CN101488175A - Method for preventing credible client virtual domain starting crash based on polling mechanism - Google Patents
Method for preventing credible client virtual domain starting crash based on polling mechanism Download PDFInfo
- Publication number
- CN101488175A CN101488175A CNA2009100780318A CN200910078031A CN101488175A CN 101488175 A CN101488175 A CN 101488175A CN A2009100780318 A CNA2009100780318 A CN A2009100780318A CN 200910078031 A CN200910078031 A CN 200910078031A CN 101488175 A CN101488175 A CN 101488175A
- Authority
- CN
- China
- Prior art keywords
- virtual
- virtual domain
- software
- credible
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a method based on a polling mechanism to prevent a credible client virtual domain from initiating collapse. The method can keep the credible client virtual domain from initiating collapse during the start-up of a system when the creation of a virtual credible platform module is slow. In the method, integrity measuring software in a kernel initiating document of the virtual domain undergoes function expansion, so the method is simple and has good compatibility and strong expandability. The measuring software with more powerful function is not immediately devoted to the initialization after being loaded, instead, the virtual credible platform module is detected first, i.e. the request for accessing a virtual credible platform module register is sent out till a correct result is returned, and then the software initialization begins. The method delays the detection work to the time ahead of the initialization of the first virtual domain software which accesses the virtual credible platform module so that the advantage of the original system, i.e. the effective utilization of system resources, can be maintained.
Description
Technical field
The present invention relates to computer information safe Trusted Computing field, be meant the method that prevents credible client virtual domain starting crash especially based on polling mechanism.A kind of method is provided in the credible client virtual domain of Xen virtual machine, has made the credible client virtual domain that utilizes the virtual credible platform module of realizing in privileged domain to carry out Trusted Computing in system starting process, not cause starting collapse because of the slow of virtual credible platform module constructive process.
Background technology
At present, existing virtual machine technique is used the virtualized notion of complete machine, has removed the constraint of physical machine compatibility and hardware resource application programs, realizes the parallel running of multiple operating system on the same hardware platform.Network times is with efficiency comes first rather than suffer the attack of hacker, spyware and virus more and more easily with the existing PC system of safety priority principle design.In order to solve the structural unsafe problems of PC, fundamentally improve its credibility, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee by the security that strengthens existing terminal architecture the safety of total system, and main thought is to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function on various terminals (comprising PC, mobile phone and other mobile intelligent terminal etc.) hardware platform; The os starting process is divided into several relatively independent layers, with the root of trust of TPM as credible calculating platform, the lower floor's upper strata of tolerance checking earlier integrality, and will measure in the PCR register that the result deposits the TPM chip in, and then the operation control of transmission system, thereby make up a complete trust chain.The data of PCR register can not directly be revised behind computer starting, can not empty.The user can judge whether current running environment is credible, and whether some link exists safety problem according to the numerical value of corresponding PCR register.
Intel Virtualization Technology and reliable computing technology organically combine and can construct extremely effectively terminal platform security solution.Traditional reliable computing technology can only guarantee the security of single computing machine, realize the operation seamlessly on client virtual domain of trusted application software, must solve two problems: the one, how provide TPM equipment for client virtual domain; The 2nd, how to realize the integrity measurement in each stage of client virtual domain starting chain-of-trust.Fig. 1 is an Xen virtual machine component framework synoptic diagram, operating system of each computational fields operation, monitor of virtual machine is responsible for monitoring lower floor hardware between system hardware platform and virtual computational fields operating system software, but and becomes the entity of management and dispatching to keep supplying layer computational fields hardware abstraction to use.Behind the Xen virtual machine activation, privileged domain is the operating system that must and at first enter, and then starts client virtual domain as the case may be; The privilege computational fields has the highest authority, and privileged domain is utilized virtual Domain management tools manage client computational fields, comprises establishment, deletion, visit physical equipment etc.Virtual TPM (vTPM) equipment that Fig. 2 utilizes privileged domain to realize for a kind of client virtual domain carries out the component framework synoptic diagram of the method for Trusted Computing; In the method, different client virtual domains use different vTPM equipment, the TPM instruction request that trusted application software sends in the client virtual domain is by vTPM front-end driven, the driving of vTPM rear end, vTPM equipment management tool, arrive vTPM equipment at last, the result after the processing gets back to trusted application software through opposite route again.Fig. 3 is the processing flow chart from the TPM instruction of client virtual domain IMA software, wherein IMA software is the Software tool that is used for executive routine or kernel module are carried out integrity measurement of IBM research institute exploitation, loads this software in client virtual domain os starting process.
