CN106354550A - Method, device and system for protecting security of virtual machine - Google Patents
Method, device and system for protecting security of virtual machine Download PDFInfo
- Publication number
- CN106354550A CN106354550A CN201610943170.2A CN201610943170A CN106354550A CN 106354550 A CN106354550 A CN 106354550A CN 201610943170 A CN201610943170 A CN 201610943170A CN 106354550 A CN106354550 A CN 106354550A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- vtpm
- sent
- manager
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000005259 measurement Methods 0.000 claims abstract description 89
- 238000012795 verification Methods 0.000 claims abstract description 11
- 238000012545 processing Methods 0.000 claims description 21
- 238000013507 mapping Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 2
- 230000003014 reinforcing effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 239000011800 void material Substances 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008034 disappearance Effects 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000005498 polishing Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, device and system for protecting security of a virtual machine. The method comprises the following steps: generating a corresponding measurement result when a trusted application client detects that VMM starts a user virtual machine; transmitting the request for starting the user virtual machine to a vTPM manager; transmitting the measurement result and a certificate to a trusted platform manager when the certificate corresponding to the request transmitted by the vTPM manager is received; and notifying VMM when a verification result transmitted from the trusted platform manager for the measurement result and certificate is received and the verification result is passed. According to the method, the security of the virtual machine is guaranteed based on the remote certification of the measurement result and certificate, and certificate acquisition and measurement result verification relate to the pTPM physical platform, so that the method for protecting the security of the virtual machine cannot be easily cracked. Therefore, the scheme can be used for reinforcing the protection degree for the security of the virtual machine.
Description
Technical field
The present invention relates to field of computer technology, particularly to a kind of method of protection secure virtual machine, apparatus and system.
Background technology
With the gradually maturation of cloud computing and Intel Virtualization Technology, data center progressively adopts virtual machine to replace physical host
Carry out deployment system application, therefore the safety problem of virtual machine is also increasingly taken seriously.
At present, software information protected mode, such as encryption and decryption program, certificate license etc. are generally adopted, to protect virtual machine.
But, existing secure virtual machine protected mode be not easily cracked person's analysis, crack, therefore the protection to secure virtual machine
Dynamics is relatively low.
Content of the invention
The invention provides a kind of method of protection secure virtual machine, apparatus and system, can strengthen to secure virtual machine
Protection.
In order to achieve the above object, the present invention is achieved through the following technical solutions:
In a first aspect, the invention provides a kind of method of protection secure virtual machine, being applied to trusted application end, comprising:
When vmm (virtual machine monitor, virtual machine manager) startup user virtual machine is detected, raw
Become corresponding measurement results;
By start described user virtual machine request be sent to vtpm (virtual trusted platform module,
Virtual credible platform module) manager;
When receiving the corresponding certificate of described request that described vtpm manager is sent, by described measurement results and described
Certificate is sent to credible platform manager;
Receiving the result for described measurement results and described certificate that described credible platform manager is sent,
And described the result is when being to be verified, notify described vmm.
Further, the corresponding measurement results of described generation, comprising: by the mirror image of described user virtual machine and startup
Item is measured, and generates corresponding measurement results;
The described request by the described user virtual machine of startup is sent to vtpm manager, comprising: will start described user empty
The request of plan machine, drives and the server end vtpm in privileged virtual machine through client vtpm in described user virtual machine successively
Drive, be forwarded to the vtpm manager in described privileged virtual machine.
Further, when the request starting described user virtual machine is sent to vtpm manager, the method also includes:
Described measurement results are sent to described vtpm manager, so that described vtpm manager stores described measurement results to described
Ask in the encryption space of corresponding vtpm example.
Second aspect, the invention provides a kind of method of protection secure virtual machine, is applied to vtpm manager, comprising:
When receiving the request of the startup user virtual machine sent at trusted application end, according to the different user pre-building
Virtual machine and unique correspondence mappings relation of different vtpm examples, determine the corresponding target vtpm example of described request;
Ask described target to ptpm (physics trusted platform module, physical trusted platform module)
The corresponding key of vtpm example;
The key sent using described ptpm, obtains the certificate of storage in described target vtpm example;
Described certificate is sent to described trusted application end.
The third aspect, the invention provides a kind of method of protection secure virtual machine, is applied to credible platform manager, bag
Include:
When receiving measurement results and the certificate that trusted application end is sent, ask described card using described certificate to ptpm
Book corresponding gauge result;
When receiving the gauge result that described ptpm sends, verify the measurement results that described trusted application end is sent
With the similarities and differences of described gauge result, and corresponding the result is sent to described trusted application end.
Fourth aspect, the invention provides a kind of trusted application end, comprising:
Metric element, for when vmm startup user virtual machine is detected, generating corresponding measurement results;
First processing units, for being sent to vtpm manager by the request starting described user virtual machine;Receive described
The corresponding certificate of described request that vtpm manager is sent;
Second processing unit, for being sent to credible platform manager by described measurement results and described certificate;Receiving
The result for described measurement results and described certificate sent to described credible platform manager, and described the result
During for being verified, notify described vmm.
