[go: up one dir, main page]

CN102214277B - Method and device for creating trusted environment of multi-core processor virtual machine system - Google Patents

Method and device for creating trusted environment of multi-core processor virtual machine system Download PDF

Info

Publication number
CN102214277B
CN102214277B CN201010138515.XA CN201010138515A CN102214277B CN 102214277 B CN102214277 B CN 102214277B CN 201010138515 A CN201010138515 A CN 201010138515A CN 102214277 B CN102214277 B CN 102214277B
Authority
CN
China
Prior art keywords
core
virtual machine
tpm
virtual
core processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010138515.XA
Other languages
Chinese (zh)
Other versions
CN102214277A (en
Inventor
杜磊
孙毓忠
宋擒豹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhongke Flux Technology Co ltd
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201010138515.XA priority Critical patent/CN102214277B/en
Publication of CN102214277A publication Critical patent/CN102214277A/en
Application granted granted Critical
Publication of CN102214277B publication Critical patent/CN102214277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明涉及创建多核处理器虚拟机系统可信环境的方法及装置,包括:步骤1,从多核处理器中隔离出一个核,在所述核上运行定制的TPM芯片模拟器;步骤2,在创建可信环境时,所述TPM芯片模拟器对虚拟机监控器进行度量。本发明能够为虚拟机系统创建可信环境,解决计算机网络终端的系统不可信问题。

The present invention relates to a method and device for creating a trusted environment for a multi-core processor virtual machine system, comprising: step 1, isolating a core from the multi-core processor, and running a customized TPM chip simulator on the core; step 2, in The TPM chip emulator measures the virtual machine monitor when creating a trusted environment. The invention can create a credible environment for the virtual machine system, and solve the system untrustworthy problem of the computer network terminal.