Fig. 4 is the process flow diagram that client virtual domain starting and virtual TPM equipment are created, why the establishment of the startup of virtual Domain and virtual TPM equipment being designed to two parallel processes mainly is in order to improve the system resource effective rate of utilization, to accelerate the start-up course of total system; When but this method for designing and existing integrity measurement software I MA combined work, phenomenon may appear collapsing in credible client virtual domain starting.Reason is: the virtual Domain management tool among Fig. 3, vTPM equipment management tool and vTPM device process all are that the common process as user's space is scheduled and carries out, when the uncertainty of process scheduling can cause IMA to send visit TPM instruction in CPU scheduling and the virtual Domain between virtual Domain, corresponding vTPM equipment may also not set up, IMA can't handle this situation, and then causes starting collapse.
Summary of the invention
The objective of the invention is to for avoiding above-mentioned deficiency of the prior art that a kind of method that prevents credible client virtual domain starting crash based on polling mechanism is provided.The present invention provides a kind of method for solving the credible client virtual domain starting crash problem.This method is not to carry out software initialization immediately after the IMA of virtual Domain kernel software is loaded, but adopts poll to survey the mode of vTPM equipment, creates up to vTPM equipment to finish, can handle the TPM instruction after, just carry out software initialization.
The purpose of wood invention can realize by following measure:
The implementation method that prevents credible client virtual domain starting crash based on polling mechanism, it is characterized in that: IMA software is after by the virtual Domain kernel loads, do not carry out initial work immediately, whether can handle the TPM instruction but detect virtual TPM equipment earlier, if testing result is incorrect, then regularly detection is correct up to return results, just carries out software initialization then
The present invention has following advantage compared to existing technology:
1. simple, extensibility is strong, and is compatible good.Only need change kernel one place, and only need on the original system code, to increase by 8 line codes, but the operate as normal still under traditional single computing machine of the IMA software after the change.
2. kept the existing advantage that the system of virtual TPM technology is provided.To postpone till before the virtual Domain software initialization of first accesses virtual TPM equipment virtual TPM Equipment Inspection work, and can make full use of the resource of system like this, the system of a plurality of CPU will particularly be arranged.
Description of drawings
Fig. 1 is an Xen virtual machine component framework synoptic diagram;
Fig. 2 carries out the component framework synoptic diagram of the method for Trusted Computing based on virtual TPM for a kind of client virtual domain;
The processing flow chart that the TPM that Fig. 3 is sent for the client virtual domain IMA software in Fig. 2 method instructs;
The process flow diagram that Fig. 4 creates these two parallel procedures for the client virtual domain starting in Fig. 2 method and virtual TPM equipment;
Fig. 5 is amended IMA integrity measurement workflow, and wherein empty frame partly is a method provided by the invention.
Embodiment
The present invention provides a kind of method for solving the credible client virtual domain starting crash problem.This method has increased the function of poll detection vTPM equipment after the IMA of virtual Domain kernel software is loaded and before initialization, the request of regularly sending accesses virtual TPM device register up to returning correct result, continues system start-up again.
It is a kind of based on the polling mechanism method that the object of the invention is to provide, and this method only need be revised IMA software.
System subordinate's process is as follows:
Be elaborated according to the workflow of Fig. 5 explanation below to amended IMA integrity measurement software:
1, the virtual Domain operating system nucleus loads IMA integrity measurement software.
2, after the loading, IMA software does not carry out initial work immediately, but attempts accesses virtual TPM equipment earlier, if return results is correct, then continues kernel and starts, otherwise just slept 5 seconds, and then attempt accesses virtual TPM equipment, and is correct up to testing result.
By said method, what credible client virtual domain can be because of virtual TPM equipment constructive process in system starting process slowly not cause the collapse that starts.
