CN103501303A - Active remote attestation method for measurement of cloud platform virtual machine - Google Patents
Active remote attestation method for measurement of cloud platform virtual machine Download PDFInfo
- Publication number
- CN103501303A CN103501303A CN201310474995.0A CN201310474995A CN103501303A CN 103501303 A CN103501303 A CN 103501303A CN 201310474995 A CN201310474995 A CN 201310474995A CN 103501303 A CN103501303 A CN 103501303A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- metric
- remote proving
- server
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an active remote attestation method for the measurement of a cloud platform virtual machine. The active remote attestation method comprises the active operation process of a remote attestation client-side and the server trusted authentication process of a cloud management side, wherein static measurement is carried out after the cloud platform virtual machine is started, periodic dynamic measurement is carried out after running, active remote attestation is carried out after measurement is finished, and measurement values and measurement reports are obtained by the cloud management side and then the measurement values are compared with reference values to authenticate whether the state of the virtual machine is changed or not. The traditional passive remote attestation method is changed by the method, the remote attestation client-side is actively triggered by a measurement module, the measurement results are sent to the cloud management server side in real time, and the measurement values do not need to be stored in a PCR of a TPM, so that a remote attestation problem about the dynamic varied measurement and the regular dynamic measurement of the virtual machine in the cloud platform is solved.
Description
Technical field
The invention belongs to field of information security technology, is a kind of remote certification method detected for the virtual machine trusted status.
Background technology
Credible calculating platform provides the function that external entity is proved, is called remote proving.Credible calculating platform has three trusted roots, respectively credible tolerance root, trusted storage root and credible report root, support credible tolerance, trusted storage and three Core Features of credible report, the existence of these three Core Features, make credible calculating platform to report platform identity and platform status to external entity, remote proving is the extension of credible report concept in essence.
Remote proving is that platform is done to comprehensive tolerance, to remote communication party proof self-operating environment, is believable.Remote proving is the process that a comprehensive completeness check and identity are differentiated, provides a believable platform status report to the verifier simultaneously.TPM is the trusted root of report, can guarantee current integrity measurement value is done to believable report.
At present, remote proving is all realized by the remote proving agreement.A platform (challenger) sends message and a random number of a challenge proof to a platform (certifier), require to obtain one or more PCR(platform configuration register) value is in order to verified certifier's platform status.The certifier utilizes AIK(authentication certificate) the PCR value of challenger's appointment is signed after, metrics logs list item corresponding to affix sends to the challenger together with the AIK certificate.The challenger verified the proof value, and proof procedure comprises according to metrics logs and recalculates cryptographic Hash, the AIK certificate is verified, and signature value and desired value are mated to three steps.
Under cloud computing platform, compare with traditional remote proving and have two problems for the remote proving of virtual machine state: 1, the number of virtual machine is uncertain.In the cloud platform, a station server can move a plurality of virtual machines according to different hardware configuration, and quantity is uncertain.Yet a station server only has a TPM(credible platform module in general) chip, and the PCR quantity of TPM is limited, usually only has at most 24.Therefore, traditional remote certification method writes metric in the PCR of TPM, and the checking with trusted status of then signing can't meet the dynamic telescopic demand of virtual platform.2, the dynamic measurement of virtual machine needs remote proving initiatively.In the cloud platform, credible for verifying virtual machines, need to carry out to virtual machine the remote proving of Static and dynamic.Traditional remote proving agreement, by the client of the server end challenge remote proving of remote proving, after client is received the remote proving request, sends to the remote proving server end by the metric in PCR and tolerance report after the TPM signature.This method can't adapt to the remote proving of the dynamic measurement of virtual machine.Because the dynamic measurement of virtual machine is clocked flip normally, for example 5 minutes tolerance once.Therefore, under cloud platform distributed environment, the server end of remote proving is difficult to sync client and carries out credible checking to send the remote proving request.
