云环境下国产可信根TCM虚拟化方案研究  

Research on virtualization scheme of domestic trusted root TCM in cloud environment

在线阅读下载全文

作  者:赵军 王晓 Zhao Jun;Wang Xiao(School of Mathematics Information Science,Zhangjiakou University,Zhangjiakou 075000,China;Institute of Science and Technology,Tianjin University of Finance and Economics,Tianjin 300222,China)

机构地区:[1]张家口学院数学与信息科学学院,河北张家口075000 [2]天津财经大学理工学院,天津300222

出  处:《信息技术与网络安全》2020年第6期44-48,67,共6页Information Technology and Network Security

基  金:河北省教育厅科技项目(Z2017158)。

摘  要:将可信计算技术应用于云计算环境中是保证云安全的有效途径。针对国产可信计算的可信根可信密码模块(Trusted Cryptography Module,TCM)只适用于单机平台,无法为多虚拟机的云平台提供安全可信性保障的问题,对TCM的虚拟化方案进行研究,构建云可信根(Cloud TCM,C-TCM)架构。在C-TCM物理环境内部构造宿主可信根和虚拟可信根,分别为物理宿主机和虚拟机提供可信服务,同时在虚拟机监视器层部署虚拟可信根管理机制,实现虚拟可信根对C-TCM硬件资源的共享。该方案可有效保证云平台的安全可信性。Applying trusted computing technology to cloud environment is an effective way to ensure cloud security. The trusted cryptography module (TCM) of domestic trusted computing is suitable for single platform, but can not provide secu-rity and credibility guarantee for cloud platform with multi virtual machines. Aiming at this problem, the virtualization scheme of TCM is studied, and the architecture of cloud TCM (C-TCM) is constructed. In the physical environment of C-TCM, host trusted root and virtual trusted root are constructed, which provide trusted services for physical host and virtual machine respectively. At the same time, virtual trusted root management mechanism is deployed in the virtual ma-chine monitor layer to realize the resources sharing of C-TCM hardware. This scheme can effectively guarantee the secu-rity and credibility of the cloud platform.

关 键 词:云安全 可信计算 可信密码模块TCM虚拟化 云可信根C-TCM架构 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象