Claims (1)
1, based on the method that prevents credible client virtual domain starting crash of polling mechanism, it is characterized in that: IMA software is after by the virtual Domain kernel loads, do not carry out initial work immediately, whether can handle the TPM instruction but detect virtual TPM equipment earlier, if testing result is incorrect, then regularly detection is correct up to return results, just carries out software initialization then.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100780318A CN101488175B (en) | 2009-02-10 | 2009-02-10 | Method for preventing credible client virtual domain starting crash based on polling mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100780318A CN101488175B (en) | 2009-02-10 | 2009-02-10 | Method for preventing credible client virtual domain starting crash based on polling mechanism |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101488175A true CN101488175A (en) | 2009-07-22 |
| CN101488175B CN101488175B (en) | 2010-08-11 |
Family
ID=40891061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100780318A Expired - Fee Related CN101488175B (en) | 2009-02-10 | 2009-02-10 | Method for preventing credible client virtual domain starting crash based on polling mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101488175B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
| CN104468712A (en) * | 2014-10-31 | 2015-03-25 | 中标软件有限公司 | Lightweight class trusted calculating platform, communication method of lightweight class trusted calculating platform and trust chain establishing method |
| CN105786588A (en) * | 2016-02-22 | 2016-07-20 | 中南大学 | Remote authentication method for cleanroom trusted virtual machine monitor |
| CN107861793A (en) * | 2017-11-08 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium |
-
2009
- 2009-02-10 CN CN2009100780318A patent/CN101488175B/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
| CN101834860B (en) * | 2010-04-22 | 2013-01-30 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
| CN104468712A (en) * | 2014-10-31 | 2015-03-25 | 中标软件有限公司 | Lightweight class trusted calculating platform, communication method of lightweight class trusted calculating platform and trust chain establishing method |
| CN104468712B (en) * | 2014-10-31 | 2018-05-29 | 中标软件有限公司 | Lightweight credible calculating platform and its communication means, trust chain method for building up |
| CN105786588A (en) * | 2016-02-22 | 2016-07-20 | 中南大学 | Remote authentication method for cleanroom trusted virtual machine monitor |
| CN107861793A (en) * | 2017-11-08 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101488175B (en) | 2010-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101488173B (en) | Method for measuring completeness of credible virtual field start-up files supporting non-delaying machine | |
| US8677484B2 (en) | Providing protection against unauthorized network access | |
| US9075995B2 (en) | Dynamically loaded measured environment for secure code launch | |
| CN101866408B (en) | Transparent trust chain constructing system based on virtual machine architecture | |
| CN101770406B (en) | Equipment and method for runtime integrity verification | |
| CN101488174B (en) | Implementing method for dynamically transparent virtual credible platform module | |
| US9298484B2 (en) | Encapsulation of an application for virtualization | |
| US20050132122A1 (en) | Method, apparatus and system for monitoring system integrity in a trusted computing environment | |
| US20140025961A1 (en) | Virtual machine validation | |
| US20150135311A1 (en) | Virtual machine validation | |
| US8151147B2 (en) | Synchronize error handling for a plurality of partitions | |
| CN107704308B (en) | Virtual platform vTPM management system, trust chain construction method and device, and storage medium | |
| US10860359B2 (en) | Key management for encrypted virtual machines | |
| CN112800429A (en) | Method for protecting driver in UEFI BIOS firmware system based on foundation | |
| US20130276123A1 (en) | Mechanism for providing a secure environment for acceleration of software applications at computing devices | |
| CN101488175B (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| CN105556473A (en) | I/O task processing method, device and system | |
| US10372472B2 (en) | System, method, and computer program product for conditionally preventing use of hardware virtualization | |
| CN106778249B (en) | Method and system for constructing trusted execution environment of Java program | |
| CN106445641B (en) | Data migration method between secure virtual platforms on discrete computing nodes | |
| CN101539973B (en) | Method of seamless operation of integrity measurement technology in trusted virtual domain | |
| Lucas et al. | Vosysmonitor, a trustzone-based hypervisor for iso 26262 mixed-critical system | |
| CN101539864B (en) | Method for self adaptedly safeguarding the normal starting of credible client virtual domain | |
| CN106529284B (en) | Virtual machine monitor security reinforcement method based on security chip | |
| CN101488176B (en) | TOCTOU attack response method aiming at TPM trusted computation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100811 Termination date: 20120210 |