Research On The Trusted Virtual Platform Remote Attestation Method In Cloud Computing

With the rapid development of internet technology,cloud computing has penetrated into all aspects of people's life.With the support of virtualization technology,cloud computing can provide flexible,variable and extensible service,users can get this application services at any location and terminals,even user can not know the specific location of the service.However,while people are enjoying the convenience provided by this service,there are also many security risks.Trusted computing is a basic means to ensure the trustworthiness of computing platform.It can improve the credibility of computing platform by providing data protection,identity attestation,integrity measurement,storage and reporting.Therefore,we can integrate trusted computing into cloud computing,and use remote attestation mechanism of trusted technology to authenticate the virtual platform in cloud environment,and this is an important way to ensure cloud security.Trust based on attestation,only attestation can build trust in an untrusted environment.The remote attestation mechanism of trusted computing is a way to prove its trust by providing platform identity information and software configuration information to the challenger.This paper studies the remote attestation method of the trusted virtual platform in the cloud environment,and the main work is completed as follows:First,this paper analyzes the trusted virtual platform in the cloud environment and the remote attestation method of the existing trusted platform.Trusted virtual platform cloud environment includes the physical platform(Physical Platform:PP),a virtual machine manager(Virtual Machine Manager:VMM)and the virtual machine(Virtual Machine:VM),they are different logic operation entities,hierarchical and dynamic;the existing trusted terminal remote attestation scheme,including PCA(Privacy Certification Authority:PCA)privacy plan and direct anonymous attestation(Direct Anonymous Attestation:DAA)scheme,and can not be directly used for virtual trusted platform,we need to design suitable for cloud platform virtualization remote attestation scheme.Next,based on the characteristics of the trusted virtual platform,this paper proposes a top-down remote attestation method called TVP-PCA.TVP-PCA project designs a attestation agent(VMAgent)in VM,a new virtual machine manager attestation service(VMMService)in VMM,the Challenger can use the VMAgent to prove that the VM is trusted at first,and then use the underlying service to prove that the virtual machine manager be trusted,both attestations together ensure the credibility of the entire virtual.The method also solves the problem of identity,which is to ensure that the VMM of the top level authentication and the VM of the underlying authentication are on the same physical platform.Then,design and implement of the TVP-PCA method,the design content mainly includes virtual machine certification agent,virtual machine manager certification service and Challenger agent.First of all,complete requirement analysis and structural analysis,which is a very important part of software engineering,and we can clarify the specific work and construction set of the agents and service.Then in order to allow the agent to communicate with each other,we design a special communication protocol,the flow chart shows the workflow of the agent.Last,verify the efficiency of the proposed TVP-PCA.Experiments show that the method can prove the reliability of virtual machine in cloud environment,and also can remote attestation of the VMM and the physical platform.Finally,use the the trusted check algorithm to determine whether the virtual platform in the cloud environment is really credible.