| The rapid development of cloud computing technology provides low-cost and fully-functional cloud computing and cloud storage services for various traditional industries and emerging industries.Virtual machine migration is one of the key research directions of cloud computing.In the process of virtual machine migration,there are problems such as lack of inter-platform authentication and integrity metric verification.Focusing on the technical characteristics and service models of cloud computing itself,it seriously affects the effectiveness of traditional information security solutions.The application of trusted computing technology can effectively reduce cloud computing security risks.Based on the TPCM proposed in the trusted 3.0 phase,this paper proposes a migration scheme for protecting the trustworthy virtual machine migration in order to protect the atomicity of the virtual root migration operation during the process of the migration of the credible virtual machine,providing the platform,and verifying the trusted state of the virtual machine.It also proposes a security protection mechanism that actively monitors and actively measures the migration behavior.For the security problems in the process of the credible virtual machine migration,this paper has conducted the following research:(1)Summarize the current research literature of experts and scholars on the credible virtual machine migration in the cloud environment,pointing out the inadequacies of the existing solutions,summarizing the security protection requirements for the credible virtual machine migration process,and presenting them according to specific security requirements.This article's trusted virtual machine migration program.(2)For the complete process of controlling the migration of credible virtual machines,this paper proposes a virtual machine central migration engine.At the control node,a complete monitoring and management mechanism for trusted virtual machine migration is deployed to provide cloud environment resource monitoring and migration process control.An atomic protection mechanism is proposed to prevent the virtual trust root and the virtual root copy from running at the same time.At the end of the migration,the virtual root copy is recovered,ensuring the atomicity of the virtual root trust migration operation.(3)This paper proposes a trusted migration agent for the active monitoring of the operation behavior of trusted virtual machine migration,and the certification of the platform and virtual machine trust status.By loading the Linux Security Module(LSM)at the kernel level and setting the Hook point,active monitoring of the startup behavior of the trusted VM migration process is performed.In order to prevent the trusted state of the cloud trusted platform before and after the virtual machine migration from being damaged,the platform remote certification module and the integrity verification module are added to ensure the legality of the platform identity and the system integrity of the platform and the virtual machine.Through the netlink technology,message communication between the migration control module and the application layer module is realized,and a reasonable communication mechanism is provided for the kernel layer module and the application layer module of the trusted migration agent.(4)According to the design of the credible virtual machine migration scheme in this article,this paper deploys a trusted cloud environment on the XenServer platform,creates a trusted virtual machine,and performs functional tests and performance tests on related modules of the credible virtual machine migration.,verifying the effectiveness of the system. |