Further, described metric element, specifically for by carrying out to the mirror image of described user virtual machine and startup item
Tolerance, generates corresponding measurement results;
Described first processing units, specifically for the request of described user virtual machine will be started, empty through described user successively
Client vtpm in plan machine drives and drives with the server end vtpm in privileged virtual machine, is forwarded in described privileged virtual machine
Vtpm manager.
Further, described first processing units, are additionally operable to for described measurement results to be sent to described vtpm manager, with
Described vtpm manager is made to store described measurement results to the described encryption space asking corresponding vtpm example.
5th aspect, the invention provides a kind of vtpm manager, comprising:
Determining unit, for when receiving the request of the startup user virtual machine sent at trusted application end, according in advance
The different user virtual machine set up and unique correspondence mappings relation of different vtpm examples, determine the corresponding target of described request
Vtpm example;
Processing unit, for asking the corresponding key of described target vtpm example to ptpm;
Acquiring unit, for the key sent using described ptpm, obtains the certificate of storage in described target vtpm example;
Transmitting element, for being sent to described trusted application end by described certificate.
6th aspect, the invention provides a kind of credible platform manager, comprising:
First processing units, for when receiving measurement results and the certificate that trusted application end is sent, using described card
Book asks described certificate corresponding gauge result to ptpm;
Second processing unit, for when receiving the gauge result that described ptpm sends, checking described credible should
With holding the similarities and differences of the measurement results sent and described gauge result, and corresponding the result is sent to described credible
Application end.
7th aspect, the invention provides a kind of system of protection secure virtual machine, comprising:
Any of the above-described described trusted application end, above-mentioned vtpm manager, above-mentioned credible platform manager, ptpm;
Described ptpm, for receiving that described vtpm manager sends for the corresponding key of target vtpm example
During request, described request is verified, and when verification is passed through, will be corresponding close for the described target vtpm example of storage inside
Key is sent to described vtpm manager;Receiving that described credible platform manager sends for the corresponding gauge of certificate
During the request of result, described request is verified, and when verification is passed through, by the corresponding standard of described certificate of storage inside
Measurement results are sent to described credible platform manager.
Further, the system of this protection secure virtual machine also includes: virtual machine layer, vmm;
Described virtual machine layer includes: privileged virtual machine and at least one user virtual machine, wherein, in described privileged virtual machine
Include described vtpm manager server end vtpm to drive, in each described user virtual machine, all include client
Vtpm drives;
Described trusted application end is installed in described vmm;
Described vmm, during for starting any user virtual machine at least one user virtual machine described, notice is described can
Letter application end;When receiving the notice that described trusted application end is sent, formally start this user virtual machine;
Described trusted application end, specifically for being sent to the visitor in this user virtual machine by the request starting user virtual machine
Family end vtpm drives, so that described client vtpm drives forwards the request to described server end vtpm driving;
Described vtpm manager, specifically for receiving the described request that described server end vtpm driving is sent.
The invention provides a kind of method of protection secure virtual machine, apparatus and system, trusted application end is detecting vmm
When starting user virtual machine, generate corresponding measurement results;The request starting user virtual machine is sent to vtpm manager;?
When receiving the corresponding certificate of this request that vtpm manager is sent, measurement results and certificate are sent to credible platform management
Device;Receiving the result for measurement results and certificate that credible platform manager is sent, and the result is checking
By when, notify vmm.Based on to the remote proving of measurement results and certificate to ensure secure virtual machine, and the acquisition of certificate and
The checking of measurement results all can be related to this physical platform of ptpm, therefore the method for this protection secure virtual machine is difficult to be broken
Solution.Therefore, the present invention can strengthen the protection to secure virtual machine.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it should be apparent that, drawings in the following description are the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 is the flow chart of a kind of method of protection secure virtual machine that one embodiment of the invention provides;
Fig. 2 is the flow chart of the method for another kind of protection secure virtual machine that one embodiment of the invention provides;
Fig. 3 is the flow chart of the method for another protection secure virtual machine that one embodiment of the invention provides;
Fig. 4 is the flow chart of the method for another protection secure virtual machine that one embodiment of the invention provides;
Fig. 5 is a kind of schematic diagram at trusted application end that one embodiment of the invention provides;
Fig. 6 is a kind of schematic diagram of vtpm manager that one embodiment of the invention provides;
Fig. 7 is a kind of schematic diagram of credible platform manager that one embodiment of the invention provides;
Fig. 8 is a kind of schematic diagram of the system of protection secure virtual machine that one embodiment of the invention provides;
Fig. 9 is the schematic diagram of the system of another kind of protection secure virtual machine that one embodiment of the invention provides.
Specific embodiment
Purpose, technical scheme and advantage for making the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described it is clear that described embodiment is
The a part of embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment being obtained on the premise of not making creative work, broadly falls into the scope of protection of the invention.
As shown in figure 1, embodiments providing a kind of method of protection secure virtual machine, it is applied to trusted application
End, may comprise steps of:
Step 101: when vmm startup user virtual machine is detected, generate corresponding measurement results.
Step 102: the request starting described user virtual machine is sent to vtpm manager.
