Research On Measurement Apporoach For The Trusted Virtual Domains

In recent years,with the surge of cloud computing,more and more enterprises begin to join the camp of cloud computing research and deployment.However,cloud computing faces lots of security risks.Virtualization technology is the basis for cloud computing to achieve resource sharing and improve resource utilization.Once any of security problem occurs,all cloud computing users will be affected.Therefore,how to improve the security of virtual domains in the cloud computing environment effectively has become the key issue to be solved urgently.The combination of trusted computing and virtualization is a new way to solve the security issues.According to the trusted compute of a level certifate of another level,we start from the physical credible roots to build a trusted chain for the operating environment,so that we can provide credible technical support.From the physical server to the virtual domain and applications,we can build a high security level information system.In the cloud computing environment,application and computer resources are no longer controlled by normal users.Building trust-oriented virtual domains through trusted measurement can prevent illegal tampering and unauthorized access of internal resources.Based on this,the main work of this paper is as follows:First,we propose an idea of two-stage measurement scheme for virtual domain security.The physical trusted platform module is used to measure the integrity of the cloud computing platform.Based on this,we measure the configuration of the virtual domain from the out of the box.After the virtual domain is started,the high-performance hardware can provide the virtual credible root for multiple virtual domains by its hardware virtualization.Then we can measurement the dynamic behavior of the virtual domain efficiently;Second,we design and implement the first stage measurement of the static measurement scheme.First of all,the server start based on trusted platform module is implemented.Secondly,according to the requirement of classified protection and the security core configuration specification,we designed the security configuration baseline and based on this,we measure the configuration of the virtual domain from the outside of the domain.Thus we can build the first phase for the virtual domain measurement;Third,we design and implement the trusted virtual roots.This paper studies the method of trust transfer in the virtual domain and make use of the hardware.virtualization of the high-performance hardware we design the virtual TPM.Each virtual domain can maintain its own virtual trusted platform module independently;Fourthly,we design the second stage of the dynamic measurement.Based on the idea of the out-of-box monitoring,we monitor the behavior of the virtual domain after booting.It does not depend on the security mechanism of the virtual domain operating system and has better security.Finally,this paper implements a prototype system of two-stage measurement.The result of test shows that the scheme can improve the measurement effect of the virtual domain from the aspects of comprehensiveness and timeliness,and also has good compatibility with the mainstream virtual domain operating system.Also,this scheme can solve some major problems of the trustworthiness measurement in the current virtualization security effectively.