A Method of Constructing the Model of Trusted Virtual Machine Migration

Shi Yuan; Zhang Huanguo; Wu Fusheng

doi:10.7544/issn1000-1239.2017.20170465

Journal of Computer Research and Development > 2017 > 54(10): 2284-2295. > DOI: 10.7544/issn1000-1239.2017.20170465 CSTR: 32373.14.issn1000-1239.2017.20170465

Shi Yuan, Zhang Huanguo, Wu Fusheng. A Method of Constructing the Model of Trusted Virtual Machine Migration[J]. Journal of Computer Research and Development, 2017, 54(10): 2284-2295. DOI: 10.7544/issn1000-1239.2017.20170465

Citation:

PDF (2949 KB)

A Method of Constructing the Model of Trusted Virtual Machine Migration

(School of Computer Science, Wuhan University, Wuhan 430072) (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

The security migration of virtual machines (VMs) is one of the important requirements to ensure the security of cloud environment. For trusted VMs that contain vTPM (virtual TPM), the security migration of vTPM is also need to consider. At present, there are some researches on the security migration of trusted VMs. However, due to the non-uniform model of trusted VMs, the solution of the migration model cannot be applied to all migration schemes, so there are some limitations that there are no uniform security model and test method for the migration of trusted VMs. Regarding the issues above and referring to the common security issues in virtual machine migration and the relevant specifications for trusted computing and cloud, we analysis the security requirements of trusted VMs. Based on the requirements analysis, we propose a migration framework of trusted VMs that abstracts the participation components of trusted migration and describes the key steps and states in the migration process. Then the labeled transition system (LTS) is used to model the behavior and security attributes of the trusted migration system, and we construct a dynamic state transition tree of migration system based on the model of migration components in the system. The migration model of the migration system is constructed based on the modeling of the process components. We prove that our model can be applied to the consistency test of trusted migration protocol, and the comparison with other related work shows that the model is more fully considering the security attributes in trusted migration.
- trusted virtual machine,
- virtual machine migration,
- security protocol,
- labeled transition system,
- security model

FullText(HTML)

References (0)

[1]	Xiong Xin, Tan Xin, Zhang Yuan. Kernel Refcount Bug Detection Based on the Consistency of Error Path Behavior[J]. Journal of Computer Research and Development, 2023, 60(7): 1489-1500. DOI: 10.7544/issn1000-1239.202220768
[2]	Zhao Xiaolei, Chen Zhaoyun, Shi Yang, Wen Mei, Zhang Chunyuan. Kernel Code Automatic Generation Framework on FT-Matrix[J]. Journal of Computer Research and Development, 2023, 60(6): 1232-1245. DOI: 10.7544/issn1000-1239.202330058
[3]	Hou Pengpeng, Zhang Heng, Wu Yanjun, Yu Jiageng, Tai Yang, Miao Yuxia. Kernel Configuration Infographic Based on Multi-Label and Its Application[J]. Journal of Computer Research and Development, 2021, 58(3): 651-667. DOI: 10.7544/issn1000-1239.2021.20200186
[4]	Yang Hongzhang, Yang Yahui, Tu Yaofeng, Sun Guangyu, Wu Zhonghai. Proactive Fault Tolerance Based on “Collection—Prediction—Migration—Feedback” Mechanism[J]. Journal of Computer Research and Development, 2020, 57(2): 306-317. DOI: 10.7544/issn1000-1239.2020.20190549
[5]	Zhang Liancheng, Wei Qiang, Tang Xiucun, Fang Jiabao. Path and Port Address Hopping Based SDN Proactive Defense Technology[J]. Journal of Computer Research and Development, 2017, 54(12): 2761-2771. DOI: 10.7544/issn1000-1239.2017.20160461
[6]	Yang Bo, Feng Dengguo, Qin Yu, Zhang Qianying, Xi Li, Zheng Changwen. Research on Direct Anonymous Attestation Scheme Based on Trusted Mobile Platform[J]. Journal of Computer Research and Development, 2014, 51(7): 1436-1445.
[7]	Tan Liang, Meng Weiming, Zhou Mingtian. An Improved Direct Anonymous Attestation Scheme[J]. Journal of Computer Research and Development, 2014, 51(2): 334-343.
[8]	Wang Yong, Fang Juan, Ren Xingtian, and Lin Li. Formal Verification of TCG Remote Attestation Protocols Based on Process Algebra[J]. Journal of Computer Research and Development, 2013, 50(2): 325-331.
[9]	Wang Qi'an and Chen Bing. Intrusion Detection System Using CVM Algorithm with Extensive Kernel Methods[J]. Journal of Computer Research and Development, 2012, 49(5): 974-982.
[10]	Huang Wei, Zhan Jianfeng, Fan Jianpin. DCFT-Kernel: A Fault-Tolerant Cluster Middleware Based on Group Service[J]. Journal of Computer Research and Development, 2005, 42(6): 993-999.