Step 103: when receiving the corresponding certificate of described request that described vtpm manager is sent, by described tolerance knot
Fruit and described certificate are sent to credible platform manager.
Step 104: receiving that described credible platform manager sends for described measurement results and described certificate
The result, and when described the result is to be verified, notify described vmm.
Embodiments provide a kind of method of protection secure virtual machine, trusted application end is detecting vmm startup
During user virtual machine, generate corresponding measurement results;The request starting user virtual machine is sent to vtpm manager;Receiving
During the corresponding certificate of this request sent to vtpm manager, measurement results and certificate are sent to credible platform manager;?
Receive the result for measurement results and certificate that credible platform manager is sent, and the result is to be verified
When, notify vmm.Based on to the remote proving of measurement results and certificate to ensure secure virtual machine, and the acquisition of certificate and tolerance
The checking of result all can be related to this physical platform of ptpm, therefore the method for this protection secure virtual machine is difficult to be cracked.
Therefore, the embodiment of the present invention can strengthen the protection to secure virtual machine.
In detail, virtual machine layer can include at least one user virtual machine, and it is virtual that vmm starts any user therein
During machine, trusted application end can be notified.Wherein, trusted application may be mounted on vmm.
In detail, by measurement results and certificate are sent to credible platform manager, to by the side of remote proving
Formula is ensureing the credible of virtual machine, thus realizing protecting the purpose of secure virtual machine.Specifically, remote proving can include verifying
Platform integrity status and platform identity.Wherein, platform integrity status can be realized by integrity measurement, and such as tolerance is worked as
Whether front user virtual machine start-up course is consistent with the standard value of safe condition;Platform identity proves to utilize credible platform mould
The certificate of block comes from current credible platform proving this integrity measurement value.
In an embodiment of the invention, the corresponding measurement results of described generation, comprising: by described user virtual machine
Mirror image and startup item measured, generate corresponding measurement results;
The described request by the described user virtual machine of startup is sent to vtpm manager, comprising: will start described user empty
The request of plan machine, drives and the server end vtpm in privileged virtual machine through client vtpm in described user virtual machine successively
Drive, be forwarded to the vtpm manager in described privileged virtual machine.
In detail, privileged virtual machine can be used as the bridge between user virtual machine and vmm.
For example, when vmm starts user virtual machine 1, the request starting user virtual machine 1 can be sent out by trusted application end
Give vtpm manager.This request implementation, can be specifically: trusted application end will start asking of user virtual machine 1
Client vtpm being sent in user virtual machine 1 is asked to drive, this client vtpm drives and forwards the request to privileged virtual
Server end vtpm in machine drives, then drives, by this server end vtpm, the vtpm forwarding the request in privileged virtual machine
Manager.
Then, vtpm manager corresponds to it may be determined that going out user virtual machine 1 according to the request of this startup user virtual machine 1
Vtpm example 1, and to ptpm ask the corresponding key 1 of vtpm example 1, and using key 1 obtain vtpm example 1 in storage
Certificate 1.Wherein, certificate of utility 1 can ask corresponding gauge result 1 to ptpm, such that it is able to based on this gauge
1 the measurement results being currently generated are verified as a result.In detail, just notify vmm when only both are identical, vmm just can be formal
Start user virtual machine 1.
By the above as can be seen that the method for protection secure virtual machine can be related to this physical platform of ptpm, and
Non- only with software information protected mode, therefore this guard method is safe and reliable, be difficult to be cracked such that it is able to strengthen to void
The protection of plan machine safety.
In an embodiment of the invention, when the request starting described user virtual machine is sent to vtpm manager,
The method can also include: described measurement results is sent to described vtpm manager, so that described vtpm manager will be described
Measurement results store to the described encryption space asking corresponding vtpm example.
In detail, by storing the measurement results being currently generated to encryption space, it is possible to use outside trusted system
Third party, periodically obtains the gauge result in the measurement results and ptpm of storage in encryption space, and by different to both
The checking of the same sex, to determine trusted system whether secure and trusted.
On the other hand, the tolerance of storage in encryption space equally using the third party outside trusted system, can periodically be obtained
Unique correspondence mappings relation of different user virtual machine and the different vtpm examples of storage in result and vtpm manager, and pass through
Checking to both matchings, to determine trusted system whether secure and trusted.
Specifically, when third party obtains above-mentioned locally store information, generally can be with direct access, therefore information can be without
Network transmission, to avoid information to be maliciously tampered in network transmission process, thus affect the accuracy of judged result.
As shown in Fig. 2 embodiments providing a kind of method of protection secure virtual machine, it is applied to vtpm management
Device, may comprise steps of:
Step 201: when receiving the request of the startup user virtual machine sent at trusted application end, according to pre-build
Different user virtual machine and unique correspondence mappings relation of different vtpm examples, determine that corresponding target vtpm of described request is real
Example.
Step 202: ask the corresponding key of described target vtpm example to ptpm.
Step 203: the key sent using described ptpm, obtain the certificate of storage in described target vtpm example.
Step 204: described certificate is sent to described trusted application end.