Remote proving for the cloud platform, remote proving agreement to TCG in document [1 ~ 3] has been carried out safe enhancing, document [4,5] a kind of cloud computing remote certification method based on attribute has been proposed, document [6 ~ 9] has been studied Host that in the cloud platform, virtual machine moves and credible tolerance and the remote proving mechanism of virtual machine manager (VMM), but above-mentioned research work on Protocol Design due to the dynamic measurement that reckons without virtual machine, therefore remote proving still adopts server end to send request to client, then the passive remote proving mode of the response of client.The present invention is directed to the credible checking of virtual machine in the cloud platform, proposed a kind of active remote identification protocol for cloud platform virtual machine dynamic measurement.
Related documents: [1] Liu Fagui, Zhang Xiaojie, Yang Yang, Wang Liangming. a kind of remote certification method based on cloud computing IaaS environment. South China Science & Engineering University, 2013. [2] Yang Yang. research and the design of the remote proving based on cloud computing IaaS environment. South China Science & Engineering University, 2012.[3] Marvin's is beautiful. the remote proving of credible cloud platform. Institutes Of Technology Of Taiyuan, 2011. [4] Xin Siyuan, Zhao Yong, Lin Li, Wang Xiaohai. method of proof research that the Iaas environment is credible [J]. computer engineering, 2012. [5] Wu fruits, Xin Siyuan. computing platform remote proving [J] microcomputer information that facing cloud calculates, 2012. [6] Santos N.Gummadi, K.P. Rodrigues R.Towards Trusted Cloud Computing. In:Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud2009. USENIX Association, Berkeley (2009). [7] Schiffman, J. Moyer, T. Vijayakumar, H. Jaeger, T. McDaniel, P. SeedingClouds With Trust Anchors. In:Proceedings of the, ACM Workshop on CloudComputing Security, CCSW 2010, pp. 43 – 46. ACM, New York (2010). [8] Aslam M. Gehrmann C. RasmussonL. Bjorkman M. Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud-An Enterprise ' s Perspective. In:Leymann, F. Ivanov, I. van Sinderen, M., Shan, T. (eds.) CLOSER, pp. 511 – 521. SciTePress (2012). [9] Paladi N.Gehrmann C.Aslam M.Morenius F.TrustedLaunch of Virtual Machine Instancesin Public IaaS Environments.In:T.Kwon, M.-K.Lee, and D. Kwon (E d s.): ICISC 2012, LNCS 7839, pp.309 – 323, 2013.
Summary of the invention
For the problems referred to above, the present invention proposes a kind of active remote method of proof for cloud platform virtual machine tolerance.
Technical scheme of the present invention is a kind of active remote method of proof for cloud platform virtual machine tolerance, after the server of cloud management end selects computing node to set up virtual machine, set up the remote proving client in the host operating system of computing node, initiatively trigger the remote proving client by the tolerance result of virtual machine and carry out remote proving, to measure the server that the gained metric sends to the cloud management end in real time, without metric being kept in the PCR of TPM; Implementation procedure comprises the credible proof procedure of server of remote proving client associative operation process and cloud management end,
Described remote proving client associative operation process implementation is as follows,
After the virtual machine of cloud platform is measured by the virtual machine manager vacuum metrics module of computing node at every turn, initiatively trigger the remote proving client by transmission metric and metrics logs and carry out remote proving, described tolerance comprises static state tolerance and the rear periodically dynamic measurement of virtual machine operation after virtual machine activation; After the remote proving client is received metric and metrics logs, by the UUID of host name and virtual machine, read out and send to the server of cloud management end from metrics logs, to the server request random number; Server is received the UUID of host name and virtual machine, for this virtual machine generates a random number, and sends to the remote proving client; After the remote proving client is received random number, at first, metric is carried out to the iteration Hash and obtain final hash value, then with the signature private key in TPM, cryptographic Hash is signed, obtain the signature value; Then, generate an integrity report, the essential information of random number, metric, cryptographic Hash, signature value and virtual machine is inserted in integrity report; Finally, integrity report and metrics logs are sent to the cloud management server;
The credible proof procedure of the server of described cloud management end is achieved as follows,
After server receives integrity report and metrics logs, each data item in integrity report is parsed at every turn, at first check random number; Then recalculate Hash, the checking cryptographic Hash; Take out again the public signature key certifying signature; Giving tacit consent to primary metric is baseline value, and afterwards each metric and baseline value are compared, and when metric equals baseline value, the result is that virtual machine is credible, otherwise is insincere.
