Abstract
To prevent malicious virtual machine from harming the security of vTPM-VM live migration process, we propose an improved vTPM-VM live migration protocol which uses a TPM-based integrity verification policy and a specific encryption scheme to enhance security. The TPM-based integrity verification policy is presented to ensure that all participating entities in this process are trustworthy. In data transfer phase, the specific encryption scheme is designed to associate the decipher process with one certain platform status so that only the destination platform can gain the key data of the migrated VM and vTPM instance. The security of this new protocol is analyzed. The results show that this protocol can effectively resist most of the attacks in the process of vTPM-VM live migration.
Similar content being viewed by others
References
Perez R, Sailer R, Doorn L. vTPM: virtualizing the trusted platform module[C]//Proc 15th International Conf on USENIX Security Symposium. San Diego: USENIX Press, 2006: 305–320.
Masti R. On the Security of Virtual Machine Migration and Related Topics [D]. Zürich: Eidgenössische Technische Hochschule Zürich, 2010.
Liang X, Jiang R, Kong H. Secure and reliable VM-vTPM migration in private cloud [C]//Proc 2nd International Conf on Instrumentation and Measurement, Sensor Network and Automation. Washington D C: IEEE Press, 2013: 510–514.
Yu Y C, Liu L, Chen Z N. Design of one secure VM-vTPM migration protocol and its realization based on Xen Hypervisor [J]. Application of Electronic Technique, 2012, 38(4): 130–133 (Ch).
Yang S. An improved virtual machine migration method based on trusted computing technology [J]. Computer and Digital Engineering, 2013, 41(10): 1650–1653 (Ch).
Danev B, Masti R. Enabling secure VM-vTPM migration in private clouds [C]//Proc 27th Annual Computer Security Applications Conference. Washington D C: IEEE Press, 2011: 187–196.
Chang D, Chu X, Wei G. Analysis of the security-enhanced vTPM migration protocol based on ProVerif [C]//Proc 5th International Conf on Computational and Information Sciences. Washington D C: IEEE Press, 2013: 1437–1440.
Huang J. On data migration from virtual machine to trusted virtual platform module in cloud services [J]. Computer Applications and Software, 2014, 31(7): 328–333 (Ch).
Yang Y J, Yan F, Mao J P, et al. Ng-vTPM: A next generation virtualized TPM architecture [J]. Journal of Wuhan University (Natural Science Edition), 2015, 61(2): 103–111 (Ch).
Wan X, Zhang X, Chen L. An improved vTPM Migration Protocol Based Trusted Channel [C]//Proc 3rd International Conf on Systems and Informatics. Washington D C: IEEE Press, 2012: 870–875.
Anala R, Shetty J, Shobha G. A framework for secure live migration of virtual machines [C]//Proc 3rd International Conf on Advances in Computing, Communications and Informatics. Washington D C: IEEE Press, 2013:243–248.
Sailer R, Zhang X, Jaeger T. Design and implementation of a TCG-based integrity measurement architecture[C]//Proc 13th Conf on USENIX Security Symposium. San Diego: USENIX Press, 2004: 223–238.
James G. Intel trusted execution technology [EB/OL]. [2015-05-25]. http://www.intel.com/content/www/us/en/architecture-and-technoogy/trusted-execution-technology/trustedexecution-technology-security-paper..html.
McCune M, Parno B J, Perrig A, et al. Flicker: An execution infrastructure for TCB minimization [C]//Proc 3rd ACM European Conf on Computer Systems. New York: ACM Press, 2008: 315–328.
Zhao B, Zhang H G, Li J, et al. The system architecture and security structure of trusted PDA [J]. Chinese Journal of Computers, 2010, 33(1): 82–92 (Ch).
Ji X M, Zhao B, Xiang S, et al. Formally analyzing VMM dynamic measurement based on extended LS2 [J]. Journal of Shandong University (Natural Science Edition), 2014, 49(9): 1–8 (Ch).
Zhao B, Xiang S, Zhang H G, et al. Research on parallel trust structure in virtualization [J]. Journal of University of Electronic Science and Technology of China, 2013, 42(1): 98–104 (Ch).
Zhen G. Research of Enhancement of SSL VPN Protocol Based on TPM [D]. Shanghai: Shanghai Jiao Tong University, 2009(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Basic Research Program of China (973 Program) (2014CB340600), the National High Technology Research and Development Program of China (863 Program) (2015AA016002), the National Natural Science Foundation of China (61173138, 61272452, 61332018)
Biography: FAN Peiru, female, Ph.D. candidate, research direction: information system security.
Rights and permissions
About this article
Cite this article
Fan, P., Zhao, B., Shi, Y. et al. An improved vTPM-VM live migration protocol. Wuhan Univ. J. Nat. Sci. 20, 512–520 (2015). https://doi.org/10.1007/s11859-015-1127-4
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-015-1127-4