The Research Of Key Protection On Software-based Virtualized TPM Based On Trust Cloud Environment

Cloud computing system is not only faced with the traditional network and information systems and other security issues,but also faced with some new security threats which are arised from operationnal charateristics of itselves.Among them,cloud tenants how to know the cloud platform to provide resources and services is safe,how to ensure that the cloud platform is credible,this is a crucial issue.Trusted computing is a fundamental means of ensuring the reliability of the computing platform.It provides information protection,identity authentication and integrity measurement,storage and reporting to improve the credibility of the computing platform as a whole.Because of the limit of hardware resources it is unrealistic to share the TPM function for all the virtual machine on the trusted virtual platform.Therefore,many of the current virtual platform use the emulator to virtualized the TPM.that is,using the software vTPM to simulate the function of TPM.However there are many attacks in the virtual machine environment are easily to steal and destroy the key information which exist in the running space of this vTPM,especially in the Full Virtualization platform and Hardware Assisted Virtualization platform,the keys information of vTPM will more vulnerable to attack due to the whole virtual machine are in the user space of VMM,this will seriously affect the safety of the virtual machine and vTPM.In this paper,based on software simulation vTPM and full virtualized VMM memory management mechanism research,proposed a software simulation vTPM key information protection scheme,the scheme based on the shadow page table mechanism,mainly in the full virtualization or In the hardware virtualization platform,the key secret information of the vTPM is protected by the new shadow page table management module MMU-vTPM.The management module manages the private memory of the vTPM key through the vTPM key private memory allocation and recovey algorithm.VTPM key private memory page table access control to prevent other processes from accessing and destroying vTPM key secret information private memory.And then based on XEN to achieve the vTPM key private memory management and access control,and design experiments from the two aspects of function and performance of the v TPM key private memory access control test,the test results show that the program can guarantee vTPM vEK And vSRK and other key key secret information security,and will not bring serious performance losses.At last,in order to prevent the tamper of MMU-vTPM module from the malicious users we use the static integrity measurement and dynamic integrity measurement to measure the integrity of MMU-vTPM module,provides the backup and the recovery methods to protect the MMU-vTPM module.And the static integrity measure and dynamic integrity measure of MMU-vTPM module are realized based on Xen.The experiment results shown that the MMU-vTPM module dynamic integrity architecture can identify the attack on MMU-vTPM module code segment and keep the security of the MMU-vTPM module.