And, when the result is virtual machine when insincere, search the metrics logs that this virtual machine is corresponding, iteration Hash again, computing metric, find out the assembly of makeing mistakes.
Method provided by the present invention is carried out integrity measurement to virtual machine when cloud platform virtual machine start-up and operation, after having measured, carry out remote proving initiatively, after the value and tolerance report of authentication module acquisition tolerance that the cloud management end is credible, by the contrast with baseline value, whether the state of verifying virtual machines is tampered.The method has changed traditional passive type remote certification method, initiatively trigger the remote proving client by virtual machine dynamic measurement module and carry out remote proving, to measure in real time result and send to cloud management server end, without metric is kept in the PCR of TPM, thereby virtual machine dynamically changeable in above-mentioned cloud platform and the remote proving problem of dynamic measurement have regularly been solved.Technical scheme of the present invention has following advantage:
(1) there is not the PCR the inside in the metric of virtual machine, because general TPM chip the inside only has 24 PCR, and the actual virtual machine quantity of using is dynamically changeable, therefore can't utilize the PCR storage metric of TPM, so the present invention directly sends to the remote proving client by metric after the TPM signature.
(2) there is not this locality in the metrics logs of virtual machine with document form, prevents that log information from revealing, and directly metrics logs is sent to the remote proving client with the form of character stream.
(3) because a plurality of clients are arranged, therefore multiple host and a plurality of virtual machine are arranged, so we identify different main frames by host name, with the UUID of virtual machine, identify different virtual machines.Each integrity report and the metrics logs some virtual machines on can corresponding a certain main frame.
(4) first outside TPM, in the face of metric, make Hash, then in TPM, cryptographic Hash is signed.
(5) create a pair of signature key for each main frame, signature private key is used for signing in TPM, public signature key is encrypted with the PKI of server end, and by the KMC of public signature key ciphertext presence server end, KMC is equivalent to a trusted third party.When server needs certifying signature, public signature key is taken out to use from KMC.
The accompanying drawing explanation
Fig. 1 is the scene graph of the embodiment of the present invention.
Fig. 2 is the flow chart of the embodiment of the present invention.
Fig. 3 is reference implementation frame diagram of the present invention.
embodiment
Describe technical solution of the present invention in detail below in conjunction with drawings and Examples.
During virtual machine activation, virtual machine, to the static tolerance of self platform status work, triggers remote proving, forms also checking of integrity report.As shown in Figure 1, scene description is as follows for the virtual machine remote proof application scenarios figure of embodiment:
(1) virtual machine is used in the application of user Xiang Yun platform management end, and cloud platform management end generally adopts server technology to realize, the cloud management server is provided.During concrete enforcement, cloud management server operated by rotary motion has Virtual Machine Manager part, cipher key center, trust data center and credible verification portion.
(2), after cloud platform management end receives that the user asks, a selected computing node, as main frame, starts a virtual machine for the user on main frame.During concrete enforcement, generally by the Virtual Machine Manager of cloud management server, partly realized.
(3) metric module when virtual machine activation, the VMM(virtual machine manager of place computing node) is carried out static state tolerance to the start-up loading item of virtual machine.After virtual machine activation, the running status of virtual machine is carried out to periodic dynamic measurement.After each Static and dynamic tolerance finishes, trigger immediately the remote proving client in Domain 0 (host operating system).The tolerance result comprises metric and metrics logs.The remote proving client is for signing to metric and sending metric to cloud management end server.During concrete enforcement, the remote proving client can be realized according to software engineering by those skilled in the art, in Domain 0, corresponding program is set.On computing node, for after the user starts virtual machine, Domain 0 can set up the remote proving client.
