Building Trusted Remote Desktop Based On Web In XCP Environment

As trust computing technology solves some safety problems of traditional computer security, trust computing has developed rapidly recently, especially in these years when computing becomes more and more complex. How to ensure platform integrity, authenticity and privacy is given more prominence by computer experts. At the same time, virtualization becomes more and more important recently because cloud computing is based on it. This lead the rapid development of XCP(Xen Cloud Platform). So we can think about improving security of XCP with trust computing technology. The key point of this article is improving security of remote desktop in XCP environment. Our research object is Xen Web Manager, which is the only web-based remote desktop in XCP environment.The traditional Python Web technology is vulnerable to Trojan horse attacks, these malicious programs can tamper the function of programs and modify important configuration files. These shortcomings are inevitable to traditional Python Web technology. In order to solve these problems, this paper introduces trust computing technology into Python Web applications. Our work mainly includes:1. Analyze the main RPCs of remote desktop and decide when to measure the integrity of the server, this article choose the time when server deals with client request and before RPC calls to perform integrity measurement. So we can ensure the server integrity is known when server is to perform RPC calls and take actions according to measurement result. Then we raise the whole design of remote desktop and add a trust layer to ensure dependability and safety.2. Design and realize the policy-based integrity measurement module, we use static integrity measurement to measure integrity of server, the integrity of source files can ensure the integrity of process. In order to perform valid modification of source files, we should improve the traditional integrity measurement technology and we introduce a new method——measure policy. The improved integrity measurement no longer treats all modification invalid but the unexpected modification.3. Design and realize the remote attestation module and integrate it into remote desktop. Above improvement can be only applied into local computer but not remote network. In order to extend the new method to whole network, we improve remote attestation and apply it into Xen Web Manager. After the extension, we really apply trust computing into web application and this is a good start point to improve security of network.The method in this article in not only applicable for Xen Web Manager, but also all python web applications. It can improve security of most script-based web applications and the environment of network.