信息安全研究 ›› 2017, Vol. 3 ›› Issue (4): 323-331.

• 学术论文 • 上一篇    下一篇

云环境下可信服务器平台关键技术研究

刘刚   

  1. 浪潮电子信息产业股份有限公司安全技术部北京100085
  • 收稿日期:2017-04-13 出版日期:2017-04-13 发布日期:2017-04-13
  • 通讯作者: 刘刚
  • 作者简介:刘刚 硕士,主要研究方向为操作系统安全、可信计算技术与云安全.

Research on Key Techniques of Trusted Server Platform in Cloud Environment

  • Received:2017-04-13 Online:2017-04-13 Published:2017-04-13

摘要: 云环境中的安全威胁依旧严峻,可信平台控制模块(trusted platform control module, TPCM)技术为建立安全、主动可控的服务器平台提供了有效途径.为了解决基于TPCM的可信服务器实现中存在的两大完备性问题,构建了基于TPCM与可信软件基(trusted software base, TSB)的服务器平台体系结构.在服务器硬件层面,提出了结合带外管理系统(outofband management module, OMM)的上电时序控制及信任链设计方案.同时,对虚拟可信根的基本实现要求与思路进行阐述,并给出了虚拟可信度量根的设计方案.此外,对包括可信迁移在内的其他关键技术进行了探讨.将为云环境下基于TPCM的可信服务器平台提供具有实践意义的设计参考.

关键词: 云计算, 可信服务器, 可信平台控制模块, 可信软件基, 虚拟可信根

Abstract: Nowadays, the cloud environment still confronted with a severe challenge on issues of security threats, and trusted platform control module (TPCM) technology provides an effective countermeasure for building a server platform that is secure, proactive, and controllable. To resolve the two completeness issues in TPCMbased server realizations, in this paper we propose a server platform architecture, which is based on TPCM and trusted software base (TSB). Concerning server hardware, we present a poweron timing control scheme that takes outofband management module (OMM) into consideration, and a dedicated scheme for establishing the trust chain. Meanwhile, we illustrate some basic requirements and insights in the realization of virtual root of trust, and we present a solution for virtual root of trust for measurement (VRTM). We also give some discussion on other key techniques including trusted migrations. We believe this work can serve as a practical reference in the design of TPCMbased cloud server platforms.

Key words: cloud computing, trusted server, trusted platform control module (TPCM), trusted software base (TSB), virtual root of trusted