| Cloud computing virtualizes large-scale computing resources for sharing,and provides to external users on demand through the Internet in a service manner.However,the owner of cloud platform's management rights switch from users own to cloud service provider,and cloud computing's multi-tenancy features may cause security troubles of virtual infrastructure software.Therefore,effective security mechanism is required to make the cloud server's execution credible.This paper carried out in-depth research on Xen,a representative open source virtual machine monitoring system in cloud environment,and found Domain 0's functions are miscellaneous,and data is at risk of being tampered with.Besides,Xen lacks virtual trusted certificate generation methods that conform to the TCG specification,and integrity of client virtual machine trust chain is incomplete.On that account,this paper proposed an improved scheme for Xen based on Domain T.With this architecture,Domain T anomaly detection method,vTPM trusted certificate generation method,and client virtual machine integrity measurement method are designed and implemented.The main contents of this paper are as follows:In the first place,this paper reviewed related fields research and analyzed hidden trouble of Xen's TPM virtualization solution in detail.For the excessive TCB size of Domain 0,the limited performance of vTPM calculations,and the problem of data security risk,an independent Domain T is designed.Domain T contains vTPM manager module and vTPM instance module,and optimized vTPM request scheduling mechanism during module migration.Xen's virtual machine resource isolation mechanism generally can protect the internal data of independence Domain T from malicious tampering,yet actually has the possibility of being bypassed.Hence,this paper proposed a software behavior detection scheme based on software credibility analysis and finite automata,and avoids malicious calls of functions in Domain T by other domains resulting in trusted computing data destruction.In the next place,this paper studied the existing vTPM certificate chain construction method,and discovered general issues with the use of AIK keys for signing TPM external data and vAIK certificates timeliness due to dependency on AIK certificates.Consequently,this paper introduced tEK,the identity key of Domain T,and extended virtual certificate chain by CA issuing tEK certificate to Domain T and Domain T issuing vEK certificate to vTPM,thus guaranteed the validity of vAIK certificate.In the meantime,to solve the problem of insufficient trust chain integrity caused by differences in startup process between Xen virtual machine and general physical machine,this paper compared existing client integrity metrics and researched on startup process of different types of virtual machine,designed and optimized virtual trust chain construction scheme for PV and HVM virtual machines separately,thereby realized the extension of hardware trust chain.In the end,this paper completed the Domain T architecture based on improvements to Xen,and implemented Domain T anomaly detection method and the construction scheme of virtual certificate chain and trust chain.By system running experiment,Domain T anomaly detection experiment,vTPM trust chain extension experiment,client system remote attestation experiment,and vTPM performance testing experiment,it is proved that this paper doesn't only enhance Domain T security and improve vTPM performance,but provides more effective capabilities of certificate generation and identity authentication compared to existing methods,and measures the integrity of client virtual machine accurately as well. |
PDF Full Text Request