云计算作为一种新型高价值计算系统, 目前被广泛应用于各行业领域; 等保2.0中也提出了对其应用主动免疫可信计算技术进行动态可信验证的要求. 云计算模式下, 虚拟机作为用户使用云服务的直接载体, 其可信启动是虚拟机运行环境可信的基础. 但由于虚拟机以进程的形式运行在物理节点上, 其启动过程呈现出高动态性, 且多虚拟机域间存在非预期干扰等特点; 而现有的虚拟机可信启动方案存在虚拟机启动过程的动态防护性不足、缺乏多虚拟域间非预期干扰性排除等问题. 针对上述问题, 提出一种基于无干扰理论的虚拟机可信启动研究方案. 首先, 基于无干扰理论, 提出了虚拟机进程的运行时可信定理; 进一步地, 给出了虚拟机可信启动的定义并证明了虚拟机可信启动判定定理. 其次, 依据虚拟机可信启动判定定理, 基于系统调用设计监测控制逻辑, 对虚拟机启动过程进行主动动态度量与主动控制. 实验结果表明所提方案能够有效排除复杂云环境下多虚拟机间非预期干扰, 保证虚拟机启动过程的动态可信性, 且性能开销较小.
As a new type of high-value computing system, cloud computing has been widely used in various industries fields. Classified protection 2.0 also puts forward the requirement of dynamic trust verification for its application of active immune trusted computing technology. In the cloud computing mode, the virtual machine is the direct carrier for users to use cloud services, and its trusted startup is the basis for the trustworthiness of the virtual machine operating environment. However, since the virtual machine runs on the physical node in the form of process, its characteristics of startup process are high dynamic and unexpected interference between multiple virtual machine domains. But the existing trusted startup schemes of virtual machine have problems such as insufficient dynamic protection during virtual machine startup process and lack of elimination of unexpected interference between multiple virtual domains. To solve the above problems, this study proposes a scheme that research on trusted startup of virtual machine based on non-interference theory. Firstly, based on the non-interference theory, the run-time trusted theorem of virtual machine process is proposed. In addition, the definition of trusted launch of virtual machine is given and the judgement theorem of trusted boot of virtual machine is well proved. Then, according to the trusted startup theorem of virtual machine, the monitoring and control logic is designed based on system call, and the virtual machine startup process is actively measured and controlled. Finally, the experimental evaluation shows that the proposed scheme can effectively eliminate the unexpected interference between multiple virtual machines in complex cloud environment, ensure the dynamic credibility of virtual machine startup process, and greatly reduce the performance overhead.