An Approach to Data Sealing Based on Trusted Virtualization Platform

Wang Dan, Feng Dengguo, and Xu Zhen

Journal of Computer Research and Development > 2009 > 46(8): 1325-1333.

Wang Dan, Feng Dengguo, and Xu Zhen. An Approach to Data Sealing Based on Trusted Virtualization Platform[J]. Journal of Computer Research and Development, 2009, 46(8): 1325-1333.

Citation:

Wang Dan, Feng Dengguo, and Xu Zhen. An Approach to Data Sealing Based on Trusted Virtualization Platform[J]. Journal of Computer Research and Development, 2009, 46(8): 1325-1333.

Citation:

Wang Dan, Feng Dengguo, and Xu Zhen. An Approach to Data Sealing Based on Trusted Virtualization Platform[J]. Journal of Computer Research and Development, 2009, 46(8): 1325-1333.

PDF (928 KB)

An Approach to Data Sealing Based on Trusted Virtualization Platform

Wang Dan, Feng Dengguo, and Xu Zhen

(State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190) (National Engineering Research Center of Information Security,Beijing 100190)

More Information

Published Date: August 14, 2009

Graphical Abstract

Abstract

Abstract

In trusted computing platform, one of the most important features is the sealing functionality which can provide strong data security by combining datas encryption storage with the platform configuration. Data is sealed to the platform configuration, and the sealed data can only be unsealed and used normally when the platform configuration at unsealing is the same as it at sealing. However, the platform configuration changes frequently with hardware exchanges, software updates and system patches, which restricts the use of the sealing functionality heavily. Aiming at this limitation, the current solutions are improved to support configuration updates based on hardware or software, but they just consider the usage of sealed data on two platforms with different configurations and the same property, which even have no implementation at all. Furthermore, the trusted platform module (TPM) has heavy burden and the efficiency is very poor in these solutions. In order to solve the problem, an approach about data sealing storage based on trusted virtualization platform is presented, which introduces the concept of virtual PCR (vPCR) and security property, and utilizes the TPM to seal data with the security property of the system. Virtual machines configurations are stored in vPCRs, and their corresponding security properties will be dynamically stored into the PCR by turns before sealing or unsealing starts. The security properties are classified by the security levels. The sealing and unsealing operation must be performed according to the rule that sealed data can be successfully unsealed only if the security level of the security property when unsealing is not less than the security level of the security property when sealing. The approach can adapt to platform configurations frequent changes, and also can protect datas security in many virtual machines without being effected by configurations changes. The operation of the approach is simple. Through experiment, it is shown that the burden of the TPM is light and there is no evident decrease in efficiency compared with the former approach.
- trusted computing,
- trusted platform module (TPM),
- virtualization platform,
- data sealing,
- security property,
- security level

FullText(HTML)

References (0)

[1]	Fang Dongliang, Liu Puzhuo, Qin Chuan, Song Zhanwei, Sun Yuyan, Shi Zhiqiang, Sun Limin. Survey of Protocol Security of Industrial Control System[J]. Journal of Computer Research and Development, 2022, 59(5): 978-993. DOI: 10.7544/issn1000-1239.20211132
[2]	He Kewen, Zhang Jiachen, Liu Xiaoguang, Wang Gang. Fingerprint Search Optimization for Deduplication on Emerging Storage Devices[J]. Journal of Computer Research and Development, 2020, 57(2): 269-280. DOI: 10.7544/issn1000-1239.2020.20190543
[3]	Zeng Gaoxiong, Hu Shuihai, Zhang Junxue, Chen Kai. Transport Protocols for Data Center Networks: A Survey[J]. Journal of Computer Research and Development, 2020, 57(1): 74-84. DOI: 10.7544/issn1000-1239.2020.20190519
[4]	Yan Fang, Li Yuanzhang, Zhang Quanxin, Tan Yu’an. Object-Based Data De-Duplication Method for OpenXML Compound Files[J]. Journal of Computer Research and Development, 2015, 52(7): 1546-1557. DOI: 10.7544/issn1000-1239.2015.20140093
[5]	Cao Jian, Wang Xingwei, Zhang Jinhong, Huang Min. A Data Driven Cognitive Routing Protocol for Information-Centric Networking[J]. Journal of Computer Research and Development, 2015, 52(4): 798-805. DOI: 10.7544/issn1000-1239.2015.20148404
[6]	Li Chao, Wang Shupeng, Yun Xiaochun, Zhou Xiaoyang, Chen Ming. A Reading Performance Improvement Method in Deduplication Based on Pipeline[J]. Journal of Computer Research and Development, 2013, 50(1): 90-100.
[7]	Zong Ming, Wang Xiaodong, and Zhou Xingming. Cost-Optimizing Adaptive Location Service Protocol in MANET[J]. Journal of Computer Research and Development, 2012, 49(12): 2515-2528.
[8]	Fu Yinjin, Xiao Nong, and Liu Fang. Research and Development on Key Techniques of Data Deduplication[J]. Journal of Computer Research and Development, 2012, 49(1): 12-20.
[9]	Jin Hai, Luo Fei, Zhang Qin, and Zhang Hao. An Efficient Data Transfer Protocol for P2P-Based High Performance Computing[J]. Journal of Computer Research and Development, 2006, 43(9): 1543-1549.
[10]	Liu Yi, Pang Liaojun, and Wang Yumin. An Optimistic Payment Protocol Based on Mobile Agents[J]. Journal of Computer Research and Development, 2005, 42(10): 1686-1691.