Description

Create method and the device of trusted environments for virtual machine system of multicore processor
Technical field
The present invention relates to computer safety field, relate in particular to the method and the device that create trusted environments for virtual machine system of multicore processor.
Background technology
Intel Virtualization Technology is born in the sixties in 20th century the earliest, is proposed, and this technology is applied to System 370 systems of IBM by IBM Corporation.Along with the widespread use of Intel Virtualization Technology, thing followed safety problem is also varied.Although Intel Virtualization Technology can guarantee certain security, such as being isolated from each other between each virtual machine operating on physical platform, do not interfere with each other.But solve the safety problem that computer system faces because this is not basic.On the contrary, because VMM (Virtual Machine Monitor, monitor of virtual machine) has super authority, make the attack of VMM become a large potential safety hazard of system.
Half virtual be Cambridge University propose concept, what accompany with it is the research and development of Xen hypervisor project.Xen hypervisor is system-level virtual tool, for realizing dummy machine system in terminal.
Fig. 1 is the structural representation of Xen hypervisor virtual machine, and in Fig. 1, the bottom is hardware resource, and the VMM of Xen hypervisor runs on hardware resource, hardware resource is managed, and virtual several virtual hardware environments that dissolves.On the VMM of Xen hypervi sor, move multiple Guest OS (child-operation system), be expressed as DomU, Guest OS is the operating system in the disk partition being arranged on virtual machine or except parent-operation system or master operating system.Run on the application layer of DomU without the user application of revising.Inner nuclear layer operation at DomU has front-end equipment to drive, and user application is driven hardware resource is operated by front-end equipment.And front-end equipment driving does not really operate hardware resource, it drives to realize by rear end equipment hardware resource is operated.Rear end equipment drives and is arranged in VMO, and VMO is expressed as DomO in Fig. 1.VMO is a special Guest OS, is also referred to as privileged Guest OS.Being called as privileged Guest OS is all to move in the application layer of VMO because of VMM hypervisor interfaces interface program, part resource manager, Guest OS supervisor control program, is also that VMO is the Guest OS that has administration authority; VMO can directly conduct interviews to peripherals, is also that it has the authority of managing and operating all peripherals.
In the kernel of VMO, having moved a rear end equipment drives, for what accept to send from other Guest OS, hardware resource is carried out to operation requests, hand to the device drives in VMO, complete the operation to hardware resource by device drives, and the operating result returning from device drives is returned to front-end equipment driving.
In such Intel Virtualization Technology framework, keep the isolation between each system by Xen hypervisor, each VM (virtual machine) operates in the memory headroom of oneself, VM self perception is less than the existence of other VM, think and oneself monopolize whole physical platform, corresponding application program operates on VM kernel.Xen hypervisor isolates different VM, makes the various safety problems of one of them VM can not have influence on other VM in identical platform.But still there is following safety problem in such framework.
Because VMO is authorized as franchise Guest OS by Xen hypervisor, can be directly and hardware carry out alternately, just may cause so the leakage of other VM information to the attack of VMO.
The VMM of Xen hypervisor also has privilege, the VMM of Xen hypervisor itself runs on the privilege level of CPU, by the operating system non-privilege level that runs on a bank, the safety problem of Xen hypervisor itself is also referred to as a large potential safety hazard of whole system.
Reliable computing technology is born in last century end, is exactly in order to improve the credibility of terminal system from basis at the beginning of birth.The IT enterprises such as IBM (International Business Machines Corporation), HP (Hewlett-Packard), Intel (Intel), Microsoft (Microsoft) have been set up (the Trusted ComputingPlatform Alliance of credible calculating platform alliance, TCPA), nearly 190 of members.TCPA has defined the credible platform module (TPM) with safe storage and encryption function, is devoted to the credible calculating of data security, comprises development crypto chip, special CPU, mainboard or operating system security kernel.Subsequently, this tissue credible computation organization (Trusted Computing Group, TCG) that renames, continues to advance the development of credible calculating.
Credible computation organization has proposed the standard of a series of promotion computer system securities, comprises TPM (Trusted Platform Module) safety chip standard, and TPM chip is by implant this chip in terminal, sets up the credible of terminal.Here TPM safety chip role is from computer starting, the module of terminal system is before control system, its integrality need to be through excess vol, the tolerance here refers to does Hash operation to program, and be kept at register PCR (the PlatformConfiguration Register of TPM inside, platform configuration storer) in, judge by the cryptographic hash reading in PCR whether terminal system is tampered, determine that whether this terminal is credible.
But for various reasons, the use of TPM chip is greatly limited, show several aspects below.There is the problem that TPM is supported, because existing most of computer system is not considered the support to reliable computing technology at the beginning of design.The complicacy of TPM chip design itself, according to the standard of TCG, TPM chip probably need to be at general more than 120 power functions of self inside solidification.And in actual use, especially, in the use of mobile terminal, cost and portability are very important indexs.And the labyrinth of TPM itself has limited its being widely used in this equipment to a great extent.Support to Intel Virtualization Technology is not provided.TPM standard and TPM chip all do not relate to the support to Intel Virtualization Technology.
Summary of the invention
For addressing the above problem, the invention provides the method and the device that create trusted environments for virtual machine system of multicore processor, can create trusted context for dummy machine system, solve the insincere problem of system of computer network terminal.
The invention discloses a kind of method that creates trusted environments for virtual machine system of multicore processor, comprising:
Step 1 isolates a core from polycaryon processor, the TPM chip simulator of operation customization on described core;
Step 2, in the time creating trusted context, described TPM chip simulator is measured monitor of virtual machine.
Described step 2 is further,
Step 21, in the time creating trusted context, described TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash calculating.
Described step 1 is further,
Step 31 isolates a core from polycaryon processor, on described core, moves customizing operating system;
Step 32, the TPM chip simulator of operation customization in described customizing operating system.
Between described step 1 and described step 2, also comprise:
Step 41, operation virtual tool carries out virtual, starts privileged child-operation system; In polycaryon processor, be application core for virtual machine provides the core of service.
The simulator of TPM chip described in described step 2 also comprises before monitor of virtual machine is measured:
Step 51, closes described virtual tool;
Step 52, closes the application core in polycaryon processor dummy machine system, forbids virtual memory, and forbids direct memory storage;
Step 53, carries out initialization to the hardware of polycaryon processor dummy machine system;
After described step 2, also comprise:
Step 54, recovers pent application core and is prohibited virtual memory and forbidden direct memory storage; And start described virtual tool and set up virtual machine.
The invention also discloses a kind of device that creates trusted environments for virtual machine system of multicore processor,
Comprise in the time creating trusted context the TPM chip simulator that monitor of virtual machine is measured;
Described TPM chip simulator operates on the core isolating in polycaryon processor.
Described TPM chip simulator is further used for, in the time creating trusted context, the code of virtual machine monitor being carried out to Hash operation, and preserves the cryptographic hash calculating.
The described core isolating from polycaryon processor moves customizing operating system; Described TPM chip simulator operates in described customizing operating system.
Virtual instrument is moving before establishment trusted context, and starts privileged child-operation system; In polycaryon processor, be application core for virtual machine provides the core of service.
Described device also comprises:
Disabled module, for closing described virtual tool before described TPM chip simulator is measured; Close the application core in polycaryon processor dummy machine system, forbid virtual memory, and forbid direct memory storage;
Security initialization module, for after completing in described disabled module and closing and forbid, carries out initialization to the hardware of polycaryon processor dummy machine system, starts described TPM chip simulator after completing initialization;
Recover module, for after the complete described cryptographic hash of described TPM chip simulator storage, recover pent application core and forbidden virtual memory, and forbidden direct memory storage; And start described virtual tool and carry out the foundation of dummy machine system.
Beneficial effect of the present invention is, in dummy machine system, realize TPM simulator (TPM FunctionModule), because TPM simulator can be according to the demand for security customization of concrete dummy machine system, do not really want all to realize the standard of TCG, thereby can under the prerequisite that guarantees trusted end-user, reduce the cost of mobile device; By recording the start-up course of virtual tool, before the control of virtual tool catcher system, the integrality of virtual tool is measured, and preserve tolerance result, and then guarantee the credibility of start-up course; Carry out safety compute by isolate a core from the multinuclear of processor, can improve the utilization factor of whole processor, and strengthen the safety of dummy machine system; After starting at dummy machine system, create trusted context, making BIOS is no longer a part for credible base, has dwindled trusted computing base, and less credible base more can guarantee the safety of system, and then increases dummy machine system security.
