Trusted verifying method and equipment used in running process of virtual machine

Abstract

The invention discloses a trusted verifying method and equipment used in the running process of a virtual machine. The method comprises the steps that a configuration information collecting module stores the names and hash values of other inner core modules in an operating system inner core of the virtual machine, the name and hash value of an executable program loaded to internal storage and the name and hash value of a script in a configuration information list, and the hash values of the other inner core modules, the hash value of the executable program and the hash value of the script are added to a PCR of a VTPM; when a remote verifying service module receives a trusted evidence verifying request sent by an outer trusted entity, the configuration information list and a PCR value stored in the PCR of the VTPM are obtained and returned to the outer trusted entity, so that after the outer trusted entity confirms that the configuration information list is not modified according to the PCR value, the configuration information list is verified according to a local characteristic database, and whether the virtual machine is trusted or not is determined according to a verifying result. In the trusted verifying method and equipment, the safety and realizability of verifying the credibility of the virtual machine are improved.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a trusted verification method and device when a virtual machine is running. Background technique [0002] When users use the infrastructure cloud computing system, they need to deploy their own data and applications on virtual machines running on remote physical machines. In order to ensure the security of data and applications without affecting the use, users need to trust the cloud computing service provider itself , the credibility of the virtual machine when it is running (that is, whether the virtual machine runs the functions it claims correctly, including: whether all program files on the virtual machine such as the core system, configuration files, scripts, executable programs, etc. tampered with, whether there are other dangerous programs running in the virtual machine, etc.), so it is necessary to collect and verify the credibility of the virtual machine ...

AI Technical Summary

Problems solved by technology

[0010] 1. Directly encrypt and protect your own data, and cannot take advantage of the various cloud services deployed on the cloud platform to effectively calculate, manage and mine data;

[0011] 2. The smooth implementation of the audit function requires the credibility support of the lower layer in the computing model. If the lower virtualization layer tampers with the system call, the audit and access control modules are easily damaged or bypassed;

[0012] 3. Directly build a trusted cloud platform and directly prove its credibility to users. During the verification process, the software and hardware configuration information, IP addresses, etc. of all physical nodes will be exposed, which brings great security to the cloud platform Threat; In addition, each client needs to maintain a characteristic data area containing all possible configurations to determine the credibility of the cloud platform, which is difficult to manage and lacks scalability;

The platform only considers the credibility of the physical nodes when the virtual machine starts and migrates, and does not consider the state changes caused by untrusted threats during the running of the virtual machine

Images