论文部分内容阅读
针对大多数现有技术主要依据可信硬件来保护虚拟机(VM,virtual machine)运行平台的安全,而缺乏对VM安全存储和可信启动保护的问题,提出了一种解决在云平台基础设施服务策略(IaaS,Infrastructure as a Service)下VM的安全存储和可信启动(SSTL,secure storage and trusted launch)方案.根据可信平台模块(TPM,trusted platform module)的一些核心功能,分别从VM镜像加解密、VM宿主平台信息的远程证明和VM度量机制来保证VM存储安全、VM运行环境的安全以及VM可信启动.实验测试与分析表明该系统能够防止非授权启动VM,并能检测针对VM的系统服务描述符表(SSDT,system services descriptor table)以及Kernel Module等系统核心模块攻击.并且对原有系统的性能损耗在允许范围之内,不影响用户的正常使用.
In view of the fact that most of the existing technologies mainly rely on trusted hardware to protect the running platform of a virtual machine (VM) and lack the safe storage and credible activation protection of the VM, a solution is proposed to solve the problem that the cloud platform infrastructure According to some core functions of the Trusted Platform Module (TPM), VMs are stored in VMs (VMs) under VMs (IaaS, Infrastructure as a Service) Mirroring and decryption, remote verification of VM host platform information and VM metric mechanism to ensure the safety of VM storage, VM operating environment and VM trusted start-up.Experimental testing and analysis show that the system can prevent unauthorized start VM, and can detect VM system service descriptor table (SSDT) and kernel module such as Kernel Module, and the performance loss of the original system is within the allowable range without affecting the normal use of the user.