获取云中的虚拟机的完整性

2011 IEEE Third International Conference on Cloud Computing Technology and Science Pub Date : 2011-11-29 DOI:10.1109/CloudCom.2011.37

Aimin Yu, Yu Qin, Dan Wang

{"title":"获取云中的虚拟机的完整性","authors":"Aimin Yu, Yu Qin, Dan Wang","doi":"10.1109/CloudCom.2011.37","DOIUrl":null,"url":null,"abstract":"Infrastructure-as-a-service(IaaS) cloud provides the user the ability to use the computing resource of the cloud provider through renting a virtual machine(VM). At the same time it becomes an essential requirement for the user to verify the integrity of his VM. In this paper we designed and implemented TCG(trusted computing group)-based remote attestation for the Xen VM under the assumption that the trusted platform module(TPM) and hyper visor are secure and the privileged domain0 may be malicious. Firstly we realized load-time integrity measurement of the guest OS(operating system) kernel in the hyper visor directly and built the trust chain that is independent of the domain0. Secondly we realized the virtualized AIK(attestation identity key) and PCR(platform configuration register) that simulated the security functions of TPM AIK and PCR and supported VM migration, save and restore operations. Finally through the prototype implementation it is shown that the code complexity and the performance overhead are acceptable for the real system.","PeriodicalId":427190,"journal":{"name":"2011 IEEE Third International Conference on Cloud Computing Technology and Science","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Obtaining the Integrity of Your Virtual Machine in the Cloud\",\"authors\":\"Aimin Yu, Yu Qin, Dan Wang\",\"doi\":\"10.1109/CloudCom.2011.37\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Infrastructure-as-a-service(IaaS) cloud provides the user the ability to use the computing resource of the cloud provider through renting a virtual machine(VM). At the same time it becomes an essential requirement for the user to verify the integrity of his VM. In this paper we designed and implemented TCG(trusted computing group)-based remote attestation for the Xen VM under the assumption that the trusted platform module(TPM) and hyper visor are secure and the privileged domain0 may be malicious. Firstly we realized load-time integrity measurement of the guest OS(operating system) kernel in the hyper visor directly and built the trust chain that is independent of the domain0. Secondly we realized the virtualized AIK(attestation identity key) and PCR(platform configuration register) that simulated the security functions of TPM AIK and PCR and supported VM migration, save and restore operations. Finally through the prototype implementation it is shown that the code complexity and the performance overhead are acceptable for the real system.\",\"PeriodicalId\":427190,\"journal\":{\"name\":\"2011 IEEE Third International Conference on Cloud Computing Technology and Science\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE Third International Conference on Cloud Computing Technology and Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudCom.2011.37\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE Third International Conference on Cloud Computing Technology and Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudCom.2011.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

基础设施即服务(IaaS)云使用户能够通过租用虚拟机(VM)来使用云提供商的计算资源。同时，验证其虚拟机的完整性成为用户的基本要求。本文在可信平台模块(TPM)和hypervisor是安全的，特权域0可能是恶意的前提下，设计并实现了基于TCG(可信计算组)的Xen虚拟机远程认证。首先，我们直接在hypervisor中实现了客户机OS(操作系统)内核的加载时完整性度量，并构建了独立于domain的信任链。其次，我们实现了虚拟化的AIK(认证身份密钥)和PCR(平台配置寄存器)，模拟了TPM AIK和PCR的安全功能，并支持VM迁移、保存和恢复操作。最后通过原型实现表明，代码复杂度和性能开销对于实际系统是可以接受的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Obtaining the Integrity of Your Virtual Machine in the Cloud

Infrastructure-as-a-service(IaaS) cloud provides the user the ability to use the computing resource of the cloud provider through renting a virtual machine(VM). At the same time it becomes an essential requirement for the user to verify the integrity of his VM. In this paper we designed and implemented TCG(trusted computing group)-based remote attestation for the Xen VM under the assumption that the trusted platform module(TPM) and hyper visor are secure and the privileged domain0 may be malicious. Firstly we realized load-time integrity measurement of the guest OS(operating system) kernel in the hyper visor directly and built the trust chain that is independent of the domain0. Secondly we realized the virtualized AIK(attestation identity key) and PCR(platform configuration register) that simulated the security functions of TPM AIK and PCR and supported VM migration, save and restore operations. Finally through the prototype implementation it is shown that the code complexity and the performance overhead are acceptable for the real system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 IEEE Third International Conference on Cloud Computing Technology and Science

自引率

0.00%

发文量