In detail, ptpm can verify to the request of vtpm manager, just feeds back corresponding key when being verified.
Accordingly, the certificate of storage in target vtpm example can using the corresponding key of target vtpm example, just be obtained.By obtaining
To certificate be sent to trusted application end, can be made it according to this certificate, so that trust authentication is carried out to the metric being currently generated.
As shown in figure 3, embodiments providing a kind of method of protection secure virtual machine, it is applied to credible platform pipe
Reason device, may comprise steps of:
Step 301: when receiving measurement results and the certificate that trusted application end is sent, please to ptpm using described certificate
Seek described certificate corresponding gauge result.
Step 302: when receiving the gauge result that described ptpm sends, verify what described trusted application end was sent
Measurement results and the similarities and differences of described gauge result, and corresponding the result is sent to described trusted application end.
In detail, ptpm can verify to the request of credible platform manager, just feeds back corresponding when being verified
Gauge result.Gauge based on feedback is as a result, it is possible to carry out credibility to the measurement results that trusted application end is sent
Checking.Trusted application end group, in different the results, can notify whether vmm formally starts user virtual machine.
As shown in figure 4, the method that one embodiment of the invention provides another kind of protection secure virtual machine, the method is with base
As a example vtpm protection secure virtual machine, specifically include following steps:
When step 401:vmm starts user virtual machine 1, notify trusted application end.
In detail, virtual machine layer can include each user virtual machine, and vmm can start any one use therein
Family virtual machine.When vmm starts any user virtual machine, the trusted application end installed can be notified on vmm.
Step 402: when receiving the notice of vmm, the mirror image to user virtual machine 1 and startup item are carried out at trusted application end
Tolerance, and generate corresponding measurement results.
Step 403: it is empty that the request of the measurement results of generation and startup user virtual machine 1 is sent to user by trusted application end
Client vtpm in plan machine 1 drives.
Step 404: client vtpm drives and is transmitted to the request of the measurement results receiving and startup user virtual machine 1
Server end vtpm in privileged virtual machine drives.
In detail, privileged virtual machine can be used as the bridge between user virtual machine and vmm.Wherein, in privileged virtual machine
Server end vtpm can be included drive and vtpm manager.
Step 405: server end vtpm drives the measurement results receiving and the request forwarding starting user virtual machine 1
To the vtpm manager in privileged virtual machine.
Step 406:vtpm manager is receiving measurement results and the startup user's void that server end vtpm driving is sent
During the request of plan machine 1, according to unique correspondence mappings relation of the different user virtual machine pre-building and different vtpm examples, really
Make this request corresponding vtpm example 1.
Step 407:vtpm manager stores measurement results to the encryption space of vtpm example 1.
In detail, the third party outside trusted system can periodically obtain in the measurement results and ptpm of storage in encryption space
Gauge result, and by checking to both similarities and differences, to determine trusted system whether secure and trusted.On the other hand,
The different user that this third party can also periodically obtain storage in the measurement results storing in encryption space and vtpm manager is empty
Unique correspondence mappings relation of plan machine and different vtpm examples, and by the checking to both matchings, to determine trusted system
Whether secure and trusted.
Specifically, when third party obtains above-mentioned locally store information, generally can be with direct access, therefore information can be without
Network transmission, to avoid information to be maliciously tampered in network transmission process, thus affect the accuracy of judged result.
Step 408:vtpm manager asks the corresponding key 1 of vtpm example 1 to ptpm.
In detail, ptpm is equipped on physical platform, provides physics trusted root.Physical platform provides the operation ring of virtual platform
Border.Wherein, can be stored with ptpm each corresponding key of vtpm example, and the corresponding gauge of each certificate
Result.
In detail, ptpm can verify to the request that vtpm manager is sent, ability feedback request pair when verification is passed through
The key answered.
In the embodiment of the present invention, based on ptpm with protect secure virtual machine so that different user virtual machine be based on identical
Ptpm trusted root, therefore corresponding secure virtual machine protected mode is difficult to be cracked.
The key 1 that step 409:vtpm manager is sent using ptpm, obtains the certificate 1 of storage in vtpm example 1, and will
Certificate 1 is sent to trusted application end.
Step 410: trusted application end when receiving the certificate 1 that vtpm manager is sent, by measurement results and 1, certificate
Give credible platform manager.
Step 410: credible platform manager, when receiving measurement results and the certificate 1 that trusted application end is sent, utilizes
Certificate 1 asks the corresponding gauge result 1 of certificate 1 to ptpm.
In detail, ptpm can verify to the request that credible platform manager is sent, verification by when just feedback ask
Seek corresponding gauge result.
Step 411: credible platform manager, when receiving the gauge result 1 that ptpm sends, verifies trusted application
Hold the similarities and differences of the measurement results sent and gauge result 1, and corresponding the result is sent to trusted application end.
Under normal circumstances, if trusted system is not by malicious attack or destruction, user virtual machine secure and trusted, therefore the degree generating
Amount result is consistent with the gauge result being stored in advance in ptpm.
Step 412: trusted application end is in the testing for measurement results and certificate that receive that credible platform manager sends
Card result, and when the result is to be verified, notify vmm.