(4) the remote proving client starts to carry out remote proving, comprises and utilizes TPM to be signed the tolerance result, forms integrity report, and integrity report is sent to the cloud management server.
(5) the cloud management server carries out credible checking, comprises the PKI that obtains this computing node from cipher key center, with the signature of checking tolerance result, and with trust data in the heart the baseline value of storage contrasted, thereby judge that whether this virtual machine credible.Finally, by result feedback to keeper and user.During concrete enforcement, generally the credible verification portion by the cloud management server realizes.
The present invention improves the remote proving mode, and as shown in Figure 2, idiographic flow is as follows for the virtual machine remote proof flow chart of embodiment:
The whole process of remote proving can be divided into two parts, and the one, in the operation of remote proving client, the 2nd, the credible checking of server.
(1) remote proving client
After virtual machine activation tolerance, metric and metrics logs are sent to the remote proving client in Domain 0.The remote proving client is received metric and metrics logs, by the general unique identifier of the UUID(of host name and virtual machine) from daily record, read out, can send to server by Web Service, to the server request random number.Server is received the UUID of host name and virtual machine, for this virtual machine generates a random number, and sends to the remote proving client.The effect of random number is to prevent Replay Attack.After the remote proving client is received random number, metric is carried out to Hash (HASH) and obtain cryptographic Hash, then with the signature private key in TPM, cryptographic Hash is signed, obtain the signature value.Can generate the integrity report of an XML form, the essential information of random number, metric, cryptographic Hash, signature value and virtual machine is inserted in integrity report.Finally, the remote proving client can send to the cloud management server by integrity report and metrics logs by Web Service.The essential information of virtual machine generally comprises the essential informations such as the UUID, OS type (OS Type) of virtual machine.
(2) credible checking
After server receives integrity report and metrics logs at every turn, each data item in the integrity report of XML form is parsed.At first check random number; Then recalculate Hash, the checking cryptographic Hash; Again public signature key is taken out to certifying signature, while specifically implementing, the public signature key keeping, in cloud management end cipher key center, can therefrom be taken out; Giving tacit consent to primary metric is baseline value, and afterwards each metric and baseline value are compared, and finally draws the result, and the result is presented on interface.When metric equals baseline value, the result is that virtual machine is credible, otherwise is insincere.Once it is insincere that the effect of metrics logs is virtual machine, search the metrics logs that this virtual machine is corresponding, find out which assembly and make mistakes.
During concrete enforcement, can carry out Module Division to system, so that the software realization, for example virtual machine remote shown in Fig. 3 proves implementation framework, and the remote proving system has 6 modules, and their function is as follows:
(1) virtual machine metric module: be responsible for, after virtual machine activation, it is carried out to Static and dynamic tolerance, can be with reference to prior art
(2) virtual machine initiation module: be responsible for triggering remote proving
(3) remote proving respond module: be responsible for starting remote proving and form integrity report.After the remote proving respond module is received metric and metrics logs, just start to carry out remote proving, generate integrity report, integrity report and metrics logs are sent to the cloud management server.
(4) remote proving sending module: be responsible for sending integrity report and metrics logs
(5) cloud management server receiver module: integrity report and the metrics logs of being responsible for sink virtual machine
(6) cloud management server authentication module: whether responsible verifying virtual machines is credible.The cloud management server is received integrity report and metrics logs, and integrity report is verified.If the result is credible, show trusted status, if insincere, which assembly is the metrics logs that can further check this virtual machine, locate out of joint.
Virtual machine metric module, virtual machine initiation module are arranged in the virtual machine manager of computing node, remote proving respond module and remote proving sending module are arranged at the remote proving client, and cloud management server receiver module and cloud management server authentication module are arranged at the server of cloud management end.