Accompanying drawing explanation
Fig. 1 is the structural representation of Xen hypervisor virtual machine in prior art;
Fig. 2 is the process flow diagram that the present invention creates the method for trusted environments for virtual machine system of multicore processor;
Fig. 3 is the embodiment schematic diagram of the present invention's method of creating trusted environments for virtual machine system of multicore processor;
Fig. 4 is the hardware structure diagram with the dummy machine system of the polycaryon processor of trusted context.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
The present invention create trusted environments for virtual machine system of multicore processor method flow process as shown in Figure 2.
Step S100 isolates a core from polycaryon processor, the TPM chip simulator of operation customization on described core.
In multi-core CPU, isolate the TPM chip simulator that one of them core moves customization, can guarantee that the operation of TPM chip simulator is not subject to the impact of other cores, other core perception are less than the existence of TPM chip simulator.
Step S200, in the time creating trusted context, described TPM chip simulator is measured VMM (monitor of virtual machine).
By said method, TPM chip simulator operates in the environment of isolation, on the one hand its to external world sightless characteristic guaranteed the robustness of itself; On the other hand, the starting state that it also can register system, whether the start-up course of authentication system is tampered.
After dummy machine system startup finishes, set up the dummy machine system of credible startup, the dummy machine system of described credible startup refers to from initial trust initial point, dummy machine system module or assembly that each has started, its integrality has all been passed through tolerance, namely hash computing.
Described tolerance realizes by calculating cryptographic hash, and described TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash calculating.
Creating trusted context can be to create in the time that dummy machine system starts, and now directly VMM is measured.Also can after starting, dummy machine system create trusted context in the time there is security threat.
The concrete implementing procedure that creates trusted context after dummy machine system starts is as described below.
Virtual instrument is Xen hypervisor or Vmware.
Step S201 isolates a core from polycaryon processor, the TPM chip simulator of operation customization on described core.
From polycaryon processor, isolate a core, on described core, move customizing operating system; The TPM chip simulator of operation customization in described customizing operating system.
Customizing operating system for virtual instrument provides can telecommunications services, record the information of virtual instrument and virtual machine activation process thereof.
Provide for virtual instrument at customizing operating system can the process of telecommunications services in, the communication process of the two is to read or fill message is realized by the identical file in disk.Like this, the operating system of customization both can record the information of virtual instrument start-up, also can realize hiding virtual instrument.
Step S202, operation virtual tool carries out virtual, starts privileged child-operation system; In polycaryon processor, be application core for virtual machine provides the core of service.
Step S203, closes described virtual tool.
Step S204, closes the application core in polycaryon processor dummy machine system, forbids virtual memory, and forbids direct memory storage.
Step S205, carries out initialization to the hardware of polycaryon processor dummy machine system.
Step S206, TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash calculating.
Step S207, recovers pent application core and forbidden virtual memory, and forbidden direct memory storage; And start described virtual tool and set up virtual machine.
Embodiment
The present invention create trusted environments for virtual machine system of multicore processor method embodiment as shown in Figure 3.Comprise four core processors at this dummy machine system, wherein virtual tool is Xen hypervisor.
The wherein band arrow line expression property of solid line tolerance, dotted line represent the storage to metric with arrow line.
In polycaryon processor, isolate one of them core, core 1 moves customizing operating system, and the TPM chip simulator of operation customization thereon, by this customizing operating system and the binding of TPM chip simulator, externally provide TPM function interface simultaneously, make its TPM safety chip that is virtually reality like reality.Like this simulating TPM safety chip in multiple nucleus system arbitrarily, for the credible of system provides support.
In the virtualized environment of Xen hypervisor, Xen hypervisor VMM runs directly on hardware, the virtual machine (being called Domain) of the multiple mutual isolation of the upper operation of VMM, wherein there is a franchise DomO, be called GuestOS, be in charge of other DomU on whole Xen hypervisor.In the time that dummy machine system is attacked or is injected into wooden horse, whole system is faced with serious security threat., thereby need to create trusted context.Create described in being implemented as follows of trusted context.
