Format

Send to

Choose Destination
Sensors (Basel). 2018 Nov 6;18(11). pii: E3807. doi: 10.3390/s18113807.

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology.

Author information

1
Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China. shn4166@163.com.
2
Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China. he_reongyu@hotmail.com.
3
ATR Key Laboratory of National Defense Technology, Shenzhen University, Shenzhen 518060, China. yzhang@szu.edu.cn.
4
Information Science and Technology Institute, Information Engineering University, Zhengzhou 450001, China. wangry@163.com.
5
Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, Hong Kong SAR 999077, China. wh.ip@polyu.edu.hk.
6
Department of Industrial and Systems Engineering, the Hong Kong Polytechnic University, Hong Kong SAR 999077, China. kl.yung@polyu.edu.hk.

Abstract

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, 'enclave TPM (eTPM)' to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in 'enclave', an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

KEYWORDS:

eTPM; intel sgx; memory protection; trusted cloud; user-specific

Supplemental Content

Full text links

Icon for Multidisciplinary Digital Publishing Institute (MDPI) Icon for PubMed Central
Loading ...
Support Center