Design And Research On The Trusted Virtual Machine System Based On Xen

Currently, information security plays a wondrously important status in maintaining national interests and defense security, enhancing military building and winning modern information battles. Trusted Computing is a new measure to maintain the security of information system, but its present applications have following problems: Firstly, there is a contradiction between the trusted computing's secure control to the terminal platform and user's flexibility to the host operation. Secondly, there are considerably rare researches and applications about Trusted Computing and operating systems.This paper brings forward a framework of Trusted Computing Platform based on the virtual machine system——TCP/VMM, solving the first problem mentioned above. Then, to solve the second problem, this paper studies the integration of Trusted Computing and VMM (Virtual Machine Monitor) particularly and completes the design and initial implement of the Xen-based trusted virtual machine system that accords to the framework designed. The main work of this paper is as follows:1. It lucubrates trusted computing and Xen technologies and analysis both the advantages and disadvantages of their integration, showing clearly a research direction for the design and implementation of the Xen-based trusted virtual machine system.2. Aiming at the construct traits of the Xen system and combining with the theory of the operating systems, it designs an architecture of the Xen-based trusted virtual machine system, emphasizing on some critical components' constitute and its working course.3. It lucubrates two key components of the trusted computing platform designed by TCG specification, TSS and TPM, and their application and implementation manner in the Xen-based trusted virtual machine system. Also, according to the trust transfer principal in TCG specification, it designs and realizes the system's trusted bootstrap, using the open-source software—TrustedGRUB.4. Aiming at the correlative migration problems produced when applying the trusted computing technologies to the virtual machine systems, it improves the implement manner of the trusted computing function and the existing vTPM migration protocol, solving the problems in the Xen-based trusted virtual machine system.5. Aiming at the TOCTOU attack problems undergoed by the integrity measurement mechanism when applied in the native system, it improves the intrinsic Xen VMM, adding a supervise mechanism on the memory pages used to store trusted codes, bringing the Xen-based trusted virtual machine system able to withstand the TOCTOU attack.