Step S301, starts customizing operating system, operation TPM chip simulator.
Step S302, starts Xen Hypersior and DomO.
After DomO starts and finishes, continue startup system, system is now not credible startup, in the time that a certain moment, certain Domain was higher to safety requirements, carries out step S303.
Step S303, sends credible reconstruction order Sec-restart, XenHypersior cycle power then by DomO.
Step S304, security initialization program brings into operation, and security initialization program is carried out a series of action, comprises and closes interruption, forbids virtual memory, forbids DMA (directly memory storage), and close application core by IPI instruction, make to apply core in dormant state.
Step S305, security initialization program initialization system hardware.
Step S306, in the final stage of security initialization program operation, TPM chip simulator is measured Xen hypervisor VMM by security initialization program, and security initialization program sends to TPM chip simulator to preserve result.
Step S307, recovers other just at the application core of dormancy by IPI instruction, and previous forbidden function in open system, as interruption, DMA, gives Xen Hypersior by control.
Step S308, Xen Hypersior brings into operation, and then the startup of DomainO and DomainU is just based upon on safe Xen Hypersior.
In order to guarantee that said process is not destroyed, series of steps is above all that atomic form is carried out.Through this process of tolerance before loading, for Xen hypervisor VMM has set up the execution environment of a safety.In the present invention, do not use real TPM chip, utilize the function of general multi-core CPU simulation TPM chip, wherein metrics process is exactly the process that code to each object or memory address carry out hash.In the process starting most in system, by TPM chip simulator, utilize its hash function, safe loading procedure and Xen hypervisor are moved, and record its hash value, during for authentic authentication.
The present invention is a kind of technology of strick precaution, and its guarantees that each link of system is controllable, be all complete do not have destroyed.Always need a source owing to trusting to transmit, the node that namely must be trusted, so from the beginning, just set up the execution environment of a believable isolation, guarantee that Xenhypervisor operates in this reliable environment, and trust chain is handed on one by one, until the application that user needs moves, like this, from bottom to upper strata, be a complete system not being tampered, make user know the situation of the platform oneself using.
The device that the present invention creates trusted environments for virtual machine system of multicore processor comprises in the time creating trusted context, the TPM chip simulator that monitor of virtual machine is measured; Described TPM chip simulator operates in polycaryon processor and isolates on a core.
Described TPM chip simulator is further used for, in the time creating trusted context, the code of virtual machine monitor being carried out to Hash operation, and preserves the cryptographic hash calculating.
The described core isolating from polycaryon processor moves customizing operating system; Described TPM chip simulator operates in described customizing operating system.
Virtual instrument is moving before establishment trusted context, and starts privileged child-operation system; In polycaryon processor, be application core for virtual machine provides the core of service.
Preferably described in embodiment, device also comprises: disabled module, security initialization module and recovery module.
Disabled module, for closing described virtual tool before TPM chip simulator is measured; Close the application core in polycaryon processor dummy machine system, forbid virtual memory, and forbid direct memory storage;
Security initialization module, for after completing in described disabled module and closing and forbid, carries out initialization to the hardware of polycaryon processor dummy machine system, starts described TPM chip simulator after completing initialization;
Recover module, for after the complete described cryptographic hash of described TPM chip simulator storage, recover pent application core and forbidden virtual memory, and forbidden direct memory storage; And start described virtual tool and carry out the foundation of dummy machine system.
The hardware with the dummy machine system of the polycaryon processor of trusted context is realized as shown in Figure 4.
Internal memory comprises two parts, TPM environment internal memory and Xen hypervisor internal memory, the core of polycaryon processor is also divided into two large classes, core 1 and core 2 are to core 4, be respectively TPM chip simulator and Xenhypervisor service is provided, TPM chip simulator and Xen hypervisor isolate by access control mechanisms, Xen hypervisor and on virtual machine service is externally provided, TPM chip simulator is responsible for the Creditability Problems of whole system.
Those skilled in the art is not departing under the condition of the definite the spirit and scope of the present invention of claims, can also carry out various modifications to above content.Therefore scope of the present invention is not limited in above explanation, but determined by the scope of claims.