During concrete enforcement, on client, after virtual machine activation, virtual machine manager vacuum metrics module is carried out static state tolerance to assemblies such as Grub, virtual machine kernel, application program, key modules, and postrun virtual machine is periodically carried out to dynamic measurement.After each tolerance, the value of tolerance is carried out to the iteration Hash, obtain corresponding static state or dynamic metric, and generate the corresponding metrics logs of static state or dynamic measurement, recorded the process of whole tolerance in daily record, comprise and measured which assembly, the metric of each assembly and measuring period etc.After tolerance finishes, the virtual machine initiation module, send to the remote proving respond module by metric and metrics logs, is used for triggering signature and the transmission of remote proving.The realization of concrete tolerance and iteration Hash adopts the mode in traditional remote proving to get final product, and is generally after once measuring, and the HASH value of all metric module is carried out to iteration HASH, forms a final metric, and it will not go into details in the present invention.
Specific embodiment described herein is only to the explanation for example of the present invention's spirit.Those skilled in the art can make various modifications or supplement or adopt similar mode to substitute described specific embodiment, but can't depart from spirit of the present invention or surmount the defined scope of appended claims.
Claims (2)
1. the active remote method of proof for cloud platform virtual machine tolerance, it is characterized in that: after the server of cloud management end selects computing node to set up virtual machine, set up the remote proving client in the host operating system of computing node, initiatively trigger the remote proving client by the tolerance result of virtual machine and carry out remote proving, to measure the server that the gained metric sends to the cloud management end in real time, without metric being kept in the PCR of TPM; Implementation procedure comprises the credible proof procedure of server of remote proving client associative operation process and cloud management end,
Described remote proving client associative operation process implementation is as follows,
After the virtual machine of cloud platform is measured by the virtual machine manager vacuum metrics module of computing node at every turn, initiatively trigger the remote proving client by transmission metric and metrics logs and carry out remote proving, described tolerance comprises static state tolerance and the rear periodically dynamic measurement of virtual machine operation after virtual machine activation; After the remote proving client is received metric and metrics logs, by the UUID of host name and virtual machine, read out and send to the server of cloud management end from metrics logs, to the server request random number; Server is received the UUID of host name and virtual machine, for this virtual machine generates a random number, and sends to the remote proving client; After the remote proving client is received random number, at first, metric is carried out to the iteration Hash and obtain final hash value, then with the signature private key in TPM, cryptographic Hash is signed, obtain the signature value; Then, generate an integrity report, the essential information of random number, metric, cryptographic Hash, signature value and virtual machine is inserted in integrity report; Finally, integrity report and metrics logs are sent to the cloud management server;
The credible proof procedure of the server of described cloud management end is achieved as follows,
After server receives integrity report and metrics logs, each data item in integrity report is parsed at every turn, at first check random number; Then recalculate Hash, the checking cryptographic Hash; Take out again the public signature key certifying signature; Giving tacit consent to primary metric is baseline value, and afterwards each metric and baseline value are compared, and when metric equals baseline value, the result is that virtual machine is credible, otherwise is insincere.