In an alternative embodiment of the invention, trusted application end, after receiving the result, is only carried out to this result
Record achieves, but regardless of whether being verified, all can notify vmm.The credible and secure property of this implementation is relatively low.Therefore
Different user can select suitable user virtual machine clean boot mode according to self-demand.
Step 413:vmm, when receiving the notice at trusted application end, formally starts user virtual machine 1.
As shown in figure 5, one embodiment of the invention provides a kind of trusted application end, comprising:
Metric element 501, for when vmm startup user virtual machine is detected, generating corresponding measurement results;
First processing units 502, for being sent to vtpm manager by the request starting described user virtual machine;Receive institute
State the corresponding certificate of described request that vtpm manager is sent;
Second processing unit 503, for being sent to credible platform manager by described measurement results and described certificate;Connecing
Receive the result for described measurement results and described certificate that described credible platform manager is sent, and described checking knot
When fruit is to be verified, notify described vmm.
In an embodiment of the invention, described metric element 501, specifically for by the mirror to described user virtual machine
Picture and startup item are measured, and generate corresponding measurement results;
Described first processing units 502, specifically for starting the request of described user virtual machine, successively through described user
Client vtpm in virtual machine drives and drives with the server end vtpm in privileged virtual machine, is forwarded to described privileged virtual machine
In vtpm manager.
In an embodiment of the invention, described first processing units 502, are further used for sending described measurement results
To described vtpm manager, so that described vtpm manager stores described measurement results to the corresponding vtpm example of described request
Encryption space in.
As shown in fig. 6, one embodiment of the invention provides a kind of vtpm manager, comprising:
Determining unit 601, for when receiving the request of the startup user virtual machine sent at trusted application end, according to pre-
The different user virtual machine first set up and unique correspondence mappings relation of different vtpm examples, determine the corresponding mesh of described request
Mark vtpm example;
Processing unit 602, for asking the corresponding key of described target vtpm example to ptpm;
Acquiring unit 603, for the key sent using described ptpm, obtains the card of storage in described target vtpm example
Book;
Transmitting element 604, for being sent to described trusted application end by described certificate.
As shown in fig. 7, one embodiment of the invention provides a kind of credible platform manager, comprising:
First processing units 701, for when receiving measurement results and the certificate that trusted application end is sent, using described
Certificate asks described certificate corresponding gauge result to ptpm;
Second processing unit 702, for when receiving the gauge result that described ptpm sends, checking is described credible
The similarities and differences of the measurement results that application end is sent and described gauge result, and by corresponding the result be sent to described can
Letter application end.
As shown in figure 8, embodiments providing a kind of system of protection secure virtual machine, comprising:
Any of the above-described described trusted application end 801, above-mentioned vtpm manager 802, above-mentioned credible platform manager 803,
ptpm804;
Described ptpm804, for corresponding for target vtpm example receive that described vtpm manager 802 sends
During the request of key, described request is verified, and when verification is passed through, by the described target vtpm example pair of storage inside
The key answered is sent to described vtpm manager 802;Receiving that described credible platform manager 803 sends for certificate pair
During the request of gauge result answered, described request is verified, and when verification is passed through, by the described card of storage inside
Book corresponding gauge result is sent to described credible platform manager 803.
In detail, ptpm is equipped on physical platform, provides physics trusted root.Physical platform provides the operation ring of virtual platform
Border.
In detail, be stored with ptpm each corresponding key of vtpm example, and the corresponding standard of each certificate
Measurement results.When vmm starts any user virtual machine, based on ptpm to protect secure virtual machine so that different user virtual machine
It is based on identical ptpm trusted root, therefore corresponding secure virtual machine protected mode is difficult to be cracked.
In an embodiment of the invention, refer to Fig. 9, the system of this protection secure virtual machine can also include: virtual
Machine layer 901, vmm902;
Described virtual machine layer 901 includes: privileged virtual machine 9011 and at least one user virtual machine 9012, wherein, described
Include described vtpm manager 802 server end vtpm in privileged virtual machine 9011 and drive 90111, each described user
All include client vtpm in virtual machine 9012 and drive 90121;
Described trusted application end 801 is installed in described vmm902;
Described vmm902, during for starting any user virtual machine at least one user virtual machine described, notifies institute
State trusted application end 801;When receiving the notice that described trusted application end 801 is sent, formally start this user virtual machine;
Described trusted application end 801, specifically for being sent to the request starting user virtual machine in this user virtual machine
Client vtpm drive, so that described client vtpm drives and forwards the request to described server end vtpm and drive
90111;
Described vtpm manager 802, specifically for receive described server end vtpm drive 90111 send described in please
Ask.
In detail, virtual machine layer includes user virtual machine, is the main body carrying customer service.
In the embodiment of the present invention, by setting up the credible trust chain from vmm to virtual machine layer, can be based on vtpm to protect
Secure virtual machine, such that it is able to the trust chain disappearance of the virtualization aspect in polishing usual trust computing field, and can have
Effect build virtual platform under secure virtual machine environment.Based between these three parts of virtual machine layer, vmm and physical platform
Effectively combine, the effective protection to secure virtual machine can be completed.
In an embodiment of the invention, when the key needing to store vtpm example, vtpm example can pass through physics
Tpm drive access ptpm, in order to vmm can be realized to the trust chain constructing of virtual machine layer.
The contents such as the information exchange between each unit in said apparatus, implementation procedure, due to implementing with the inventive method
Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
In sum, each embodiment of the present invention at least has the advantages that
1st, in the embodiment of the present invention, trusted application end, when vmm startup user virtual machine is detected, generates corresponding tolerance
Result;The request starting user virtual machine is sent to vtpm manager;Receiving, this request that vtpm manager sends is right
During the certificate answered, measurement results and certificate are sent to credible platform manager;Receiving what credible platform manager was sent
For the result of measurement results and certificate, and when the result is to be verified, notify vmm.Based on to measurement results and
The remote proving of certificate to ensure secure virtual machine, and the checking of the acquisition of certificate and measurement results all can be related to ptpm this
One physical platform, therefore the method for this protection secure virtual machine is difficult to be cracked.Therefore, the embodiment of the present invention can strengthen to void
The protection of plan machine safety.
2nd, in the embodiment of the present invention, the method for protection secure virtual machine can be related to this physical platform of ptpm, rather than
Only with software information protected mode, therefore this guard method is safe and reliable, be difficult to be cracked such that it is able to strengthen to virtual
The protection of machine safety.
3rd, in the embodiment of the present invention, by setting up the credible trust chain from vmm to virtual machine layer, can be based on vtpm to protect
Shield secure virtual machine, such that it is able to the trust chain disappearance of the virtualization aspect in polishing usual trust computing field and permissible
Effectively build under virtual platform secure virtual machine environment.Based between these three parts of virtual machine layer, vmm and physical platform
Effective combination, the effective protection to secure virtual machine can be completed.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity
Or operation is made a distinction with another entity or operation, and not necessarily requires or imply exist between these entities or operation
Any this actual relation or order.And, term " inclusion ", "comprising" or its any other variant are intended to non-
The comprising of exclusiveness, so that including a series of process of key elements, method, article or equipment not only include those key elements,
But also include other key elements being not expressly set out, or also include being consolidated by this process, method, article or equipment
Some key elements.In the absence of more restrictions, the key element being limited by sentence " including a 〃 ", does not arrange
Remove and also there is other same factor in the process including described key element, method, article or equipment.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be passed through
Completing, aforesaid program can be stored in the storage medium of embodied on computer readable the related hardware of programmed instruction, this program
Upon execution, execute the step including said method embodiment;And aforesaid storage medium includes: rom, ram, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
Finally it should be understood that the foregoing is only presently preferred embodiments of the present invention, it is merely to illustrate the skill of the present invention
Art scheme, is not intended to limit protection scope of the present invention.All any modifications made within the spirit and principles in the present invention,
Equivalent, improvement etc., are all contained in protection scope of the present invention.
Claims (10)
1. a kind of method of protection secure virtual machine is it is characterised in that be applied to trusted application end, comprising:
When virtual machine manager vmm startup user virtual machine is detected, generate corresponding measurement results;
The request starting described user virtual machine is sent to virtual credible platform module vtpm manager;
When receiving the corresponding certificate of described request that described vtpm manager is sent, by described measurement results and described certificate
It is sent to credible platform manager;
Receiving the result for described measurement results and described certificate that described credible platform manager is sent, and institute
State the result for, when being verified, notifying described vmm.
2. method according to claim 1 it is characterised in that
The corresponding measurement results of described generation, comprising: by measuring to the mirror image of described user virtual machine and startup item, raw
Become corresponding measurement results;
The described request by the described user virtual machine of startup is sent to vtpm manager, comprising: will start described user virtual machine
Request, successively through in described user virtual machine client vtpm drive and privileged virtual machine in server end vtpm drive
Dynamic, it is forwarded to the vtpm manager in described privileged virtual machine;
And/or,
When the request starting described user virtual machine is sent to vtpm manager, further include: by described measurement results
It is sent to described vtpm manager, so that described vtpm manager stores described measurement results to the corresponding vtpm of described request
In the encryption space of example.
3. a kind of method of protection secure virtual machine, it is characterised in that being applied to virtual credible platform module vtpm manager, is wrapped
Include:
When receiving the request of the startup user virtual machine sent at trusted application end, virtual according to the different user pre-building
Machine and unique correspondence mappings relation of different vtpm examples, determine the corresponding target vtpm example of described request;
Ask the corresponding key of described target vtpm example to physical trusted platform module ptpm;
The key sent using described ptpm, obtains the certificate of storage in described target vtpm example;
Described certificate is sent to described trusted application end.
4. a kind of method of protection secure virtual machine is it is characterised in that be applied to credible platform manager, comprising:
When receiving measurement results and the certificate that trusted application end is sent, using described certificate to physical trusted platform module
Ptpm asks described certificate corresponding gauge result;
When receiving the gauge result that described ptpm sends, verify the measurement results and institute sent at described trusted application end
State the similarities and differences of gauge result, and corresponding the result is sent to described trusted application end.
5. a kind of trusted application end is it is characterised in that include:
Metric element, for when virtual machine manager vmm startup user virtual machine is detected, generating corresponding measurement results;
First processing units, for being sent to virtual credible platform module vtpm management by the request starting described user virtual machine
Device;Receive the corresponding certificate of described request that described vtpm manager is sent;
Second processing unit, for being sent to credible platform manager by described measurement results and described certificate;Receiving
State the result for described measurement results and described certificate that credible platform manager is sent, and described the result is to test
When card passes through, notify described vmm.
6. trusted application end according to claim 5 it is characterised in that
Described metric element, specifically for by measuring to the mirror image of described user virtual machine and startup item, generating corresponding
Measurement results;
Described first processing units, specifically for starting the request of described user virtual machine, successively through described user virtual machine
In client vtpm drive and privileged virtual machine in server end vtpm drive, be forwarded in described privileged virtual machine
Vtpm manager;
And/or,
Described first processing units, are further used for for described measurement results being sent to described vtpm manager, so that described
Vtpm manager stores described measurement results to the described encryption space asking corresponding vtpm example.
7. a kind of virtual credible platform module vtpm manager is it is characterised in that include:
Determining unit, for when receiving the request of the startup user virtual machine sent at trusted application end, according to pre-building
Different user virtual machine and different vtpm examples unique correspondence mappings relation, determine described request corresponding target vtpm
Example;
Processing unit, for asking the corresponding key of described target vtpm example to physical trusted platform module ptpm;
Acquiring unit, for the key sent using described ptpm, obtains the certificate of storage in described target vtpm example;
Transmitting element, for being sent to described trusted application end by described certificate.
8. a kind of credible platform manager is it is characterised in that include:
First processing units, for when receiving measurement results and the certificate that trusted application end is sent, using described certificate to
Physical trusted platform module ptpm asks described certificate corresponding gauge result;
Second processing unit, for when receiving the gauge result that described ptpm sends, verifying described trusted application end
The measurement results sent and the similarities and differences of described gauge result, and corresponding the result is sent to described trusted application
End.
9. a kind of system of protection secure virtual machine is it is characterised in that include:
Trusted application end as described in claim 5 or 6, virtual credible platform module vtpm as claimed in claim 7 management
Device, credible platform manager as claimed in claim 8, physical trusted platform module ptpm;
Described ptpm, for receiving the request for the corresponding key of target vtpm example that described vtpm manager is sent
When, described request is verified, and when verification is passed through, the corresponding key of described target vtpm example of storage inside is sent out
Give described vtpm manager;Receiving that described credible platform manager sends for certificate corresponding gauge result
Request when, described request is verified, and when verification is passed through, by the corresponding gauge of described certificate of storage inside
Result is sent to described credible platform manager.
10. according to claim 9 protection secure virtual machine system it is characterised in that
Further include: virtual machine layer, virtual machine manager vmm;
Described virtual machine layer includes: privileged virtual machine and at least one user virtual machine, wherein, described privileged virtual machine includes
There is described vtpm manager server end vtpm to drive, all include client vtpm in each described user virtual machine and drive
Dynamic;
Described trusted application end is installed in described vmm;
Described vmm, during for starting any user virtual machine at least one user virtual machine described, notify described credible should
With end;When receiving the notice that described trusted application end is sent, formally start this user virtual machine;
Described trusted application end, specifically for being sent to the client in this user virtual machine by the request starting user virtual machine
Vtpm drives, so that described client vtpm drives forwards the request to described server end vtpm driving;
Described vtpm manager, specifically for receiving the described request that described server end vtpm driving is sent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943170.2A CN106354550A (en) | 2016-11-01 | 2016-11-01 | Method, device and system for protecting security of virtual machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943170.2A CN106354550A (en) | 2016-11-01 | 2016-11-01 | Method, device and system for protecting security of virtual machine |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106354550A true CN106354550A (en) | 2017-01-25 |
Family
ID=57864228
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610943170.2A Pending CN106354550A (en) | 2016-11-01 | 2016-11-01 | Method, device and system for protecting security of virtual machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106354550A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107392030A (en) * | 2017-07-28 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for detecting virtual machine and starting safety |
CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
CN108804203A (en) * | 2018-06-15 | 2018-11-13 | 四川大学 | VTPM private information guard methods based on label |
CN110647740A (en) * | 2018-06-27 | 2020-01-03 | 复旦大学 | TPM-based container trusted boot method and device |
