欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2011, Vol. 28 ›› Issue (5): 648-658.DOI: 10.7523/j.issn.2095-6134.2011.5.013

• 论文 • 上一篇    下一篇

TPM虚拟域安全模型

秦宇, 兰海波   

  1. 中国科学院软件研究所信息安全国家重点实验室, 北京 100080
  • 收稿日期:2010-09-01 修回日期:2010-10-17 发布日期:2011-09-15
  • 基金资助:

    国家科技支撑计划项目(2008BAH22B06)和中国科学院知识创新工程前沿项目(ISCAS2009-DR14,ISCAS2009-GR03)资助 

TPM security model for virtual domains

QIN Yu, LAN Hai-Bo   

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080, China
  • Received:2010-09-01 Revised:2010-10-17 Published:2011-09-15

摘要:

针对TPM访问控制机制无法直接应用于虚拟计算、云计算等环境的问题,重点分析TPM内部对象间依赖关系,并结合虚拟域的安全需求,建立TPM虚拟域安全模型.该模型对TPM对象的访问请求增加了虚拟域的完整性、机密性等安全约束,解决了多虚拟域环境下的TPM对象的创建、使用、销毁等问题.还进一步对该模型的安全规则进行了相关逻辑分析,并通过实际原型系统的测试,证明了TPM虚拟域安全模型的实施对可信虚拟平台的性能影响非常小.

关键词: TCG, TPM安全模型, 虚拟化, 虚拟域, 安全级

Abstract:

Considering that TPM access control mechanism can not be directly applied in virtualization computing, we build the security model for virtual domains based on the dependent relationships of TPM objects and the security requirements of the virtual domains. We add the security constraints of virtual domain, integrity and confidentiality, for the TPM objects' access requests in the model and solve the problems about TPM objects creation, usage, and destroy in multiple virtual domains. The logic analysis for the security rules in the model are further given in this paper. Through the tests on the prototype system, we show that the model has very small performance impact on trust virtualization platform.

Key words: TCG, TPM security model, virtualization, virtual domain, security level

中图分类号: