Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

vTPM private information protection method based on label

A technology for private information and encrypted information, which is applied in the field of trusted computing and virtualization security, can solve the problems of not considering the security of private information, the weak relationship between vTPM and virtual machine, and the non-migration of vTPM, so as to protect the integrity and facilitate management , the effect of ensuring confidentiality

Active Publication Date: 2018-11-13
SICHUAN UNIV
View PDF12 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The deficiencies of the fully virtualized trusted platform module under KVM are: (1) use the libtpms function library to simulate all the functions of the physical trusted platform module, which is completely separated from the physical trusted platform module; (2) store the private information of the vTPM In the host file, no security measures are added; (3) The corresponding vTPM instance is loaded through the command line parameters of QEMU, and the relationship between vTPM and virtual machine is weak
[0005] The deficiencies of existing solutions are: (1) relying on transactional synchronization extension technology (TSX, transactional synchronization extension), causing vTPM to be non-migratable; (2) relying on Intel's software guard extension technology (SGX, software guard extension) , the source code structure of the vTPM needs to be modified; (3) The vTPM is secured using the migrateable key of the Trusted Platform Module, which cannot guarantee the strong association between the virtual machine and the vTPM; (4) The existing vTPM dynamic migration process Failure to consider the security of their private information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • vTPM private information protection method based on label
  • vTPM private information protection method based on label
  • vTPM private information protection method based on label

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0047] figure 1 Describes the detailed structure of the vTPM label, including: status field (status), validity period field (time, including start time start and end time end), encryption information field (secret), UUID hash value field (uuid_hash), QEMU measurement value field (qemu_digest), signature algorithm field (alg), signature value field (sig).

[0048] (1) Status (status): vTPM labels have two states of existence, local state and migration state; (2) Validity period (time): vTPM labels are valid within the time period [start, end], expired vTPM labels need (3) Encrypted information (secret): the ciphertext of the symmetric encryption key used for vTPM private information protection, which is encrypted with the key RSA_local of the physical Trusted Platform Module; (4) UUID Hash value (uuid_hash): UUID is the unique identi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vTPM private information protection method based on a label. The method comprises the steps of S1, performing initialization work before system deployment; S2, separately building a vTPM label for a vTPM instance of each virtual machine; S3, extracting the vTPM label from an mirror file of the virtual machine, detecting related content of the vTPM label, judging whether acorresponding relationship between the virtual machine and the vTPM is correct, and thus judging whether the virtual machine is started; S4, performing Hash operation, encryption, decryption and Hashvalue verification according to a KEY acquired through decrypting the encryption information field of the vTPM label acquired in the step 3, and performing confidentiality protection and completenessverification on the vTPM private information; and S5, when the virtual machine is in dynamic migration, securely migrating volatility information and private information of the vTPM and the vTPM label. According to the method provided by the invention, the confidentiality and completeness of the vTPM private information and the consistency of the association relationships between the virtual machines and the vTPM instances are protected in real time by using the vTPM labels, and association between the vTPM and the physical credible platform module is built.

Description

technical field [0001] The invention relates to the field of trusted computing and virtualization security, in particular to a tag-based vTPM private information protection method. Background technique [0002] Trusted computing technology can provide a virtual machine integrity verification mechanism for cloud computing platforms, and vTPM (vTPM, virtual Trusted Platform Module) is an important component of trusted computing technology virtualization. The virtualization platforms XEN and KVM both have vTPM implementation solutions, both of which involve the software simulation of the non-volatile information of the Trusted Platform Module (TPM, Trusted Platform Module), which includes private information such as endorsement keys and access passwords , so the present invention calls the non-volatile information of vTPM private information of vTPM, and these private information are easy to be stolen and abused. [0003] There are three main types of trusted platform module v...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/60H04L9/08H04L9/32
CPCG06F9/45558G06F21/606G06F2009/4557G06F2009/45587H04L9/088H04L9/0891H04L9/0897H04L9/3236H04L9/3249H04L9/3263H04L2209/127
Inventor 陈兴蜀王伟金鑫陈佳昕金逸灵蔡梦娟蒋超王启旭兰晓
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com