Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Trustworthy computing base cutting method used for virtual machine system

A trusted computing and virtual machine technology, applied in computing, computer security devices, instruments, etc., can solve problems affecting the implementation of trusted verification, unfavorable static trust chain construction, leakage threats, etc., to achieve enhanced security and startup speed, Effect of reducing the risk of leakage and preventing tampering or destruction

Inactive Publication Date: 2009-12-09
WUHAN UNIV
View PDF1 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if the trusted computing base is too large, malicious behavior in the special area will pose a threat of leakage to the virtual machine with sensitive data. Therefore, it is necessary to decompose the privileged functions of the privileged domain to reduce the impact of malicious behavior in the privileged domain on the customer virtual machine.
In addition, the update and changes of privileged domain users or hypervisors are not conducive to the construction of the existing static trust chain, thus affecting the implementation of trusted verification for virtual machine environments (virtual machines and trusted computing bases) with sensitive data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trustworthy computing base cutting method used for virtual machine system
  • Trustworthy computing base cutting method used for virtual machine system
  • Trustworthy computing base cutting method used for virtual machine system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The invention proposes a trusted computing base cutting method for a virtual machine system. The trusted computing base in the prior art includes a hardware layer (including CPU, BIOS, etc.), a VMM layer, a vTPM manager, a Domain Builder, a kernel, and sensitive data access policies. The present invention places vTPM manager, DomainBuilder and sensitive data access policy in a domain isolated from domain 0. According to the virtual machine technology, domains other than the privileged domain belong to the user domain, but the domain established by the present invention is for the purpose of security and anti-leakage, so it is called a special user domain, which is recorded as domain B in the embodiment. In order to support the work of Domain Builder, it is necessary to realize the communication mechanism between domain B where Domain Builder is located and domain 0. see image 3 , under the tailoring scheme of the present invention, the trusted computing base includes...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a trustworthy computing base anti-leakage cutting method used for a virtual machine system; the virtual machine system comprises a hardware layer, a virtual machine monitor layer, a virtual trusted platform module manager, a domain creating module, a kernel and a sensitive data access policy; the virtual trusted platform module manager, the domain creating module, the kernel and the sensitive data access policy are positioned at a privilege domain; the method is characterized in that: a special user domain which is isolated with the privilege domain is built, the virtual trusted platform module manager, the domain creating module and the sensitive data access policy are moved to the special user domain, and the kernel is kept in the privilege domain; communication is built between the privilege domain and the special user domain, and the trustworthy computing base is formed by the hardware layer, the virtual machine monitor layer, the virtual trusted platform module manager, the domain creating module and the sensitive data access policy; the invention provides a trustworthy computing base cutting proposal, the advantages of the traditional trustworthy computing base proposal is not only kept, but also the safety and starting speed of the virtual machine system are enhanced.

Description

technical field [0001] The invention relates to the technical field of computer information security, and mainly relates to a trusted computing base anti-leakage tailoring method for a virtual machine system. Background technique [0002] The survey results of the National Information Security Evaluation and Certification Center show that among numerous attacks and incidents, information leakage incidents are the main security incidents, which have brought huge economic losses to enterprises. Existing data leakage prevention systems are mainly implemented by embedding certain security modules in the operating system or by restricting network boundaries, but the credibility of the operating system cannot be guaranteed and various malicious software can infringe on sensitive data computing systems. The availability of existing anti-leakage mechanisms is severely compromised, compromising sensitive data security. [0003] A virtual machine system based on a virtual machine mon...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/445G06F21/00G06F21/53
Inventor 王丽娜余荣威寇鹏匡波周凯柯晋尹磊尹帆
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com