boundariesare difficult to define under the traditional virtual trusted computing platform , this paper presents a new method and model to build credible virtual platform. Firstly, in order to prevent the attacks from malicious software and memory sniffer in Domain 0, the domain management tool of weak security in the user space of Xen privilege domain Domain 0 and the related components of vTPM are placed in a trusted domain Domain T. As the security services implementation framework above the Xen virtualization layer, Domain T can provide a higher level of security protection for the related components of vTPM. Secondly, by refactoring the management and the control application software with the privileges in Domain 0, the user space of Domain 0 is separated from the trusted computing base, and then the size of the trusted computing base of trusted virtual platform is reduced. Finally, a new trusted chain construction model based on the trusted virtual platform is designed and implemented. By comparing with the traditional trusted virtual platform, the system can effectively implement the integration of virtualization technology and trusted computing technology, and implement to run simultaneously multiple operating systems of different credible level on a physical platform, while guaranteeing each operating system having functions such as credible certification.

Key words: trusted platform module, trusted virtual execution environment, trusted computing base, trusted chain, trusted domain

CLC Number:

TP309

LI Hai-wei, FAN Bo, LI Wen-feng. Research and Improvement on Constructing Method of A Trusted Virtualization Platform[J]. Netinfo Security, 2015, 15(1): 1-5.

Figures/Tables 2

References 13

[1]	Trusted Computing Group.TPM Main Specification version1.2 [EB/OL]. , 2006.
[2]	Paul England, Jork Loeser.Para-Virtualized TPM Sharing[C]// Proceedings of the First international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing Challenges and Applications. Villach,Austria, 2008:119-132.
[3]	Ken Goldman kgold, Stefan Berger stefan. TPM Main Part 3 IBM Commands[EB/OL]. , 2005.
[4]	Berger S, Caceres R, Goldman K A. vTPM:virtualiz-ing the trusted platform module[C]//Proceedings of the 15th USENIX Security Symposium (USENIX Security 2006) ,2006.
[5]	Anderson M J, Moffie M, Dalton C I.Towards Trustworthy Virtualisation Environments: Xen Library OS Security Service Infrastructure[R]. HPL-2007-69, Hewlett-Packard Development Company, L.P., 2007.
[6]	Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy. Property-based TPM virtualization[C]//Proceedings of 11th International Conference (ISC 2008), 2008:1-16.
[7]	Frederic Stumpf,Claudia Eckert,Shane Balfe.Towards Secure E-Commerce Based on Virtualization and Attestation Techniques [C]// Proceedings of the Third International Conference on Availability,Reliability and Se-curity (ARES 2008), 2008: 376-382.
[8]	王丽娜,高汉军,余荣威. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报,2011,(9):1-8.
[9]	Bryan D Payne,Martim D.P.de A.Carbone,Wenke Lee. Secure and Flexible Monitoring of Virtual Machines[C]//Proc. of ACSAC’07, 2007.
[10]	沈昌祥,张焕国,王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学,2010,(40):139-166.
[11]	David Chisnall. The Definitive Guide to the Xen Hypervisor[EB/OL]. ,2007.
[12]	Derek G Murray, Grzegorz Milos, Steven Hand.Improving Xen Security through Disaggregation[C]// Proc.of VEE’08,2008,(08):151-160.
[13]	Kauer B.OSLO: Improving the Security of Trusted Computing[C]//Proceedings of the 16th USENIX Security Symposium. USENIX Association, 2007.