Credible virtual machine platform

A technology of virtual machine and privileged virtual machine, applied in the field of virtual machine platform, can solve problems such as lack of communication between virtual domains and insufficient security mechanism of virtual machine platform, so as to improve stability and anti-attack, prevent malicious code transmission, prevent The effect of information leakage

Inactive Publication Date: 2011-01-26
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
6 Cites 37 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a trusted virtual machine platform to solve the problems of insufficient securi...
View more

Method used

When the management virtual machine 3 manages the non-privileged virtual machine 6, it first needs to identify the current authority. Under the user authority, it can only be opened and closed to the operation of the non-privileged virtual machine 6, and directly refuses to create, destroy or migrate non-privileged virtual machines. A request from a privileged virtual machine 6; create, manage, destroy and migrate a non-privileged virtual machine 6 under administrator authority. When the current authority is administrator authority, the management virtual machine 3 first calls the integrity measurement module 18 to measure the security enhanced virtual machine monitor 2 after receiving the command to create, destroy and migrate the non-privileged virtual machine, and after the measurement is successful , the management virtual machine 3 sends a creation, destruction or migration request to the security enhanced virtua...
View more

Abstract

The invention discloses a credible virtual machine platform, which comprises a hard disk (11), a USB Key (10) and a nonprivileged virtual machine (6), and also comprises credible hardware (1), a security enhancement virtual machine monitor (2), a management virtual machine (3), a communication virtual machine (4) and a driving virtual machine (5). The security enhancement virtual machine monitor (2) is bidirectionally connected with the credible hardware (1) and the management virtual machine (3) respectively; the management virtual machine (3), the driving virtual machine (5) and the communication virtual machine (4) are privileged virtual machines; the management virtual machine (3) creates, manages, destroys and transfers other virtual machines; the driving virtual machine (5) provides driving needed by the operation of the virtual machine and management of a virtual credible password module; and the communication virtual machine (4) takes charge of communication between inner virtual machines and a virtual machine platform. The credible virtual machine platform has the advantages of effectively guaranteeing the safety and credibility of an operating environment of the virtual machine platform and realizing effective management and control of communication between virtual domains.

Application Domain

Internal/peripheral component protection

Technology Topic

Virtual machineOperating environment +5

Image

  • Credible virtual machine platform
  • Credible virtual machine platform

Examples

  • Experimental program(1)

Example Embodiment

[0013] A trusted virtual machine platform, comprising: a hard disk 11, a USBKey 10 and an unprivileged virtual machine 6, and further comprising: trusted hardware 1, a security-enhanced virtual machine monitor 2, a management virtual machine 3, a communication virtual machine 4 and a driver virtual machine 5; wherein, the trusted hardware 1 includes: a trusted motherboard 8, a trusted password module 7 and a trusted BIOS 9; the security-enhanced virtual machine monitor 2 includes: an identity authentication module 12, an authority control module 13, a communication control module 14 and The virtual domain integrity measurement module 15; the management virtual machine 3 includes: an unprivileged virtual machine management module 16, a real-time encryption and decryption module 17 and an integrity measurement module 18; the driving virtual machine 5 includes: a hardware driver module 22 and a virtual trusted password management module Module 23 ; the communication virtual machine 4 includes: a communication management module 19 , a two-way authentication module 20 and a data packet filtering module 21 ; each unprivileged virtual machine 6 includes a communication client module 24 and a virtual trusted password module 25 . The management virtual machine 3, the driver virtual machine 5 and the communication virtual machine 4 are all privileged virtual machines. The management virtual machine 3 is responsible for creating, managing, destroying and migrating other virtual machines; Management of the virtual trusted cryptographic module; the communication virtual machine 4 is responsible for the communication between the internal virtual machine and the virtual machine platform.
[0014] The security-enhanced virtual machine monitor 2 is respectively connected with the trusted hardware 1, the management virtual machine 3, the communication virtual machine 4, and the driving virtual machine 5. The trusted main board 8 in the trusted hardware 1 is respectively connected with the trusted cryptographic module 7, which can be BIOS 9, USBKey 10, hard disk 11 are bidirectionally connected, management virtual machine 3 is bidirectionally connected to non-privileged virtual machine 6, and management virtual machine can also be bidirectionally connected to multiple non-privileged virtual machines; in security-enhanced virtual machine monitor 2, identity The authentication module 12, the authority control module 13, the communication control module 14, and the virtual machine integrity measurement module 15 are connected in series; in the management virtual machine 3, the unprivileged virtual machine management module 16, the real-time encryption and decryption module 17, and the integrity measurement module 18 serially connected in series; the communication management module 19, the two-way authentication module 20 and the data packet filtering module 21 in the communication virtual machine 4 are serially connected in series; the hardware driver module 22 in the driving virtual machine 5 is connected with the virtual trusted password management module 23; The communication client module 24 in the privileged virtual machine 6 is connected to the virtual trusted cryptographic module 25 .
[0015]When the computer is powered on, the trusted cryptographic module 7 in the trusted hardware 1 starts first as a root of trust, and measures the integrity of the trusted BIOS 9. If the measurement fails, the trusted BIOS 9 is restored and measured again. After the measurement of the trusted BIOS 9 is successful, the system loads the trusted BIOS 9 and starts normally. The trusted BIOS 9 firstly measures the security-enhanced virtual machine monitor 2 , and passes the control right to the security-enhanced virtual machine monitor 2 after the measurement is passed. The security-enhanced virtual machine monitor 2 first calls the identity authentication module 12 to authenticate the current user based on the USBKey 11 to identify the user authority, then calls the authority control module 13 to perform authority control, the communication control module 14 performs communication control according to the authority, and finally calls the virtual machine. The machine integrity measurement module 15 measures the management virtual machine 3, the driving virtual machine 4 and the communication virtual machine 5 respectively, and starts the management virtual machine 3, the driving virtual machine 4 and the communication virtual machine 5 if the measurement is successful. When the unprivileged virtual machine 6 is started, the integrity measurement module 18 in the management virtual machine 3 measures the unprivileged virtual machine 6, and starts the unprivileged virtual machine 6 if the measurement is successful. So far, the trusted virtual machine platform has realized the trusted boot.
[0016] After the trusted virtual machine platform is started, the management virtual machine 3 , the driving virtual machine 4 , the communication virtual machine 5 and the unprivileged virtual machine 6 access hardware resources through the hardware driving module 22 of the driving virtual machine 5 . When the hardware driver module 22 for driving the virtual machine 5 is abnormal, the automatic restart is performed, which will not affect the normal operation of other non-privileged virtual machines 6 that do not access the hardware device. Drives the virtual trusted password management module 23 in the virtual machine 5, is responsible for the management of the virtual trusted password modules 25 in each unprivileged virtual machine 6, and realizes that multiple unprivileged virtual machines 6 share a real physical trusted password module. 7. Transfer the trust chain based on the physical trust root in the virtual domain to ensure the credibility of the virtual environment.
[0017] When the management virtual machine 3 manages the unprivileged virtual machine 6, it is necessary to identify the current permissions first. Only the unprivileged virtual machine 6 can be opened and closed under the user permissions, and the creation, destruction or migration of the unprivileged virtual machine is directly refused. 6 requests; create, manage, destroy, and migrate unprivileged virtual machines under administrator privileges 6. When the current authority is the administrator authority, after receiving the command to create, destroy and migrate the unprivileged virtual machine, the management virtual machine 3 first calls the integrity measurement module 18 to measure the security-enhanced virtual machine monitor 2, and after the measurement is successful , the management virtual machine 3 sends a creation, destruction or migration request to the security-enhanced virtual machine monitor 2 . After receiving the above request, the security-enhanced virtual machine monitor 2 calls the virtual machine integrity measurement module 15 to measure the management virtual machine 3, and executes the above request after the measurement is successful. In the process of measurement, the measurement failure of any party indicates that the virtual machine platform has been tampered with and is no longer trusted, refuses to execute the command request, and the trusted virtual machine platform actively shuts down. In the process of managing the work of the virtual machine 3, the unprivileged virtual machine management module 16 calls the real-time encryption and decryption module 17 to transparently encrypt and decrypt the image files and key data of the unprivileged virtual machine 6, ensuring that the image files and key data are always in the same format. Ciphertext storage for enhanced security.
[0018] The communication between the virtual machines is jointly controlled and completed by the communication control module 14 in the security-enhanced virtual machine monitor 2 and the communication virtual machine 4 . The communication control module 14 is responsible for managing the communication between the virtual machine 3, the driving virtual machine 5 and the communication virtual machine 4, and strictly controls the communication between the unprivileged virtual machines 6, and the unprivileged virtual machines 6 cannot communicate with each other under the user authority. , the communication between the non-privileged virtual machines 6 can be realized through the communication virtual machine 4 under the administrator authority. Under administrator authority, when any two of the non-privileged virtual machines 6 need to communicate, it is assumed that the two communicating parties are Party A and Party B. Party A first calls the communication client module 24 therein to send a message to the communication virtual machine 4 to communicate with Party B. The communication request, after receiving the communication request, the communication management module 19 in the communication virtual machine 4 calls the two-way authentication module 20 to perform two-way authentication on the communication virtual machine 4 and the A party. Perform two-way authentication with party B, and return the authentication result to party A. If the communication virtual machine 4, party A and party B are all trusted, party A sends the communication content to the communication virtual machine 4, and the communication virtual machine 4 The data packet filtering module 21 detects the data packets, and sends the communication content to the B party after the detection is passed. After the B party receives the communication content, it returns success, and thus the communication between the A and B parties is successfully completed. During the authentication process, if the authentication fails, it indicates that the authentication failed party is no longer trustworthy, the communication is stopped immediately, and the authentication failed party restarts automatically.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Multifunctional carry-on power supply

InactiveCN101202462Aimprove securityIncrease charging capacity
Owner:NANKAI UNIV

Classification and recommendation of technical efficacy words

  • improve security

Pesticide micro-capsule granules and preparation method thereof

InactiveCN102100229Alow toxicityimprove security
Owner:联合国南通农药剂型开发中心 +1

Method for achieving user authentication by utilizing camera

InactiveCN103678984Aimprove securityGuaranteed picture quality
Owner:湖北微模式科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products