Abstract
Combination of Cloud Computing and Trusted Computing is an important method to build a trusted cloud environment, and the most critical problem is the virtualization of TPM (Trusted Platform Module, TPM). But in view of the current research, TPM virtualization still not only does not meet the whole TCG specification, but also has a lot of security issues, and it is becoming the bottleneck of building a trusted cloud environment by combination of Cloud Computing and Trusted Computing. This paper introduces the basic concepts, types and basic requirements of TPM virtualization. The classification model of TPM virtualization is put forward by the I/O device virtualization technology. The main research work of the key technologies of TPM virtualization, such as architecture, key management, certification trust extension, migration and so on, are described in detail, moreover taking time as the clue, we can display a panoramic view of the evolution of related key technologies. Combined with the existing research results, the research direction and challenges of TPM virtualization under TCG architecture are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The relevant connotations of general security threats, privileged security threats and shared security threats are described in the literature [61]
- 2.
Although S Berger is a researcher at the IBM T. J. Watson Research Center, the published results are academic papers, so he is still attributed to academia.
References
Trusted Computing Group. https://www.trustedcomputing-group.org. Accessed 08 Sept 2019
TPM Specification, Version 2.0/Part 1, Architecture. https://www.Trustedcomputinggroup.org/wp-con-tent/uploads/TPM-Rev-2.0-Part1-Architecture-01.36_public-review.pdf. Accessed 08 Sept 2019
TPM Specification, Version 2.0/ Part 2, Structures. https://www.Trustedcomputinggroup.org/wp-con-tent/uploads/TPM-Rev-2.0-Part2-Structures-01.36_public-review.pdf. Accessed 08 Sept 2019
Specification, Version 2.0/ Part 3, Commands. https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part3-Commands-01.36-code_public-review.pdf. Accessed 08 Sept 2019
TPM Specification, Version 2.0/Part 4, Supporting Routines. https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part3-Commands-01.36-code_public-review.pdf. Accessed 08 Sept 2019
Changxiang, S., Huanguo, Z., Dengguo, F., et al.: Information security review. Scientia Sinica Ser. E: Inf. Sci. 37(2), 129–150 (2007)
Changxiang, S., Huanguo, Z., Huaiming, W., et al.: Research and development of trusted computing. Scientia Sinica Ser. E: Inf. Sci. 40(2), 139–166 (2010)
Dengguo, F., Yu, Q., Dan, W., et al.: Research on trusted computing technology. J. Comput. Res. Dev. 48(8), 1332–1349 (2011)
State Cryptography Administration: Trusted Computing Cryptographic Support Platform Function and Interface Specification (2007)
Rimal, B.P., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: Proceedings of the 2009 Fifth International Joint Conference on INC, IMS and IDC, pp. 44–51. IEEE, Seoul (2009)
Yao, S., et al.: An efficient multi-objective scheduling method for data flow in cloud environment. J. Softw. 28(3), 1–19 (2017)
Siyao, X., Weiwei, L., Zijun, W.: Virtual machine placement algorithm based on peak load characteristics. J. Softw. 27(7), 1876–1887 (2016)
Wei, W., Zeyu, G., Wenbo, Z., et al.: A cloud computing system fault detection method based on adaptive monitoring. Chin. J. Comput. 39(163), 1–15 (2016)
Guofeng, W., Chuanyi, L., Hezhong, P., et al.: Overview of internal threats in cloud computing models. Chin. J. Comput. 39(145), 1–21 (2016)
Lifang, R., Wenjian, W., Xing, X.: Adaptive cloud computing service portfolio with uncertain perception. J. Comput. Res. Dev. 53(12), 2867–2881 (2016)
