Public Key Infrastructure (PKI) is based on public-key cryptography, mainly for solving the issue of key certification, that is, to whom the private key belongs. The emergence of public-key cryptography technology theoretically provides security guarantees to digital signatures in computer networks. PKI is implemented with the signing of digital certificates by CA (Certification Authority), which provides key certification service and publishes the owner's information of the public key.
CA is a third party responsible for signing digital certificates, which is an entity trusted by both parties in communication based on PKI systems. A digital certificate (or simply referred to as certificate) binds public key and the owner's identity of the corresponding private key, by CA's digital signature (or simply referred to as signature). CA's signature is to ensure that any change to a digital certificate will lead to failures in validation of the certificate. A certificate also contains the CA's name and other information, which allows users to find the CA's public key to validate the digital signature on the certificate.
The process of signing a digital certificate is hierarchical. The uppermost CA, or referred to as the root CA, and is responsible for signing a certificate to a subordinate CA. The subordinate CA can also sign certificates to lower CAs subsequently, until the CAs at the bottom use their private keys to sign digital certificates to subscribers. In this process, all the intermediate CAs (or simply referred to as sub CAs) have a CA certificate signed by a superior CA, which is the same as that of the subscribers. The uppermost root CA has a self-signed certificate, referred to as a self-signed certificate of root CA, or simply as a root CA certificate. The root CA certificate includes the public key and the identity of the root CA; the associated digital signature is generated using the root CA's own private key. The root CA certificate and the certificates at other layers together form a certificate chain. A certificate chain can have only two layers, in which case the root CA directly signs digital certificates to a subscriber.
In order to verify that the information in a digital certificate has not been maliciously tampered with, and correctly obtain the communication peer's public key, a PKI user needs to conduct the following steps. (1) Firstly, it securely obtains a self-signed root CA certificate from the root CA, and makes sure that the transfer process has not been tampered with, and installs the root CA certificate on the user's computer system. (2) It verifies the certificates in certificate chain one by one. It checks the validity of current digital certificate, such as validity period (and its revocation status, certificate extensions, etc.). It then obtains the digital certificate of the issuer who signed the current digital certificate, views the certificate issuer's information after obtaining the certificate of the issuer; and then obtains the digital certificate of the issuer at the next higher layer, thus obtains certificates one by one. (3) The above steps are repeated until a root CA certificate is obtained. Because it is a self-signed certificate, the root CA certificate does not need to be verified by other certificates. User simply checks the validity period of the root CA certificate. (4) User uses the public key in the root CA certificate to verify the signature of its subordinate CA certificate to make sure that the certificate has not been tampered with, and checks validity of the subordinate CA certificate, such as its validity period (and revocation status, certificate extensions, etc.). It then reads the public key from the subordinate CA certificate. (5) User repeats the same step above to verify the signature of the certificate at its next layer, and checks if the digital certificate is valid. The process is repeated until that all digital certificates of the communication peer are verified, that the public key data is read from the certificate, and that the public key of the certificate holder is confirmed. At this point the PKI user can use the public key of the digital certificate of the communication partner to encrypt communication content and verify digital signature.
In above steps of verifying digital certificates, all certificates of intermediate CAs and communication partner are verified by their superior CAs' public keys and are ensured to be free of tampering. Only the root CA certificate, as a self-signed certificate, is not verified at the starting point of the process using other reliable data. Once a user chooses to trust the root CA certificate, all certificates signed by the private key of the root CA will be trusted. Thus, root CA certificate must be obtained using a reliable and trustworthy method, and should be properly stored on the user's computer, to prevent it from being replaced or added maliciously. Otherwise, it may cause harm to users. For example, if a malicious attacker had inserted a self-signed certificate into a user's list of root CA certificates, the attacker could then attack the user. If the user visited a phishing site using the fake inserted root CA certificate, the user would trust the phishing site after the site is authenticated by the maliciously inserted root CA certificate. The user's personal information such as account and password could be stolen by the phishing site.
In existing operating systems such as Windows, the list of root CA certificates is maintained by operating system. To install a root CA certificate requires user's consent. However, in many cases, users do not understand the impact of adding a root CA certificate and may agree with adding a root CA certificate at will. In practice, a root CA certificate could be forged and maliciously inserted or used, for various reasons such as CA administrator's negligence, improper software implementation, and penetration attacks. In fact, while a user is unaware of that, a malicious third party could stealthily add a malicious root CA certificate, through several kinds of methods such as virus, Trojan horse, and even simple script. If a malicious root CA certificate were successfully added, all digital signatures that could be verified by any certificate chains starting from the root CA certificate would be trusted, which would be, for example, a digital signature of malicious code requested to be installed on user's computer or a digital certificate initiated by a malicious peer to communicate with user. At this time, malicious codes could attack user's computer, such as stealing private data and disguising the identity of a malicious party as others the user communicates with, etc. These attacks can cause great harm to user. Thus, the security of root CA certificates is particularly important.
Virtualization technology has been widely used since AMD and Intel had launched products supporting hardware virtualization in succession. Using virtualization, enterprises can reduce cost of capital and office space requirement, and improve availability, flexibility and security of business. Virtualization technology enables users to run multiple guest virtual machines (or referred to as virtual machines or VMs) on a physical computer, wherein the physical computer is called the host.
Virtualization technology isolates user's virtual machines, providing software separation at another level. Even when a particular virtual machine is exposed to attacks and infection from the Internet, the security of the virtualization platform is not threatened, let alone other virtual machines. Virtualization platform includes an important component: the virtual machine monitor (VMM). Its main role is to manage the resources on the host and to enable virtual machines running on the host sharing the same set of host resources.