The Research And Realization Of VTPM Live Migration In Cloud Platform

Aiming at the lack of secure and effective migration scheme of vTPM on cloud platform,this paper deeply analyzes and studies the live migration and vTPM architecture of virtual machine.Based on the migration mechanism of QEMU itself,we design an efficient live migration solution for vTPM(virtual Trusted Platform Module)which is suitable for cloud platform.We also introduce the basic theory of trusted computing and use the trusted hardware chips to provide security ensurence for vTPM migration.The solution takes full account of the diversity and complexity of the cloud platform environment,and uses the trusted hardware chip to authenticate and verify the security status of the migrating nodes to ensure the authenticity and reliability of both nodes.We integrate the key generation function of TPM(Trusted Platform Module)for session key negotiation and establish a secure encrypted transmission channel between the migration source node and the destination node to ensure the security of the transmission data.At the same time,we use the trusted hardware chip to create a pair of protection keys to protect the vTPM private data.During the migration process,we securely migrate the keys to the TPM in the destination node along with vTPM.Then we analyzes and studies the vTPM and the hardware migration mode of QEMU simulator,and designs a vTPM device migration method which combines the vTPM migrationan and QEMU migration.Meanwhile,we design vTPM state management module and device migration module to complete the preservation,transmission and recovery of vTPM running state in stop phase of live migration.Thus to ensure the consistency of vTPM state before and after the migration.Finally,according to the designed vTPM migration solution,we set up the experimental environment and test the the feasibility,efficiency,and especially,security,of the migration solution.The experiment results show that the solution is feasibly and secure and has a high efficiency.Thus this solution has a certain theoretical value and practical significance to the construction of vTPM in cloud platform.