ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (10): 2284-2295.doi: 10.7544/issn1000-1239.2017.20170465

• 信息安全 • 上一篇    下一篇

一种可信虚拟机迁移模型构建方法

石源,张焕国,吴福生   

  1. (武汉大学计算机学院 武汉 430072) (空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉 430072) (yuanshi@whu.edu.cn)
  • 出版日期: 2017-10-01
  • 基金资助: 
    国家自然科学基金项目(61332019);国家“九七三”重点基础研究发展计划基金项目(2014CB340601);国家“八六三”高技术研究发展计划基金项目(2015AA016002)

A Method of Constructing the Model of Trusted Virtual Machine Migration

Shi Yuan, Zhang Huanguo, Wu Fusheng   

  1. (School of Computer Science, Wuhan University, Wuhan 430072) (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072)
  • Online: 2017-10-01

摘要: 虚拟机的安全迁移是保障云环境安全可信的重要需求之一.对于包含虚拟可信平台模块(virtual TPM, vTPM)的可信虚拟机,还需要考虑vTPM的安全迁移问题.目前,已有一些针对可信虚拟机的安全迁移的研究,但是由于研究可信虚拟机的模型不统一,导致迁移模型解决问题的方案不能适用所有的迁移方案,存在一定的局限性.针对可信虚拟机的迁移缺乏统一的安全模型及测试方法的问题,参考虚拟机迁移中普遍存在的安全问题以及可信计算和云的相关规范,从整体系统层面对可信虚拟机的迁移进行安全需求分析;提出一种可信虚拟机迁移框架,将可信迁移的参与组件进行了抽象并描述了迁移协议中的关键步骤和状态;以标号迁移系统LTS为操作语义描述工具对可信迁移系统进行进一步的描述,以系统中迁移进程组件的建模为基础构建出动态的迁移系统状态迁移树;分析了LTS模型可以用于可信迁移协议的一致性测试,并通过与其他相关工作的比较说明了模型在考虑安全属性方面的完备性.

关键词: 可信虚拟机, 虚拟机迁移, 安全协议, 标号迁移系统, 安全模型

Abstract: The security migration of virtual machines (VMs) is one of the important requirements to ensure the security of cloud environment. For trusted VMs that contain vTPM (virtual TPM), the security migration of vTPM is also need to consider. At present, there are some researches on the security migration of trusted VMs. However, due to the non-uniform model of trusted VMs, the solution of the migration model cannot be applied to all migration schemes, so there are some limitations that there are no uniform security model and test method for the migration of trusted VMs. Regarding the issues above and referring to the common security issues in virtual machine migration and the relevant specifications for trusted computing and cloud, we analysis the security requirements of trusted VMs. Based on the requirements analysis, we propose a migration framework of trusted VMs that abstracts the participation components of trusted migration and describes the key steps and states in the migration process. Then the labeled transition system (LTS) is used to model the behavior and security attributes of the trusted migration system, and we construct a dynamic state transition tree of migration system based on the model of migration components in the system. The migration model of the migration system is constructed based on the modeling of the process components. We prove that our model can be applied to the consistency test of trusted migration protocol, and the comparison with other related work shows that the model is more fully considering the security attributes in trusted migration.

Key words: trusted virtual machine, virtual machine migration, security protocol, labeled transition system, security model

中图分类号: