基于轻量虚拟化可信基的可信计算环境构建机制研究

项目名称： 基于轻量虚拟化可信基的可信计算环境构建机制研究

项目编号： No.61202397

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 程戈

作者单位： 湘潭大学

项目金额： 22万元

中文摘要： 诸如航空、航天、金融、证券、医疗、电子政务等关键领域，对软件的可信性提出了迫切需求。虚拟机架构能够实现系统资源的虚拟化并可以隔离软件与硬件、应用软件与底层系统之间的直接依赖关系。通过虚拟化技术与可信硬件平台相结合的方式构建可信计算环境，为解决计算机安全面临的挑战提供了有效的途径。然而,基于虚拟化技术构建可信计算环境还面临着虚拟化开销大、信任链构建、隔离粒度及不可信服务调用等诸多挑战。针对这些问题，本课题拟从4个方面开展研究：1）轻量虚拟化可信基的构建机制：研究解决轻量虚拟化可信基的动态拆装和自适应问题；2）基于轻量虚拟化可信基的动态可信架构：研究解决基于轻量虚拟化可信基的动态信任链构建、完整性保护等问题；3）基于轻量虚拟化可信基的软件行为监控机制：研究解决基于轻量级虚拟化可信基的软件行为监控问题；4）基于轻量级虚拟化的软件可信执行机制，研究解决软件执行过程中的内存隔离、可信服务调用等问题。

中文关键词： 轻量虚拟化；动态可信度量；隔离粒度；可信网络；沙盒

英文摘要： Combination of virtualization technology and trusted hardware platform provides an effective way to solve the challenges of computer security. However, as virtualization is originally motivated and designed for consolidating servers and planning resources, these approaches usually introduce heavy performance overhead caused by virtual machine monitors (VMMs or hypervisors), which manage resource isolation and schedule tasks between VMs. Therefore, even if a user does not need high security environment for every application or for all the execution time a sensitive application, he has to bear the cost and performance overhead of virtualization. Furthermore, the concern of the trustworthiness for general purpose VMMs arises as they have grown both in code size and functional features, which make them like a traditional OS with large TCB. Consequently, similar to commodity OS,VMMs are prone to design and implement vulnerabilities, and therefore their isolation and security functions might be compromised by attacks from guest OS. To solve these problems, this project focuse on the following aspects: 1) how to created and removed the lightweight virtualization layer dynamically during the operating system runtime, and therefore the system does not need to bear the overhead of virtualization when it does not run any

英文关键词： Lightweight Virtual Machine Moniter；ondemand virtualization；fine-grained protection；trusted network；sanbox