Research On The Virtualization Of TCM On The Trusted Root Server

In recent years, with the development of cloud computing technology, its security problem has become more and more serious. Trusted cloud computing is an important technique that uses trusted computing technology to protect cloud computing environment security. C urrent trusted cloud architecture is mainly based on the Xen platform. It virtualizes the trusted chip in the platform itself to protect the virtual machine. There are some problems in the current trusted cloud platform. Firstly, virtualizing the trust chip in the platform will make its efficiency low. And then, when the entire platform was hacked, the security of the virtual trusted chip can’t be guaranteed. Lastly, the current trusted cloud architecture is more complex in the virtual machine migration process. To solve the problems, all the trust protection functions can be separated from the cloud environment and put on the same machines called the Trusted Root Server. The server can provide trusted services to the virtual machine in cloud environment, which not only improves the efficiency of the physical trusted chip, but also makes the migration of virtual machine easy. The most important to realize the Trusted Root Server is to accomplish the virtualization of the trusted chip.This paper made the TCM as the trust chip on the Trusted Root Server, analyzed its virtualization requirements and proposed a solution on the virtualization architecture of TCM and made a deep research on how to realize the function of v TCM instances and v TCM manager.Firstly, the paper offered methods for the keys’ generation, load, storage and destroy to manage instances’ secret keys on the server. Secondly, a general method of the realization of each function was proposed to solve the problem in the security metrics, data protection and policy management functions, which improves the integrity of the v TCM instance. Thirdly, for the problem of v TCM instance having no initial state, the real initial state of TCM was stored to serve as the instances’ initial state. And then, this paper set up a process on how to release resources and destroy instance for the life-ending v TCM. Next, a method for v TCM instance state data recovery is proposed to solve the TCM sharing problem and ensure the realization of the v TCM instance. Finally, this paper realized the key modules in the solution and made a test on the Cryptographic Support Platform for Trusted Computing. The test results shows that the proposed solution achieves the goal. The v TCM instance can realize the most important trust function and can be created, called, destroyed by the v TCM manager.The solution proposed in the paper meets the security demands of the Trusted Root Server. It can provide the trust service for the virtual machine and improve the efficiency of TCM resources. It also has a certain reference value for solving the current popular security problem in the cloud computing technology.