2. the active remote method of proof of measuring for the cloud platform virtual machine according to claim 1, it is characterized in that: when the result is virtual machine when insincere, search the metrics logs that this virtual machine is corresponding, again the iteration Hash, computing metric, find out the assembly of makeing mistakes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310474995.0A CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310474995.0A CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103501303A true CN103501303A (en) | 2014-01-08 |
CN103501303B CN103501303B (en) | 2017-02-22 |
Family
ID=49866475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310474995.0A Active CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103501303B (en) |
Cited By (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243457A (en) * | 2014-08-29 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Credibility measuring method and system for mobile terminal |
CN104951708A (en) * | 2015-06-11 | 2015-09-30 | 浪潮电子信息产业股份有限公司 | File measurement and protection method and device |
CN105550095A (en) * | 2015-12-22 | 2016-05-04 | 中国科学院信息工程研究所 | Virtualization based active and passive combination detection system and method for host behavior |
CN106030548A (en) * | 2014-03-25 | 2016-10-12 | 英特尔公司 | Multinode hubs for trusted computing |
CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
CN107392030A (en) * | 2017-07-28 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for detecting virtual machine and starting safety |
CN107861793A (en) * | 2017-11-08 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium |
US10122695B2 (en) | 2015-10-28 | 2018-11-06 | Cisco Technology, Inc. | Remote crowd attestation in a network |
CN109213572A (en) * | 2018-09-10 | 2019-01-15 | 郑州云海信息技术有限公司 | A kind of confidence level based on virtual machine determines method and server |
CN109358945A (en) * | 2018-09-27 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of complete method and apparatus of verifying virtual machines hardware resource |
CN110096887A (en) * | 2019-03-22 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of trusted computing method and server |
CN110324422A (en) * | 2019-07-05 | 2019-10-11 | 北京大学 | A kind of substantive approach and system of cloud application |
CN110334515A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | A kind of method and device generating measurement report based on credible calculating platform |
CN110334518A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The verification method and device of Metric policy based on credible calculating platform |
CN110770729A (en) * | 2017-03-08 | 2020-02-07 | 华为技术有限公司 | Method and apparatus for proving integrity of virtual machine |
CN111831609A (en) * | 2020-06-18 | 2020-10-27 | 中国科学院数据与通信保护研究教育中心 | Method and system for unified management and distribution of binary file metric values in virtualization environment |
CN111901285A (en) * | 2019-05-06 | 2020-11-06 | 阿里巴巴集团控股有限公司 | Credibility verification method, system, equipment and storage medium |
CN112000935A (en) * | 2019-05-27 | 2020-11-27 | 阿里巴巴集团控股有限公司 | Remote authentication method, device, system, storage medium and computer equipment |
CN112134692A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Remote certification mode negotiation method and device |
CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
WO2021073376A1 (en) * | 2019-10-17 | 2021-04-22 | 华为技术有限公司 | Method and device for remote attestation of combined device |
CN112787988A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
CN112787817A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
WO2021139308A1 (en) * | 2020-06-16 | 2021-07-15 | 平安科技(深圳)有限公司 | Cloud server monitoring method, apparatus and device, and storage medium |
CN113132330A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Method for trusted state attestation and related device |
CN113315805A (en) * | 2021-04-08 | 2021-08-27 | 中国科学院信息工程研究所 | Group verification method and system for cloud infrastructure trusted device |
CN113423108A (en) * | 2021-05-11 | 2021-09-21 | 西安电子科技大学 | Remote certification method, system, computer equipment and data processing terminal |
CN113869901A (en) * | 2021-12-02 | 2021-12-31 | 腾讯科技(深圳)有限公司 | Key generation method, key generation device, computer-readable storage medium and computer equipment |
CN115001766A (en) * | 2022-05-24 | 2022-09-02 | 四川大学 | Efficient multi-node batch remote certification method |
CN116015782A (en) * | 2022-12-13 | 2023-04-25 | 四川大学 | Trust relation establishing method for multi-cloud network architecture |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
WO2012038211A1 (en) * | 2010-09-22 | 2012-03-29 | International Business Machines Corporation | Attesting use of an interactive component during a boot process |