Claims (6)

1.一种创建多核处理器虚拟机系统可信环境的方法,其特征在于,包括:1. A method for creating a multi-core processor virtual machine system trusted environment, characterized in that, comprising: 步骤1,从多核处理器中隔离出一个核,在所述核上运行定制操作系统,在该定制操作系统中运行定制的TPM芯片模拟器,同时将所述定制操作系统和TPM芯片模拟器捆绑,对外提供TPM函数接口以模拟真实的TPM安全芯片,在所述核以及所述定制操作系统上限制外部访问边界为所述模拟的TPM安全芯片;Step 1, isolate a core from the multi-core processor, run a customized operating system on the core, run a customized TPM chip emulator in the customized operating system, and bundle the customized operating system and the TPM chip emulator at the same time , providing a TPM function interface externally to simulate a real TPM security chip, and restricting external access boundaries on the core and the customized operating system to the simulated TPM security chip; 步骤2,在创建可信环境时,所述TPM芯片模拟器对虚拟机监视器的代码进行哈希运算,并保存计算出的哈希值。Step 2, when creating a trusted environment, the TPM chip emulator performs a hash operation on the code of the virtual machine monitor, and saves the calculated hash value. 2.如权利要求1所述的创建多核处理器虚拟机系统可信环境的方法,其特征在于,所述步骤1和所述步骤2之间还包括:2. the method for creating multi-core processor virtual machine system trusted environment as claimed in claim 1, is characterized in that, also comprises between described step 1 and described step 2: 步骤41,运行虚拟工具进行虚拟化,启动有特权的子操作系统;多核处理器中为虚拟机提供服务的核为应用核。Step 41, running a virtualization tool for virtualization and starting a privileged sub-operating system; the core of the multi-core processor that provides services for the virtual machine is the application core. 3.如权利要求2所述的创建多核处理器虚拟机系统可信环境的方法,其特征在于,所述步骤2前还包括:3. the method for creating multi-core processor virtual machine system trusted environment as claimed in claim 2, is characterized in that, before described step 2 also comprises: 步骤51,对所述虚拟工具进行关闭;Step 51, closing the virtual tool; 步骤52,关闭多核处理器虚拟机系统中的应用核,禁止虚拟内存,并禁止直接记忆存储;Step 52, closing the application core in the multi-core processor virtual machine system, prohibiting virtual memory, and prohibiting direct memory storage; 步骤53,对多核处理器虚拟机系统的硬件进行初始化;Step 53, initializing the hardware of the multi-core processor virtual machine system; 所述步骤2后还包括:After the step 2, also include: 步骤54,恢复被关闭的应用核和被禁止虚拟内存,以及被禁止的直接记忆存储;并启动所述虚拟工具建立虚拟机。Step 54, restore the closed application core, the forbidden virtual memory, and the forbidden direct memory storage; and start the virtual tool to create a virtual machine. 4.一种创建多核处理器虚拟机系统可信环境的装置,其特征在于,4. A device for creating a trusted environment for a multi-core processor virtual machine system, characterized in that, 包括用于在创建可信环境时,对虚拟机监控器的代码进行哈希运算并保存计算出的哈希值的定制的TPM芯片模拟器;Includes a custom TPM chip emulator used to hash the hypervisor code and save the computed hash when creating a trusted environment; 所述定制的TPM芯片模拟器运行在多核处理器中隔离出的一个核上的定制操作系统;The customized TPM chip emulator runs a customized operating system on a core isolated in the multi-core processor; 而且所述定制操作系统和定制的TPM芯片模拟器捆绑在一起,对外提供TPM函数接口以模拟真实的TPM安全芯片,并限制外界对所述核与所述定制操作系统的访问的边界仅限于所述定制的TPM芯片模拟器。Moreover, the customized operating system and the customized TPM chip emulator are bundled together to provide a TPM function interface to simulate a real TPM security chip, and limit the access of the outside world to the core and the customized operating system. A custom TPM chip emulator is described. 5.如权利要求4所述的创建多核处理器虚拟机系统可信环境的装置,其特征在于,虚拟工具在在创建可信环境前运行,并启动有特权的子操作系统;多核处理器中为虚拟机提供服务的核为应用核。5. The device for creating a multi-core processor virtual machine system trusted environment as claimed in claim 4, wherein the virtual tool runs before creating a trusted environment, and starts a privileged sub-operating system; The core that provides services for the virtual machine is the application core. 6.如权利要求5所述的创建多核处理器虚拟机系统可信环境的装置,其特征在于,所述装置还包括:6. The device for creating a multi-core processor virtual machine system trusted environment as claimed in claim 5, wherein the device further comprises: 禁止模块,用于在所述TPM芯片模拟器进行度量前对所述虚拟工具进行关闭;关闭多核处理器虚拟机系统中的应用核,禁止虚拟内存,并禁止直接记忆存储;Prohibition module, used to close the virtual tool before the TPM chip simulator performs measurement; close the application core in the multi-core processor virtual machine system, prohibit virtual memory, and prohibit direct memory storage; 安全初始化模块,用于在所述禁止模块完成关闭和禁止后,对多核处理器虚拟机系统的硬件进行初始化,完成初始化后启动所述TPM芯片模拟器;A safety initialization module, used to initialize the hardware of the multi-core processor virtual machine system after the prohibition module is closed and prohibited, and start the TPM chip emulator after initialization is completed; 恢复模块,用于在所述TPM芯片模拟器存储完所述哈希值后,恢复被关闭的应用核和被禁止的虚拟内存,以及被禁止的直接记忆存储;并启动所述虚拟工具进行虚拟机系统的建立。A recovery module, used to restore the closed application core, the forbidden virtual memory, and the forbidden direct memory storage after the TPM chip emulator has stored the hash value; and start the virtual tool to perform virtual Machine system establishment.
CN201010138515.XA 2010-04-01 2010-04-01 Method and device for creating trusted environment of multi-core processor virtual machine system Active CN102214277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010138515.XA CN102214277B (en) 2010-04-01 2010-04-01 Method and device for creating trusted environment of multi-core processor virtual machine system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010138515.XA CN102214277B (en) 2010-04-01 2010-04-01 Method and device for creating trusted environment of multi-core processor virtual machine system

