[0013] A trusted virtual machine platform, comprising: a hard disk 11, a USBKey 10 and an unprivileged virtual machine 6, and further comprising: trusted hardware 1, a security-enhanced virtual machine monitor 2, a management virtual machine 3, a communication virtual machine 4 and a driver virtual machine 5; wherein, the trusted hardware 1 includes: a trusted motherboard 8, a trusted password module 7 and a trusted BIOS 9; the security-enhanced virtual machine monitor 2 includes: an identity authentication module 12, an authority control module 13, a communication control module 14 and The virtual domain integrity measurement module 15; the management virtual machine 3 includes: an unprivileged virtual machine management module 16, a real-time encryption and decryption module 17 and an integrity measurement module 18; the driving virtual machine 5 includes: a hardware driver module 22 and a virtual trusted password management module Module 23 ; the communication virtual machine 4 includes: a communication management module 19 , a two-way authentication module 20 and a data packet filtering module 21 ; each unprivileged virtual machine 6 includes a communication client module 24 and a virtual trusted password module 25 . The management virtual machine 3, the driver virtual machine 5 and the communication virtual machine 4 are all privileged virtual machines. The management virtual machine 3 is responsible for creating, managing, destroying and migrating other virtual machines; Management of the virtual trusted cryptographic module; the communication virtual machine 4 is responsible for the communication between the internal virtual machine and the virtual machine platform.
[0014] The security-enhanced virtual machine monitor 2 is respectively connected with the trusted hardware 1, the management virtual machine 3, the communication virtual machine 4, and the driving virtual machine 5. The trusted main board 8 in the trusted hardware 1 is respectively connected with the trusted cryptographic module 7, which can be BIOS 9, USBKey 10, hard disk 11 are bidirectionally connected, management virtual machine 3 is bidirectionally connected to non-privileged virtual machine 6, and management virtual machine can also be bidirectionally connected to multiple non-privileged virtual machines; in security-enhanced virtual machine monitor 2, identity The authentication module 12, the authority control module 13, the communication control module 14, and the virtual machine integrity measurement module 15 are connected in series; in the management virtual machine 3, the unprivileged virtual machine management module 16, the real-time encryption and decryption module 17, and the integrity measurement module 18 serially connected in series; the communication management module 19, the two-way authentication module 20 and the data packet filtering module 21 in the communication virtual machine 4 are serially connected in series; the hardware driver module 22 in the driving virtual machine 5 is connected with the virtual trusted password management module 23; The communication client module 24 in the privileged virtual machine 6 is connected to the virtual trusted cryptographic module 25 .
[0015]When the computer is powered on, the trusted cryptographic module 7 in the trusted hardware 1 starts first as a root of trust, and measures the integrity of the trusted BIOS 9. If the measurement fails, the trusted BIOS 9 is restored and measured again. After the measurement of the trusted BIOS 9 is successful, the system loads the trusted BIOS 9 and starts normally. The trusted BIOS 9 firstly measures the security-enhanced virtual machine monitor 2 , and passes the control right to the security-enhanced virtual machine monitor 2 after the measurement is passed. The security-enhanced virtual machine monitor 2 first calls the identity authentication module 12 to authenticate the current user based on the USBKey 11 to identify the user authority, then calls the authority control module 13 to perform authority control, the communication control module 14 performs communication control according to the authority, and finally calls the virtual machine. The machine integrity measurement module 15 measures the management virtual machine 3, the driving virtual machine 4 and the communication virtual machine 5 respectively, and starts the management virtual machine 3, the driving virtual machine 4 and the communication virtual machine 5 if the measurement is successful. When the unprivileged virtual machine 6 is started, the integrity measurement module 18 in the management virtual machine 3 measures the unprivileged virtual machine 6, and starts the unprivileged virtual machine 6 if the measurement is successful. So far, the trusted virtual machine platform has realized the trusted boot.
[0016] After the trusted virtual machine platform is started, the management virtual machine 3 , the driving virtual machine 4 , the communication virtual machine 5 and the unprivileged virtual machine 6 access hardware resources through the hardware driving module 22 of the driving virtual machine 5 . When the hardware driver module 22 for driving the virtual machine 5 is abnormal, the automatic restart is performed, which will not affect the normal operation of other non-privileged virtual machines 6 that do not access the hardware device. Drives the virtual trusted password management module 23 in the virtual machine 5, is responsible for the management of the virtual trusted password modules 25 in each unprivileged virtual machine 6, and realizes that multiple unprivileged virtual machines 6 share a real physical trusted password module. 7. Transfer the trust chain based on the physical trust root in the virtual domain to ensure the credibility of the virtual environment.
[0017] When the management virtual machine 3 manages the unprivileged virtual machine 6, it is necessary to identify the current permissions first. Only the unprivileged virtual machine 6 can be opened and closed under the user permissions, and the creation, destruction or migration of the unprivileged virtual machine is directly refused. 6 requests; create, manage, destroy, and migrate unprivileged virtual machines under administrator privileges 6. When the current authority is the administrator authority, after receiving the command to create, destroy and migrate the unprivileged virtual machine, the management virtual machine 3 first calls the integrity measurement module 18 to measure the security-enhanced virtual machine monitor 2, and after the measurement is successful , the management virtual machine 3 sends a creation, destruction or migration request to the security-enhanced virtual machine monitor 2 . After receiving the above request, the security-enhanced virtual machine monitor 2 calls the virtual machine integrity measurement module 15 to measure the management virtual machine 3, and executes the above request after the measurement is successful. In the process of measurement, the measurement failure of any party indicates that the virtual machine platform has been tampered with and is no longer trusted, refuses to execute the command request, and the trusted virtual machine platform actively shuts down. In the process of managing the work of the virtual machine 3, the unprivileged virtual machine management module 16 calls the real-time encryption and decryption module 17 to transparently encrypt and decrypt the image files and key data of the unprivileged virtual machine 6, ensuring that the image files and key data are always in the same format. Ciphertext storage for enhanced security.
[0018] The communication between the virtual machines is jointly controlled and completed by the communication control module 14 in the security-enhanced virtual machine monitor 2 and the communication virtual machine 4 . The communication control module 14 is responsible for managing the communication between the virtual machine 3, the driving virtual machine 5 and the communication virtual machine 4, and strictly controls the communication between the unprivileged virtual machines 6, and the unprivileged virtual machines 6 cannot communicate with each other under the user authority. , the communication between the non-privileged virtual machines 6 can be realized through the communication virtual machine 4 under the administrator authority. Under administrator authority, when any two of the non-privileged virtual machines 6 need to communicate, it is assumed that the two communicating parties are Party A and Party B. Party A first calls the communication client module 24 therein to send a message to the communication virtual machine 4 to communicate with Party B. The communication request, after receiving the communication request, the communication management module 19 in the communication virtual machine 4 calls the two-way authentication module 20 to perform two-way authentication on the communication virtual machine 4 and the A party. Perform two-way authentication with party B, and return the authentication result to party A. If the communication virtual machine 4, party A and party B are all trusted, party A sends the communication content to the communication virtual machine 4, and the communication virtual machine 4 The data packet filtering module 21 detects the data packets, and sends the communication content to the B party after the detection is passed. After the B party receives the communication content, it returns success, and thus the communication between the A and B parties is successfully completed. During the authentication process, if the authentication fails, it indicates that the authentication failed party is no longer trustworthy, the communication is stopped immediately, and the authentication failed party restarts automatically.