An Active Remote Attestation Method for Cloud Platform Virtual Machine Metrics

Abstract

The invention provides an active remote attestation method for the measurement of a cloud platform virtual machine. The active remote attestation method comprises the active operation process of a remote attestation client-side and the server trusted authentication process of a cloud management side, wherein static measurement is carried out after the cloud platform virtual machine is started, periodic dynamic measurement is carried out after running, active remote attestation is carried out after measurement is finished, and measurement values and measurement reports are obtained by the cloud management side and then the measurement values are compared with reference values to authenticate whether the state of the virtual machine is changed or not. The traditional passive remote attestation method is changed by the method, the remote attestation client-side is actively triggered by a measurement module, the measurement results are sent to the cloud management server side in real time, and the measurement values do not need to be stored in a PCR of a TPM, so that a remote attestation problem about the dynamic varied measurement and the regular dynamic measurement of the virtual machine in the cloud platform is solved.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to a remote attestation method aimed at detecting the trustworthy state of a virtual machine. Background technique [0002] The Trusted Computing Platform provides the ability to attest to external entities, known as remote attestation. The trusted computing platform has three roots of trust, which are root of trusted measurement, root of trusted storage, and root of trusted reporting, and supports three core functions of trusted measurement, trusted storage, and trusted reporting. These three core functions The existence of , enables the trusted computing platform to report the identity and status of the platform to external entities, and remote attestation is essentially an extension of the concept of trusted reporting. [0003] Remote attestation is a comprehensive measurement of the platform to prove to the remote communication party that its own operating environmen...

AI Technical Summary

Problems solved by technology

[0005] Under the cloud computing platform, there are two problems in the remote proof of the state of the virtual machine compared with the traditional remote proof: 1. The number of virtual machines is uncertain

However, generally speaking, a server has only one TPM (Trusted Platform Module) chip, and the number of PCRs of the TPM is limited, usually up to 24

Therefore, the traditional remote attestation method writes the metric value into the PCR of the TPM, and then performs signature and trusted state verification, which cannot meet the dynamic and scalable needs of the virtualization platform.

2. Dynamic metrics of virtual machines require active remote attestation

Therefore, in the distributed environment of the cloud platform, it is difficult for the remote attestation server to synchronize the client to send remote attestation requests for trusted verification

[0006] For remote attestation on cloud platforms, literature [1~3] has enhanced the security of TCG remote attestation protocol, literature [4,5] proposed an attribute-based cloud computing remote attestation method, literature [6~9] The trusted measurement and remote attestation mechanism of the Host and the virtual machine manager (VMM) running on the virtual machine in the cloud platform are studied, but the above research work does not take into account the dynamic measurement of the virtual machine in the protocol design, so the remote attestation is still The passive remote proof method in which the server sends a request to the client and then the client responds

Images