CN103023922A (en) * | 2012-12-05 | 2013-04-03 | 清华大学 | Control flow model behavior based dynamic remote attestation method |
-
2013
- 2013-10-12 CN CN201310474995.0A patent/CN103501303B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
WO2012038211A1 (en) * | 2010-09-22 | 2012-03-29 | International Business Machines Corporation | Attesting use of an interactive component during a boot process |
CN103023922A (en) * | 2012-12-05 | 2013-04-03 | 清华大学 | Control flow model behavior based dynamic remote attestation method |
CN103220300A (en) * | 2012-12-05 | 2013-07-24 | 清华大学 | Mobile terminal system supporting dynamic remote attestation |
Cited By (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106030548A (en) * | 2014-03-25 | 2016-10-12 | 英特尔公司 | Multinode hubs for trusted computing |
CN104243457A (en) * | 2014-08-29 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Credibility measuring method and system for mobile terminal |
CN104951708A (en) * | 2015-06-11 | 2015-09-30 | 浪潮电子信息产业股份有限公司 | File measurement and protection method and device |
US10122695B2 (en) | 2015-10-28 | 2018-11-06 | Cisco Technology, Inc. | Remote crowd attestation in a network |
US10412074B2 (en) | 2015-10-28 | 2019-09-10 | Cisco Technology, Inc. | Remote crowd attestation in a network |
CN105550095A (en) * | 2015-12-22 | 2016-05-04 | 中国科学院信息工程研究所 | Virtualization based active and passive combination detection system and method for host behavior |
CN105550095B (en) * | 2015-12-22 | 2018-07-06 | 中国科学院信息工程研究所 | Host behavior master based on virtualization passively combines detecting system and method |
CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
CN110770729B (en) * | 2017-03-08 | 2022-04-05 | 华为技术有限公司 | Method and apparatus for proving integrity of virtual machine |
CN110770729A (en) * | 2017-03-08 | 2020-02-07 | 华为技术有限公司 | Method and apparatus for proving integrity of virtual machine |
CN107392030A (en) * | 2017-07-28 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for detecting virtual machine and starting safety |
CN107861793A (en) * | 2017-11-08 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium |
CN109213572A (en) * | 2018-09-10 | 2019-01-15 | 郑州云海信息技术有限公司 | A kind of confidence level based on virtual machine determines method and server |
CN109213572B (en) * | 2018-09-10 | 2021-10-22 | 郑州云海信息技术有限公司 | Credibility determination method based on virtual machine and server |
CN109358945A (en) * | 2018-09-27 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of complete method and apparatus of verifying virtual machines hardware resource |
US11163865B2 (en) | 2019-03-22 | 2021-11-02 | Advanced New Technologies Co., Ltd. | Trusted computing method, and server |
CN110096887A (en) * | 2019-03-22 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of trusted computing method and server |
CN110096887B (en) * | 2019-03-22 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Trusted computing method and server |
CN111901285B (en) * | 2019-05-06 | 2022-09-20 | 阿里巴巴集团控股有限公司 | Credibility verification method, system, equipment and storage medium |
CN111901285A (en) * | 2019-05-06 | 2020-11-06 | 阿里巴巴集团控股有限公司 | Credibility verification method, system, equipment and storage medium |
CN112000935A (en) * | 2019-05-27 | 2020-11-27 | 阿里巴巴集团控股有限公司 | Remote authentication method, device, system, storage medium and computer equipment |
CN112134692A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Remote certification mode negotiation method and device |
WO2020259419A1 (en) * | 2019-06-24 | 2020-12-30 | 华为技术有限公司 | Method and apparatus for negotiating remote attestation mode |
CN112134692B (en) * | 2019-06-24 | 2022-02-15 | 华为技术有限公司 | Remote certification mode negotiation method and device |
CN110334515B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Method and device for generating measurement report based on trusted computing platform |
CN110334518A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The verification method and device of Metric policy based on credible calculating platform |
CN110324422B (en) * | 2019-07-05 | 2020-08-28 | 北京大学 | Cloud application verification method and system |
CN110324422A (en) * | 2019-07-05 | 2019-10-11 | 北京大学 | A kind of substantive approach and system of cloud application |
CN110334515A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | A kind of method and device generating measurement report based on credible calculating platform |
CN110334518B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted computing platform-based measurement policy verification method and device |
CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
CN112217775B (en) * | 2019-07-12 | 2022-04-05 | 华为技术有限公司 | Remote certification method and device |
WO2021073376A1 (en) * | 2019-10-17 | 2021-04-22 | 华为技术有限公司 | Method and device for remote attestation of combined device |
