Trusted Grub & Virtualization Of Trusted Device Forward Trusted Chain In Xen-Based Secure Computer

With the widespread use of computer technology and the continuous increase of the degree of the social informatization, information security not only with the personal lives, but also affect the interests of enterprises and government departments. The emergence of security computer, to a certain extent, improved the security of the terminal. Use of trusted chain mechanism in the trusted computing technology to provide more secure for security computer, is the basis of enhance the security of computer terminals. As a key part of building trusted chain, trusted grub is essential. For the defect that lack of effective trusted grub mechanism in security computer, on the basis of trusted grub in the privileged domain, we designed and implemented trusted grub process for virtual guest system. Meanwhile, a trusted device virtualization, making the process of trusted grub more simple, and also provides virtual guest system a corresponding virtual trusted service. Our works in this paper are showed as follows.1. Researched that the introduction of virtualization technology in the security computer brought security features, and analyzed the deficiencies in the protection of the basic security of its platform, takes the concept that introduce the trusted chain mechanism of trusted computing technology into security computer platforms.2. Introduced the basic architecture of security computer and Xen virtualization technology's usage in it. Analyzed the status of trusted computing technology, researched the TPM and the trusted chain as the core technologies of trusted computing, and lay the foundation for the trusted computing technology's application in security computer;3. For the current security computer trusted platform needs, point out the defects that trusted grub used in security computer, proposed to improvement strategies taht add the trusted grub process of virtual guest system.4. By the analysis of the boot process of virtual guest systems, determine the trusted grub program and by modifying the source code of Xen virtual machine and add the method of measurement process was achieved. The features of Trusted grub for virtual guest system include: (1) Create the integrated process of measure from the privileged domain to virtual guest system based on the trusted grub of privileged domain; (2) Measured key files in order at the trusted grub, ensure the grub process is sequential; (3) The use of the function of the virtual trusted devices, made trusted grub's implementation are more convenient and flexible.5. Designed and implemented the trusted device virtualization, making the implementation of trusted grub of the virtual guest systems easier. Deivece slso provides the capabilities of access to trusted device for virtual guest system and enable the virtualization of domestic TCM chips possible;6. The testing and analyzing to trusted grub shows that our program measured the state of virtual guest system correct and combined to the trusted grub process of privileged domain form a complete trusted chain; The function testing to virtual trusted devices also demonstrated its effectiveness, flexibility and scalability.