Virtualization technology includes introducing a virtual layer between software and hardware, so as to virtualize underlying physical devices into a plurality of virtual devices, and achieve the multiplexing of the physical devices through the scheduling of the virtual devices by each virtual computer (virtual machine). The virtualization technology can run a plurality of virtual machines on a hardware platform, the operations on hardware resources performed by the virtual machines and the interaction between virtual machines are mostly coordinated through the virtual layer, and there is not too much interaction in a virtual machine layer. The relation between the virtual machines is similar to that between two physical computers, and strong isolation is implemented. Due to the strong isolation between the virtual machines, failure of a virtual machine can hardly cause any influence to other virtual machines on the platform. The platform on which the virtual machines locate provides an independent and isolated operation environment for application software while fully utilizing the hardware resources, thereby maximally limiting a spread range of the security risk of application programs, and maintaining the stability of a system platform.
A virtual trusted platform has underlying trusted hardware as root of trust, so as to ensure that the platform can faithfully record and report a current status of the platform. The hardware generally means a trusted chip of a Trusted Platform Module (TPM). In a boot process of the platform, the TPM, an origin ensuring trusted attributes, performs integrity validation on a next member to be booted, and extends a trusted relation to the member. By performing integrity validation layer by layer, the platform can finally extend the trusted relation to an application program, so that a complete chain of trust is constructed from a Basic Input/Output System (BIOS), an Operating System (OS) boot program, an OS kernel program, and finally to the application program, thereby ensuring trusted attributes of the application software.
With the wide use of the virtualization technology, it is considered, in the field of the information security technology, to introduce a trusted computing technology into a virtualization application field, so as to ensure trusted attributes of a virtual machine. The virtual trusted platform ensures the effective extension of the trust chain based on the use of the virtualization technology, so that the conception of the trust chain is extended to virtual machines that run on a virtual platform, thereby ensuring that operating systems in the virtual machines also run in a trusted environment. Application programs that run on a guest operating system can use a TPM function like the case they use a TPM function on a traditional platform.
Virtual machine migration is an important advantage of the virtualization technology. At present, there are more and more application requirements for secure migration of virtual machines in industry, for example, load balance of a system platform is ensured through the migration of virtual machines, by migrating a virtual machine running on a platform with a heavier load to a platform with a lighter load, so as to ensure the full utilization of hardware resources on different platforms, and improve the system work efficiency. Alternatively, the dependence of an application program on underlying hardware resources is lowered through the migration of the virtual machine, so as to shorten a downtime. Alternatively, if underlying hardware needs to be maintained due to failure, too much influence caused by the failure of the underlying resources of the platform to the normal operation of the virtual machine can be prevented by migrating a running virtual machine to a normally working system platform.
The inventor found in implementation of the present invention that as the trusted computing technology is introduced to the virtualization application field, there is an urgent need in the industry for a virtual machine migration decision-making solution capable of ensuring the security of virtual machine migration in a virtual trusted platform.