Junjie, L., Fenghua, L., Qiongni, L., et al.: Optimized high-dimensional index and KNN query under MapReduce framework. Acta Electronica Sinica 44(8), 1873–1880 (2016)
Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2/. Accessed 08 Sept 2019
Google App Engine (GAE). https://appengine.google.com/. Accessed 08 Sept 2019
Microsoft Azure Services Platform. http://www.microsoft.com/azure/. Accessed 08 Sept 2019
Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems (Eucalyptus). http://www.eucalyptus.com/. Accessed 08 Sept 2019
Chuang, L., Wenbo, S., Kun, M., et al.: Cloud computing security: architecture, mechanism and model evaluation. Chin. J. Comput. 36(9), 1765–1784 (2013)
Berger, S., Cáceres, R., Goldman, K.A., et al.: vTPM: virtualizaing the trusted platform modual. In: Proceedings of the 15th USENIX security Symposium, pp. 305–320. ACM, Vancouver (2006)
England, P., Loeser, J.: Para-Virtualized TPM sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_9
Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: Proceedings of the 2008 Second International Conference on Emerging Security Information, pp. 1–9. IEEE, Cap Esterel (2008)
Lei, S., Deqing, Z., Hai, J.: Xen Virtualization Technology. Huazhong University of Science and Technology Press, Hangzhou (2009)
AlBelooshi, B., Salah, K., Martin, T., et al: Securing cryptographic keys in the IaaS cloud model. In: 8th International Conference on Utility and Cloud Computing (UCC), pp. 397–401. IEEE, Limassol (2015)
Zhilou, Y., Qiao, W., Weipin, Z., et al.: A cloud certificate authority architecture for virtual machines with trusted platform module. In: IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), pp. 1377–1380. IEEE, New York (2015)
Dexian, C., Xiaobo, C., Yu, Q., et al.: TSD: a flexible root of trust for the cloud. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 119–126. IEEE, Liverpool (2012)
Xin, W., Zhiting, X., Yi, R.: Building trust into cloud computing using virtualization of TPM. In: Fourth International Conference on Multimedia Information Networking and Security, pp. 59–63. IEEE, Nanjing (2012)
Dongliang, X., Xiaolong, W., Yunwei, G., et al.: TrustVP: construction and evolution of trusted chain on virtualization computing platform. In: Eighth International Conference on Computational Intelligence and Security (CIS), pp. 623–630. IEEE, Guangzhou (2012)
Microsoft MVP. http://anilerduran.com/vtpm-in-windows-server-2016-hyper-v/. Accessed 08 Sept 2019
Oricale. https://www.virtualbox.org/. Accessed 08 Sept 2019
VMware. http://www.vmware.com/. Accessed 08 Sept 2019
Xen project. http://www.xenproject.org/. Accessed 08 Sept 2019
KVM project. http://www.linux-kvm.org/. Accessed 08 Sept 2019
Scarlata, V., Rozas, C., Wiseman, M., et al.: TPM virtualization: building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-8348-9452-6_4
Anderson, M.J., Moffie, M., Dalton, C.I.: Towards trustworthy virtualization environments: Xen library OS security service infrastructure. Hewlett-Packard Lab. 2007(1), 43–51 (2007)
Murray, G., Milos, G., Hand, S.: Improving Xen security through disaggregation. In: VEE 08: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 151–160. ACM, Seattle (2008)
David, P., Serdar, C., Chris, D., et al.: TPM virtualisation architecture document. Open Trusted Computing (2009)
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_1
Xin, J., Lina, W., Rongwei, Y., et al.: Administrative domain: security enhancement for virtual TPM. In: International Conference on Multimedia Information Networking and Security, pp. 767–771. IEEE, Nanjing (2010)
Weiqi, D.: Research on key issues of trusted construction of cloud computing execution environment. Huazhong University of Science and Technology (2015)
Bade, S.A., Betz, L.N., Kegel, A.G., et al.: Method and system for virtualization of trusted platform modules. US Patent 7 380 119, May, 2008
