《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > 云環(huán)境下國(guó)產(chǎn)可信根TCM虛擬化方案研究
云環(huán)境下國(guó)產(chǎn)可信根TCM虛擬化方案研究
《信息技術(shù)與網(wǎng)絡(luò)安全》2020年第6期
趙 軍1,王 曉2
1.張家口學(xué)院 數(shù)學(xué)與信息科學(xué)學(xué)院,河北 張家口075000;2.天津財(cái)經(jīng)大學(xué) 理工學(xué)院,天津300222
摘要: 將可信計(jì)算技術(shù)應(yīng)用于云計(jì)算環(huán)境中是保證云安全的有效途徑。針對(duì)國(guó)產(chǎn)可信計(jì)算的可信根可信密碼模塊(Trusted Cryptography Module,TCM)只適用于單機(jī)平臺(tái),無(wú)法為多虛擬機(jī)的云平臺(tái)提供安全可信性保障的問(wèn)題,對(duì)TCM的虛擬化方案進(jìn)行研究,構(gòu)建云可信根(Cloud TCM,C-TCM)架構(gòu)。在C-TCM物理環(huán)境內(nèi)部構(gòu)造宿主可信根和虛擬可信根,分別為物理宿主機(jī)和虛擬機(jī)提供可信服務(wù),同時(shí)在虛擬機(jī)監(jiān)視器層部署虛擬可信根管理機(jī)制,實(shí)現(xiàn)虛擬可信根對(duì)C-TCM硬件資源的共享。該方案可有效保證云平臺(tái)的安全可信性。
中圖分類號(hào): TP393
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2020.06.008
引用格式: 趙軍,王曉. 云環(huán)境下國(guó)產(chǎn)可信根TCM虛擬化方案研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2020,39(6):44-48,67.
Research on virtualization scheme of domestic trusted root TCM in cloud environment
Zhao Jun1,Wang Xiao2
1.School of Mathematics Information Science,Zhangjiakou University,Zhangjiakou 075000,China; 2.Institute of Science and Technology,Tianjin University of Finance and Economics,Tianjin 300222,China
Abstract: Applying trusted computing technology to cloud environment is an effective way to ensure cloud security. The trusted cryptography module(TCM) of domestic trusted computing is suitable for single platform, but can not provide security and credibility guarantee for cloud platform with multi virtual machines. Aiming at this problem, the virtualization scheme of TCM is studied, and the architecture of cloud TCM(C-TCM) is constructed. In the physical environment of C-TCM, host trusted root and virtual trusted root are constructed, which provide trusted services for physical host and virtual machine respectively. At the same time, virtual trusted root management mechanism is deployed in the virtual machine monitor layer to realize the resources sharing of C-TCM hardware. This scheme can effectively guarantee the security and credibility of the cloud platform.
Key words : cloud security;trusted computing;the virtualization of trusted cryptographic module TCM;the architecture of cloud trusted root C-TCM

云計(jì)算環(huán)境中的信息安全問(wèn)題是一個(gè)系統(tǒng)性的工程問(wèn)題,以往的安全機(jī)制缺乏關(guān)聯(lián)性,只是從某些方面去解決特定問(wèn)題,不能構(gòu)建整體性的解決方案。可信計(jì)算技術(shù)作為信息安全的有力保障,基于可信根構(gòu)建貫穿系統(tǒng)各個(gè)關(guān)鍵部分的信任鏈,從信任的角度入手整合系統(tǒng)中的各項(xiàng)安全機(jī)制,為系統(tǒng)提供整體性的安全支撐。將國(guó)產(chǎn)可信計(jì)算技術(shù)應(yīng)用于云計(jì)算環(huán)境中,構(gòu)建國(guó)產(chǎn)可信的云安全基礎(chǔ)設(shè)施環(huán)境,是解決我國(guó)云安全問(wèn)題的有效途徑。在最新頒布的《信息安全技術(shù) 網(wǎng)絡(luò)安全等級(jí)保護(hù)基本要求》(等保2.0)中,加入了基于國(guó)產(chǎn)可信計(jì)算技術(shù)的可信驗(yàn)證要求,因此基于國(guó)產(chǎn)可信計(jì)算構(gòu)建安全可信的云計(jì)算環(huán)境具有重要現(xiàn)實(shí)意義。

可信根作為信任的源頭是可信計(jì)算技術(shù)的核心組件。我國(guó)提出了自己的可信根可信密碼模塊(Trusted Cryptography Module,TCM)。傳統(tǒng)的TCM適用于單機(jī)平臺(tái),通過(guò)TCM可以保證單機(jī)計(jì)算系統(tǒng)的安全可信性,但是無(wú)法滿足云計(jì)算環(huán)境中多虛擬機(jī)對(duì)可信根的使用需求。為了使TCM適用于云計(jì)算環(huán)境,本文提出一種TCM虛擬化方案,構(gòu)建云可信根(Cloud TCM,C-TCM)架構(gòu),為云計(jì)算節(jié)點(diǎn)中物理宿主機(jī)及多虛擬機(jī)提供可信根服務(wù),為構(gòu)建安全可信的云計(jì)算環(huán)境提供有力支撐。



本文詳細(xì)內(nèi)容請(qǐng)下載: http://ihrv.cn/resource/share/2000003192

作者信息:

趙  軍1,王  曉2

(1.張家口學(xué)院 數(shù)學(xué)與信息科學(xué)學(xué)院,河北 張家口075000;2.天津財(cái)經(jīng)大學(xué) 理工學(xué)院,天津300222)


此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。