基于无干扰理论的虚拟机可信启动研究  

作　　者：黄浩翔 张建标 袁艺林 王晓 HUANG Hao-Xiang;ZHANG Jian-Biao;YUAN Yi-Lin;WANG Xiao(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;Beijing Key Laboratory of Tusted Computing,Beijing 100124,China;School of Science and Technology,Tianjin University of Finance and Economics,Tianjin 300222,China)

机构地区：[1]北京工业大学信息学部,北京100124 [2]可信计算北京市重点实验室,北京100124 [3]天津财经大学理工学院,天津300222

出　　处：《软件学报》2023年第6期2959-2978,共20页Journal of Software

基　　金：北京市自然科学基金(M21039);国防科研试验信息安全实验室基础研究项目(2017XXAQ09)。

摘　　要：云计算作为一种新型高价值计算系统,目前被广泛应用于各行业领域;等保2.0中也提出了对其应用主动免疫可信计算技术进行动态可信验证的要求.云计算模式下,虚拟机作为用户使用云服务的直接载体,其可信启动是虚拟机运行环境可信的基础.但由于虚拟机以进程的形式运行在物理节点上,其启动过程呈现出高动态性,且多虚拟机域间存在非预期干扰等特点;而现有的虚拟机可信启动方案存在虚拟机启动过程的动态防护性不足、缺乏多虚拟域间非预期干扰性排除等问题.针对上述问题,提出一种基于无干扰理论的虚拟机可信启动研究方案.首先,基于无干扰理论,提出了虚拟机进程的运行时可信定理;进一步地,给出了虚拟机可信启动的定义并证明了虚拟机可信启动判定定理.其次,依据虚拟机可信启动判定定理,基于系统调用设计监测控制逻辑,对虚拟机启动过程进行主动动态度量与主动控制.实验结果表明所提方案能够有效排除复杂云环境下多虚拟机间非预期干扰,保证虚拟机启动过程的动态可信性,且性能开销较小.As a new type of high-value computing system,cloud computing has been widely used in various industries fields.Classified protection 2.0 also puts forward the requirement of dynamic trust verification for its application of active immune trusted computing technology.In the cloud computing mode,the virtual machine is the direct carrier for users to use cloud services,and its trusted startup is the basis for the trustworthiness of the virtual machine operating environment.However,since the virtual machine runs on the physical node in the form of process,its characteristics of startup process are high dynamic and unexpected interference between multiple virtual machine domains.But the existing trusted startup schemes of virtual machine have problems such as insufficient dynamic protection during virtual machine startup process and lack of elimination of unexpected interference between multiple virtual domains.To solve the above problems,this study proposes a scheme that research on trusted startup of virtual machine based on non-interference theory.Firstly,based on the non-interference theory,the run-time trusted theorem of virtual machine process is proposed.In addition,the definition of trusted launch of virtual machine is given and the judgement theorem of trusted boot of virtual machine is well proved.Then,according to the trusted startup theorem of virtual machine,the monitoring and control logic is designed based on system call,and the virtual machine startup process is actively measured and controlled.Finally,the experimental evaluation shows that the proposed scheme can effectively eliminate the unexpected interference between multiple virtual machines in complex cloud environment,ensure the dynamic credibility of virtual machine startup process,and greatly reduce the performance overhead.

关 键 词：无干扰理论 虚拟机进程 可信启动 动态可信 主动度量 主动控制 

分 类 号：TP316[自动化与计算机技术—计算机软件与理论]