Feller, T., Malipatlolla, S., Kasper, M., et al.: dcTPM: a generic architecture for dynamic context management. In: International Conference on Reconfigurable Computing and FPGAs, pp. 211–216. IEEE, Cancun (2011)
Smith, N.M.: Method and apparatus for virtualization of a multi-contexthardware trusted platform module (TPM). US Patent 2009/0 055 641 A1, February 2009
Jayaram Masti, R., Marforio, C., Capkun, S.: An architecture for concurrent execution of secure environments in clouds. In: Proceedings of the 2013 ACM workshop on Cloud computing security workshop, pp. 11–22. ACM, Berlin (2013)
Yap, J.Y., Tomlinson, A.: Para-virtualizing the trusted platform module: an enterprise framework based on version 2.0 specification. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 1–16. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_1
Pci-sig-single root iov. http://www.pcisig.com/specifica-tions/iov/Single_root/. Accessed 08 Sept 2019
Mingda, L., Longyu, M.: A virtual environment security isolation model based on SR-IOV technology. In: Proceedings of the 31st National Computer Security Academic Exchange Conference, pp. 84–89. CNKI, Xiamen (2016)
Xinlong, L., Rui, J., Huafeng, K.: Secure and reliable VM-vTPM migration in private cloud. In: 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA), pp. 510–514. IEEE, Toronto (2013)
Yongjiao, Y., Fei, Y., Junpeng, M., et al.: Ng-vTPM: a new generation of TPM virtualization framework design. J. Wuhan Univ. (Nat. Sci. Ed.) 61(2), 103–111 (2015)
Goyette, R.: A review of vTPM: virtualizing the trusted platform module. In: Network Security and Cryptography Symposium, pp. 1–17 (2007)
Lina, W., Hanjun, G., Rongwei, Y., et al.: Research on the construction method of trusted virtual execution environment based on trust extension. J. Commun. 32(9), 1–8 (2011)
Danev, B.: Enabling secure VM-vTPM migration in private clouds. In: ACSAC 2011 Proceedings of the 27th Annual Computer Security Applications Conference, pp. 187–196. ACM, Orlando (2011)
Xin, W., XinFang, Z., Liang, C., et al.: An improved vTPM migration protocol based trusted channel. In: International Conference on Systems and Informatics (ICSAI), pp. 870–875. IEEE, Yantai (2012)
Yinchao, Y., Zai, L., Zuoning, C.: Design and implementation of a secure VM-v TPM migration protocol. Appl. Electron. Tech. 38(4), 130–133 (2012)
Armbrust, M., Fox, A., Grith, R., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Peiru, F., Bo, Z., Yuan, S., et al.: An improved vTPM-VM live migration protocol. Wuhan University J. Nat. Sci. 20(6), 512–520 (2015)
Yuqing, H., Bo, Z., Jue, X., et al.: A KVM-based v TPM virtual machine dynamic migration scheme. J. Shandong Univ. (Nat. Sci. Ed.) 52(6), 69–75 (2017)
Virtual platform working group (VPWG) on virtualized trusted platform architecture specification. https://www.trusted-computinggroup.org/wp-content/uploa-ds/TCG_VPWG_Architecture_V1-0_R0-26_FINAL.pdf. Accessed 08 Sept 2019
Yan, D., Huaiming, W., Peichang, S., et al.: Trusted cloud service. Chin. J. Comput. 38(5), 133–149 (2015)
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Grant No. 61373162), and the Sichuan Provincial Key Laboratory Project (Grant No. KJ201402).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Tan, L., Xiao, H., Wang, J. (2020). Research and Development of TPM Virtualization. In: Han, W., Zhu, L., Yan, F. (eds) Trusted Computing and Information Security. CTCIS 2019. Communications in Computer and Information Science, vol 1149. Springer, Singapore. https://doi.org/10.1007/978-981-15-3418-8_15
Download citation
DOI: https://doi.org/10.1007/978-981-15-3418-8_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-3417-1
Online ISBN: 978-981-15-3418-8
eBook Packages: Computer ScienceComputer Science (R0)