CN112257064A (en) * | 2020-10-31 | 2021-01-22 | 海光信息技术股份有限公司 | Nested page table measurement method, device and related equipment |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060020781A1 (en) * | 2004-06-24 | 2006-01-26 | Scarlata Vincent R | Method and apparatus for providing secure virtualization of a trusted platform module |
CN101043338A (en) * | 2007-04-27 | 2007-09-26 | 中国科学院软件研究所 | Safety requirement based remote proving method and system thereof |
CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
CN101533434A (en) * | 2009-04-10 | 2009-09-16 | 武汉大学 | Leakage-proof credible virtual machine remote certification method facing sensitive data |
CN101599022A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | The Trustworthy computing base cutting method that is used for dummy machine system |
CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
CN102594558A (en) * | 2012-01-19 | 2012-07-18 | 东北大学 | Anonymous digital certificate system and verification method of trustable computing environment |
CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
CN103843303A (en) * | 2012-11-22 | 2014-06-04 | 华为技术有限公司 | Management control method, device and system for virtual machine |
CN104715183A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | Trusted verifying method and equipment used in running process of virtual machine |
CN104935589A (en) * | 2015-06-12 | 2015-09-23 | 浪潮电子信息产业股份有限公司 | Method and system for constructing trusted computing pool and authentication server |
CN105528239A (en) * | 2016-01-15 | 2016-04-27 | 北京工业大学 | Key managing method for trusted root server based virtual trusted platform module (VTPM) |
-
2016
- 2016-11-01 CN CN201610943170.2A patent/CN106354550A/en active Pending
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060020781A1 (en) * | 2004-06-24 | 2006-01-26 | Scarlata Vincent R | Method and apparatus for providing secure virtualization of a trusted platform module |
CN101043338A (en) * | 2007-04-27 | 2007-09-26 | 中国科学院软件研究所 | Safety requirement based remote proving method and system thereof |
CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
CN101533434A (en) * | 2009-04-10 | 2009-09-16 | 武汉大学 | Leakage-proof credible virtual machine remote certification method facing sensitive data |
CN101599022A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | The Trustworthy computing base cutting method that is used for dummy machine system |
CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
CN102594558A (en) * | 2012-01-19 | 2012-07-18 | 东北大学 | Anonymous digital certificate system and verification method of trustable computing environment |
CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
CN103843303A (en) * | 2012-11-22 | 2014-06-04 | 华为技术有限公司 | Management control method, device and system for virtual machine |
CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
CN104715183A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | Trusted verifying method and equipment used in running process of virtual machine |
CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
CN104935589A (en) * | 2015-06-12 | 2015-09-23 | 浪潮电子信息产业股份有限公司 | Method and system for constructing trusted computing pool and authentication server |
CN105528239A (en) * | 2016-01-15 | 2016-04-27 | 北京工业大学 | Key managing method for trusted root server based virtual trusted platform module (VTPM) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107392030A (en) * | 2017-07-28 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for detecting virtual machine and starting safety |
CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
CN108804203A (en) * | 2018-06-15 | 2018-11-13 | 四川大学 | VTPM private information guard methods based on label |
CN108804203B (en) * | 2018-06-15 | 2019-06-21 | 四川大学 | VTPM private information guard method based on label |
CN110647740A (en) * | 2018-06-27 | 2020-01-03 | 复旦大学 | TPM-based container trusted boot method and device |
CN110647740B (en) * | 2018-06-27 | 2023-12-05 | 复旦大学 | Container trusted starting method and device based on TPM |
CN112257064A (en) * | 2020-10-31 | 2021-01-22 | 海光信息技术股份有限公司 | Nested page table measurement method, device and related equipment |
CN112257064B (en) * | 2020-10-31 | 2024-02-09 | 海光信息技术股份有限公司 | Nested page table measurement method, device and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6703539B2 (en) | Device verification method and device | |
CN104160403B (en) | Use single credible platform module measuring table part | |
CN106354550A (en) | Method, device and system for protecting security of virtual machine | |
JP6463269B2 (en) | Method, system, and computer program product for determining the geographical location of a virtual disk image running on a data center server in a data center | |
CN104462965B (en) | Application integrity verification method and the network equipment | |
US20120260345A1 (en) | Trust verification of a computing platform using a peripheral device | |
US20110061050A1 (en) | Methods and systems to provide platform extensions for trusted virtual machines | |
CN101650764B (en) | Creditable calculation password platform and realization method thereof | |
US11418499B2 (en) | Password security | |
CN102947795A (en) | System and method for secure cloud computing | |
CN110096887B (en) | Trusted computing method and server | |
CN109710315A (en) | BIOS writes with a brush dipped in Chinese ink the processing method of method and BIOS image file | |
WO2017143757A1 (en) | Trustworthiness measuring method and device for cloud computing platform | |
CN105227319A (en) | A kind of method of authentication server and device | |
CN109714303A (en) | BIOS starts method and data processing method | |
CN110768791A (en) | Zero-knowledge proof data interaction method, node and equipment | |
CN107861793A (en) | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium | |
CN105930733A (en) | Trust chain construction method and apparatus | |
CN108595983A (en) | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment | |
CN109889477A (en) | Server based on trusted cryptography's engine starts method and device | |
CN107315945A (en) | The disk decryption method and device of a kind of electronic equipment | |
CN111147259A (en) | Authentication method and device | |
CN104751042B (en) | Creditability detection method based on cryptographic hash and living things feature recognition | |
CN112948771B (en) | Authority verification method and device, readable storage medium and electronic equipment | |
CN106886473A (en) | A kind of startup method of server, device and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170125 |