###
工程科学与技术:2017,49(2):133-139
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
vTSE:一种基于SGX的vTPM安全增强方案
严飞1,2, 于钊1,2, 张立强1,2, 赵波1,2
(1.空天信息安全与可信计算教育部重点实验室, 湖北 武汉 430072;2.武汉大学 计算机学院, 湖北 武汉 430072)
vTSE: A Solution of SGX-based vTPM Secure Enhancement
(1.Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education, Wuhan 430072, China;2.School of Computer, Wuhan Univ., Wuhan 430072, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 2256次   下载 851
投稿时间:2016-09-18    修订日期:2017-01-11
中文摘要: 针对现有虚拟化可信平台架构中vTPM(virtual trusted platform module)实例缺乏有效安全保障的问题,提出一种基于Intel SGX(software guard extension)的虚拟可信平台模块安全增强方案——vTSE。该方案利用SGX技术的物理安全隔离特性,将vTPM实例的代码和数据放入SGX提供的安全隔离区域enclave中进行隔离保护;同时vTSE使用SGX具有的基于可信区身份的密封功能加密存储安全隔离区中的非易失数据。通过实验证明了本方案能够在vTPM实例运行时动态地保护其代码和数据的机密性、完整性,同时实现vTPM实例数据的安全存储。最后,从安全性和性能开销两方面进行评估,实验结果表明,vTSE的方案在保证vTPM实例运行和存储安全的同时,增加的性能开销不超过1 ms。
Abstract:In order to solve the problem that there is no enough security assurance of virtual trusted platform module (vTPM) in virtualized trusted platform architecture,a vTPM security enhancement (vTSE) method based on Intel SGX (software guard extension) was proposed.The characteristic of physical memory isolation of SGX was utilized firstly.Then the code and data of vTPM instances was isolated and protected in safety isolation region created by SGX.At the same time,the sealing features based on trusted area identity of enclave was used to confidentially store the nonvolatile data in safety isolation region.The experimental results showed that this method could not only dynamically protect the confidentiality and integrity of code and date during the operation of vTPM instances,but also realized the secure storage of vTPM instances data.Finally,the security and performance evaluation of the system was done.The results showed that while the proper functioning and secure storage of vTPM instances were ensured,the performance overhead added was less than 1 ms.
文章编号:201601038     中图分类号:    文献标志码:
基金项目:国家自然科学基金资助项目(61272452;61303024;61003268);国家重点基础研究发展计划资助项目(2014CB340601);江苏省自然科学基金青年基金资助项目(BK20130372);国家"863"课题资助项目(2015AA016002)
作者简介:
引用文本:
严飞,于钊,张立强,赵波.vTSE:一种基于SGX的vTPM安全增强方案[J].工程科学与技术,2017,49(2):133-139.
YAN Fei,YU Zhao,ZHANG Liqiang,ZHAO Bo.vTSE: A Solution of SGX-based vTPM Secure Enhancement[J].Advanced Engineering Sciences,2017,49(2):133-139.