工程科学与技术2017,Vol.49Issue(2):133-139,7.DOI:10.15961/j.jsuese.201601038
vTSE:一种基于SGX的vTPM安全增强方案
vTSE:A Solution of SGX-based vTPM Secure Enhancement
摘要
Abstract
In order to solve the problem that there is no enough security assurance of virtual trusted platform module (vTPM) in virtualized trusted platform architecture,a vTPM security enhancement (vTSE) method based on Intel SGX (software guard extension) was proposed.The characteristic of physical memory isolation of SGX was utilized firstly.Then the code and data of vTPM instances was isolated and protected in safety isolation region created by SGX.At the same time,the sealing features based on trusted area identity of enclave was used to confidentially store the nonvolatile data in safety isolation region.The experimental results showed that this method could not only dynamically protect the confidentiality and integrity of code and date during the operation of vTPM instances,but also realized the secure storage of vTPM instances data.Finally,the security and performance evaluation of the system was done.The results showed that while the proper functioning and secure storage of vTPM instances were ensured,the performance overhead added was less than 1 ms.关键词
可信计算/虚拟可信平台模块/Intel SGXKey words
trusted computing/virtual trusted platform module/Intel SGX分类
信息技术与安全科学引用本文复制引用
严飞,于钊,张立强,赵波..vTSE:一种基于SGX的vTPM安全增强方案[J].工程科学与技术,2017,49(2):133-139,7.基金项目
国家自然科学基金资助项目(61272452 ()
61303024 ()
61003268) ()
国家重点基础研究发展计划资助项目(2014CB340601) (2014CB340601)
江苏省自然科学基金青年基金资助项目(BK20130372) (BK20130372)
国家“863”课题资助项目(2015AA016002) (2015AA016002)
