摘要
将可信计算技术应用于云计算环境中是保证云安全的有效途径。针对国产可信计算的可信根可信密码模块(Trusted Cryptography Module,TCM)只适用于单机平台,无法为多虚拟机的云平台提供安全可信性保障的问题,对TCM的虚拟化方案进行研究,构建云可信根(Cloud TCM,C-TCM)架构。在C-TCM物理环境内部构造宿主可信根和虚拟可信根,分别为物理宿主机和虚拟机提供可信服务,同时在虚拟机监视器层部署虚拟可信根管理机制,实现虚拟可信根对C-TCM硬件资源的共享。该方案可有效保证云平台的安全可信性。
Applying trusted computing technology to cloud environment is an effective way to ensure cloud security. The trusted cryptography module (TCM) of domestic trusted computing is suitable for single platform, but can not provide secu-rity and credibility guarantee for cloud platform with multi virtual machines. Aiming at this problem, the virtualization scheme of TCM is studied, and the architecture of cloud TCM (C-TCM) is constructed. In the physical environment of C-TCM, host trusted root and virtual trusted root are constructed, which provide trusted services for physical host and virtual machine respectively. At the same time, virtual trusted root management mechanism is deployed in the virtual ma-chine monitor layer to realize the resources sharing of C-TCM hardware. This scheme can effectively guarantee the secu-rity and credibility of the cloud platform.
作者
赵军
王晓
Zhao Jun;Wang Xiao(School of Mathematics Information Science,Zhangjiakou University,Zhangjiakou 075000,China;Institute of Science and Technology,Tianjin University of Finance and Economics,Tianjin 300222,China)
出处
《信息技术与网络安全》
2020年第6期44-48,67,共6页
Information Technology and Network Security
基金
河北省教育厅科技项目(Z2017158)。
关键词
云安全
可信计算
可信密码模块TCM虚拟化
云可信根C-TCM架构
cloud security
trusted computing
the virtualization of trusted cryptographic module TCM
the architecture of cloud trusted root C-TCM