CN112787817A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
CN112787988A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
CN112787988B (en) * | 2019-11-11 | 2023-06-02 | 华为技术有限公司 | Remote attestation method, device, system and computer storage medium |
WO2021093485A1 (en) * | 2019-11-11 | 2021-05-20 | 华为技术有限公司 | Remote attestation method, apparatus and system, and computer storage medium |
CN113132330B (en) * | 2019-12-31 | 2022-06-28 | 华为技术有限公司 | Method, device, attestation server and readable storage medium for attestation of trusted status |
CN113132330A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Method for trusted state attestation and related device |
WO2021139308A1 (en) * | 2020-06-16 | 2021-07-15 | 平安科技(深圳)有限公司 | Cloud server monitoring method, apparatus and device, and storage medium |
CN111831609A (en) * | 2020-06-18 | 2020-10-27 | 中国科学院数据与通信保护研究教育中心 | Method and system for unified management and distribution of binary file metric values in virtualization environment |
CN111831609B (en) * | 2020-06-18 | 2024-01-02 | 中国科学院数据与通信保护研究教育中心 | Method and system for unified management and distribution of binary metric values in virtualized environments |
CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
CN112468448B (en) * | 2020-11-05 | 2023-08-08 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
CN113315805A (en) * | 2021-04-08 | 2021-08-27 | 中国科学院信息工程研究所 | Group verification method and system for cloud infrastructure trusted device |
CN113423108A (en) * | 2021-05-11 | 2021-09-21 | 西安电子科技大学 | Remote certification method, system, computer equipment and data processing terminal |
CN113869901A (en) * | 2021-12-02 | 2021-12-31 | 腾讯科技(深圳)有限公司 | Key generation method, key generation device, computer-readable storage medium and computer equipment |
CN115001766A (en) * | 2022-05-24 | 2022-09-02 | 四川大学 | Efficient multi-node batch remote certification method |
CN115001766B (en) * | 2022-05-24 | 2023-07-04 | 四川大学 | Efficient multi-node batch remote proving method |
CN116015782A (en) * | 2022-12-13 | 2023-04-25 | 四川大学 | Trust relation establishing method for multi-cloud network architecture |
CN116015782B (en) * | 2022-12-13 | 2024-03-22 | 四川大学 | Trust relation establishing method for multi-cloud network architecture |
Also Published As
Publication number | Publication date |
---|---|
CN103501303B (en) | 2017-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103501303A (en) | Active remote attestation method for measurement of cloud platform virtual machine | |
Bera et al. | Designing blockchain-based access control protocol in IoT-enabled smart-grid system | |
US20210051023A1 (en) | Cross-chain authentication method, system, server, and computer-readable storage medium | |
US20210271764A1 (en) | Method for storing data on a storage entity | |
Kalra et al. | Secure authentication scheme for IoT and cloud servers | |
Choudhury et al. | A strong user authentication framework for cloud computing | |
EP4066434B1 (en) | Password-authenticated public key establishment | |
Garg et al. | RITS-MHT: Relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing | |
US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
CN103023911B (en) | Trustable network equipment access trustable network authentication method | |
CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
Heinrich et al. | Who can find my devices? security and privacy of apple's crowd-sourced bluetooth location tracking system | |
CN104158791A (en) | Safe communication authentication method and system in distributed environment | |
US9154480B1 (en) | Challenge-response authentication of a cryptographic device | |
US20230052608A1 (en) | Remote attestation | |
Tomar et al. | Blockchain-assisted authentication and key agreement scheme for fog-based smart grid | |
Harchol et al. | Distributed SSH key management with proactive RSA threshold signatures | |
CN103326856A (en) | Cloud storage data responsibility confirmation structure and method based on two-way digital signature | |
US8954728B1 (en) | Generation of exfiltration-resilient cryptographic keys | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
Zhang et al. | TEO: Ephemeral ownership for iot devices to provide granular data control | |
Rao et al. | DEC‐LADE: Dual elliptic curve‐based lightweight authentication and data encryption scheme for resource constrained smart devices | |
Alharbi et al. | {CSProp}: ciphertext and signature propagation {Low-Overhead}{Public-Key} cryptosystem for {IoT} environments | |
CN115001864B (en) | Communication authentication method and device for intelligent furniture, computer equipment and storage medium | |
Ernstberger et al. | Origo: Proving provenance of sensitive data with constant communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |