Security-enhanced live migration based on SGX for virtual machine
The virtual machine may face the problem of information leakage in live migration.Therefore,a dynamic memory protection technique SGX was introduced and a security enhancement live migration method based on KVM environment was proposed.Firstly,on both sides of migration,a hardware-isolated secure ex...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2017-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017183/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539484929228800 |
|---|---|
| author | Yuan SHI Huan-guo ZHANG Bo ZHAO Zhao YU |
| author_facet | Yuan SHI Huan-guo ZHANG Bo ZHAO Zhao YU |
| author_sort | Yuan SHI |
| collection | DOAJ |
| description | The virtual machine may face the problem of information leakage in live migration.Therefore,a dynamic memory protection technique SGX was introduced and a security enhancement live migration method based on KVM environment was proposed.Firstly,on both sides of migration,a hardware-isolated secure execution environment centered SGX was built.It guaranteed the security of operations like encryption and integrity measurement and also ensured the security of private data.An encrypted channel to transfer migration data based on the remote attestation between the secure execution environments of both migration sides was constructed.And the mutual authentication of both sides’ platform integrity was realized.Finally,the security enhancement effect and did the experiment was analyzed.The results shows that the introduction of SGX won’t cause much negative effect to the migration performance. |
| format | Article |
| id | doaj-art-22fa193d47d1475f8dcf094b2b2354d7 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2017-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-22fa193d47d1475f8dcf094b2b2354d72025-01-14T07:12:57ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2017-09-0138657559712114Security-enhanced live migration based on SGX for virtual machineYuan SHIHuan-guo ZHANGBo ZHAOZhao YUThe virtual machine may face the problem of information leakage in live migration.Therefore,a dynamic memory protection technique SGX was introduced and a security enhancement live migration method based on KVM environment was proposed.Firstly,on both sides of migration,a hardware-isolated secure execution environment centered SGX was built.It guaranteed the security of operations like encryption and integrity measurement and also ensured the security of private data.An encrypted channel to transfer migration data based on the remote attestation between the secure execution environments of both migration sides was constructed.And the mutual authentication of both sides’ platform integrity was realized.Finally,the security enhancement effect and did the experiment was analyzed.The results shows that the introduction of SGX won’t cause much negative effect to the migration performance.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017183/virtualizationlive migrationIntel SGXremote attestationintegrity measurement |
| spellingShingle | Yuan SHI Huan-guo ZHANG Bo ZHAO Zhao YU Security-enhanced live migration based on SGX for virtual machine Tongxin xuebao virtualization live migration Intel SGX remote attestation integrity measurement |
| title | Security-enhanced live migration based on SGX for virtual machine |
| title_full | Security-enhanced live migration based on SGX for virtual machine |
| title_fullStr | Security-enhanced live migration based on SGX for virtual machine |
| title_full_unstemmed | Security-enhanced live migration based on SGX for virtual machine |
| title_short | Security-enhanced live migration based on SGX for virtual machine |
| title_sort | security enhanced live migration based on sgx for virtual machine |
| topic | virtualization live migration Intel SGX remote attestation integrity measurement |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017183/ |
| work_keys_str_mv | AT yuanshi securityenhancedlivemigrationbasedonsgxforvirtualmachine AT huanguozhang securityenhancedlivemigrationbasedonsgxforvirtualmachine AT bozhao securityenhancedlivemigrationbasedonsgxforvirtualmachine AT zhaoyu securityenhancedlivemigrationbasedonsgxforvirtualmachine |