| Trusted Computing, which uses the Trusted Platform Module (TPM) as the roots of trust for storage and measurement, aims to use hardware enforcement mechanisms to provide an adequate foundation for building a high-assurance trusted platform. The combination of trusted computing and virtualization technologies is a very promising paradigm for security and trust. The current Xen open source hypervisor has implemented a vTPM facility in order to provide the illusion of a physical TPM to the applications in the TVM. However, there exist at least three problems for trusted computing in the guest virtual machines. First, the TVM may crash when applying the platform integrity measurement techniques (IMT), which is designed for a physical TPM, directly to the TVM using the vTPM facility. Sceond, the TVM kernel boot files can only be measured during the privileged domain booting. Then, whenever a TVM re-boots, all virtual machines must re-boot in order to measure the TVM kernel boot files. The last one is that there is no binding between the vTPM and the physical TPM in vTPM facility on Xen.This thesis aims to solve these problems and provide a physical TPM-based trust chain to the applications in the TVM. We first propose the methods of establishing the trust chain in full-virtualization and para-virtualization modes, respectively. Then we design and implement the mechanisms to support the trust chain establishment. The mechanisms include. 1) achieving the binding between physical TPM and the vTPM device, 2) a flexible and robust of integrity measurement technology for the TVM kernel files, 3) seamless integration of the IMT with the TVM operating systems. At last, we validate the correctness of our design and implementation via experiments. |
PDF Full Text Request