Publications (2)

Publication Number Publication Date
CN102214277A CN102214277A (en) 2011-10-12
CN102214277B true CN102214277B (en) 2014-05-21

Family

ID=44745579

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010138515.XA Active CN102214277B (en) 2010-04-01 2010-04-01 Method and device for creating trusted environment of multi-core processor virtual machine system

Country Status (1)

Country Link
CN (1) CN102214277B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103580885B (en) * 2012-07-20 2017-05-31 华为技术有限公司 Cloud environment monitoring method and physical nodes
CN103530578B (en) * 2013-10-18 2016-01-27 武汉大学 The construction method of a kind of soft structure credible platform module STPM of Android system
CN104468712B (en) * 2014-10-31 2018-05-29 中标软件有限公司 Lightweight credible calculating platform and its communication means, trust chain method for building up
DE102016205289A1 (en) 2016-03-31 2017-10-05 Siemens Aktiengesellschaft Method, processor and device for checking the integrity of user data
CN107301082B (en) * 2016-04-15 2020-10-09 南京中兴软件有限责任公司 Method and device for realizing integrity protection of operating system
CN106778249B (en) * 2017-01-23 2020-02-14 湖南文盾信息技术有限公司 Method and system for constructing trusted execution environment of Java program
CN108959916B (en) * 2017-05-22 2022-01-14 华为技术有限公司 Method, device and system for accessing secure world
CN107861795B (en) * 2017-11-20 2022-04-26 浪潮(北京)电子信息产业有限公司 Method, system, device and readable storage medium for simulating physical TCM chip
CN110109710B (en) * 2019-05-15 2020-05-08 苏州浪潮智能科技有限公司 Method and system for establishing OS (operating system) trust chain without physical root of trust
CN113448677B (en) * 2020-03-24 2024-01-23 阿里巴巴集团控股有限公司 Data processing method and system of virtual machine
DE102020115820B3 (en) 2020-06-16 2021-10-21 Audi Aktiengesellschaft Test device and method and storage medium for operating a processor system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101317417A (en) * 2005-11-29 2008-12-03 英特尔公司 Network access control for many-core systems

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7552419B2 (en) * 2004-03-18 2009-06-23 Intel Corporation Sharing trusted hardware across multiple operational environments
US8266707B2 (en) * 2008-02-28 2012-09-11 Intel Corporation Tamper resistant method, apparatus and system for secure portability of digital rights management-protected content

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101317417A (en) * 2005-11-29 2008-12-03 英特尔公司 Network access control for many-core systems

Also Published As

Publication number Publication date
CN102214277A (en) 2011-10-12

Similar Documents

Publication Publication Date Title
CN102214277B (en) Method and device for creating trusted environment of multi-core processor virtual machine system
Hunt et al. Confidential computing for OpenPOWER
Zhang et al. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
CN101866408B (en) Transparent trust chain constructing system based on virtual machine architecture
EP2973179B1 (en) Dynamically loaded measured environment for secure code launch
CN109165079B (en) Virtualization-based cloud data center trusted platform and trust chain construction method
US8375221B1 (en) Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
CN100533385C (en) Method and apparatus for providing system integrity and legacy environment emulation
US8776245B2 (en) Executing trusted applications with reduced trusted computing base
US8776041B2 (en) Updating a virtual machine monitor from a guest partition
CN102722665B (en) Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM)
US20150089502A1 (en) Method and System for Providing Secure System Execution on Hardware Supporting Secure Application Execution
US20110225624A1 (en) Systems and Methods for Providing Network Access Control in Virtual Environments
WO2009123640A1 (en) Virtual machine manager system and methods
Stumpf et al. Enhancing trusted platform modules with hardware-based virtualization techniques
US11645101B2 (en) Providing trusted virtual secure cryptoprocessors for guests
CN114116026A (en) A method for building a cloud platform trust chain layered model
Yao et al. Sugar: Secure GPU acceleration in web browsers
CN109101319A (en) It is a kind of to realize TPCM fully virtualized platform and its working method on QEMU
Wang et al. VirTEE: A full backward-compatible TEE with native live migration and secure I/O
Chen et al. {CPC}: Flexible, Secure, and Efficient {CVM} Maintenance with Confidential Procedure Calls
Zhao et al. Breaking Turtles All the Way Down: An Exploitation Chain to Break out of {VMware}{ESXi}
Baumann et al. On the verification of system-level information flow properties for virtualized execution platforms
Xing et al. OB‐IMA: out‐of‐the‐box integrity measurement approach for guest virtual machines
Hao et al. vTRUST: a formal modeling and verification framework for virtualization systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240320

Address after: Room 711C, Floor 7, Building A, Yard 19, Ronghua Middle Road, Daxing District, Beijing Economic-Technological Development Area, 100176

Patentee after: Beijing Zhongke Flux Technology Co.,Ltd.

Country or region after: China

Address before: 100190 No. 6 South Road, Zhongguancun Academy of Sciences, Beijing, Haidian District

Patentee before: Institute of Computing Technology, Chinese Academy of Sciences

Country or region before: China

TR01 Transfer of patent right