With the continuous development of cloud computing, virtualization technology has become more widely used. With virtualization technology, multiple virtual machines (VMs) can be run on a single physical computer platform at the same time. Virtualization technology has many advantages. First, Virtual Machine Monitor (VMM) can manage resources of the physical platform and monitor virtual machines running on it. Secondly, virtualization technology ensures that different virtual machines are isolated from each other and the service on a virtual machine does not affect other virtual machines. Finally, the virtual machine can be quickly and easily copied, moved, etc.
Virtualization technology can provide virtual desktop and other convenient and efficient services for the majority of network user groups. The groups involved in this model can be broadly divided into two categories: administrators and common users. Among them, an administrator is responsible for the maintenance and management of the back end for the entire virtualization environment. A common user only uses external virtual machine functions (such as virtual desktop) provided by the virtualization environment and does not have access right to the back end of the virtualization environment.
In the case of virtual desktops described above, administrators need to centrally manage multiple virtual machines in a virtualization environment. The current virtualization management platform mainly includes oVirt, RHEV, Xen-Center, Virt-Manager, etc., which uses virtualization management platform to conveniently build a virtualization environment on a number of physical platforms in a cloud computing environment, and effectively manage various types of resources under a unified and effective management, including especially the creation, copying, moving and backup, etc. of the virtual machines. The structure of the virtualization platform mainly includes the following components: the host, which is the physical platform on which the virtual machine is running, and which provides the actual hardware platform for the running of the virtual machine. A cloud computing environment can have multiple hosts, and each host can run multiple virtual machines. Due to the existence of virtual machine monitor, a host computer can run multiple independent guest virtual machines (guest VM), each of which has an independent virtual machine operating system and multiple applications. A management center (manager) is responsible for the unified management of the hosts, virtual machines, the network and other resources in the entire virtual platform environment. A storage system (storage) stores various types of data resources on a virtualization platform, including disk mapping of guest VM.
Nowadays the implementation of many computer applications depends on cryptography. For example, the cryptographic algorithm can achieve data encryption, integrity verification, certificate signing, and other applications. The basic assumption of a cryptographic algorithm is that an attacker cannot get a key, and only the key owner can access the key. But this assumption is often difficult to be guaranteed in the actual information system. In traditional computer systems, an attacker can steal a key using multiple types of attacks: on the one hand, an attacker can steal key data directly from the computer's memory using software or hardware attacks; on the other hand, an attacker can restore the key data using side-channel attacks and other indirect attack methods.
For protecting key, there are usually two solutions: one is the development of dedicated hardware for key storage, cryptographic operation and etc. But many cryptographic hardware cannot be adequately combined with virtualization environments, as they are difficult to be deployed on the virtualization environment platform.
Another solution is to use software to provide secure cryptographic operation services. Software-based cryptographic services are less costly, easier for the large-scale deployment, and can be combined with the virtualization environment. One such scheme is the virtual cryptographic device solution proposed by The Institute of Information Engineering of the Chinese Academy of Sciences. The scheme designs a virtual cryptographic device manager running in the virtual machine monitor to manage the available cryptographic devices (which can be implemented by the software cryptographic algorithm executed on the virtual machine monitor) on the host to create a virtual device providing cryptographic computation (known as a virtual cryptographic device, which stores keys assigned to a guest virtual machine) for use by the guest virtual machine. The guest virtual machine communicates with the virtual cryptographic device through a virtual device interface. When the guest virtual machine needs to perform a cryptographic computation, it sends a request to the virtual cryptographic device. The virtual cryptographic device manager completes the cryptographic computation, and returns the result of the computation to the guest virtual machine.
Specifically, the virtual cryptographic device scheme described above is exemplified by QEMU-KVM (called virtio-ct), as shown in FIG. 5. The main goal of virtio-ct is that all keys and sensitive intermediate states in the computation cannot be accessed by the guest virtual machine. The key is stored in the form of a file on the disk of the host, and the key entity is assigned to the guest virtual machine by specifying the path of the key file. The cryptographic computation is performed according to the message sent from the guest virtual machine, which directly calls the cryptographic algorithm software implementation to carry out the corresponding cryptographic computation. The virtual cryptographic device manager is implemented in QEMU-KVM, and integrated in the QEMU process. The passing of the computation request and the computation result between the virtual cryptographic device and the guest virtual machine is implemented with virtio technologies. Virtio's basic structure framework is shown in FIG. 6: in which the front-end driver (frontend, such as virtio-blk, virtio-net, etc.) is the driver program module in the guest virtual machine, whereas the back-end driver module is implemented in QEMU. In the implementation of QEMU-KVM, the front-end driver is virtio-ct, and the back-end handler calls the cryptographic algorithm software implementation (using the OpenSSL package in virtio-ct) for the corresponding cryptographic computation.
The front-end and back-end drivers also define two layers to support communication between the guest virtual machine and QEMU, including a virtual queue (virtqueues) interface, which conceptually attaches the front-end driver to the back-end handler, which calls the lower-level virtio-ring so that the front-end driver and the back-end handler are in the same application binary interface (ABI: Application Binary Interface), can send and receive data from each other. Therefore, the virtual queue is treated as the convergence point between the guest virtual machine and the virtual machine monitor. Virtio-ct instantiated virtual queues can be divided into two categories by function: one for the virtual machine monitor and the guest virtual machine to pass between the device management message, and the other is used to pass the cryptographic service message. Each pair of virtual queues is connected to the virtual machine monitor and the guest virtual machine respectively, to support the guest virtual machine to send messages to the virtual machine monitor or to receive messages from it. Virtio-ring implements a ring buffer to hold execution information about the front-end and back-end handlers, and it can save multiple I/O requests for front-end drivers and deliver them to the back-end drivers for batch processing. In virtio-ct, the guest virtual machine dynamically applies for memory and sends the address through the PCI configuration interface to the virtual cryptographic device manager. The virtual cryptographic device manager obtains the virtual address of the memory area by adding an offset. The two parties can communicate through the shared memory area.
In contrast to conventional cryptographic computation in guest virtual machines, in virtio-ct, all the cryptographic computations are conducted in the virtual machine monitor. So even if an attacker has captured the guest virtual machine, it still cannot steal the cryptographic key. Thus cryptographic key security is accomplished in the virtualization environment.
Although the above-mentioned virtual cryptographic device solution solves the security problem of the cryptographic operation service to a certain extent, some problems still remain: the key file corresponding to the virtual cryptographic device is protected by the protection password, so when the guest virtual machine is started, the protection password input is required from the host side by an administrator responsible for the virtual cryptographic device. This does not provide convenient, user-friendly cryptographic service to the common users of the guest virtual machine, and cannot achieve centralized management. If the key file is stored in plain text, the administrator does not need to enter the protection password, but it cannot provide a secure cryptographic service. In view of the above described problems, there is a need for designing new systems and methods, which provides a unified, centralized management to the virtual cryptographic devices, and offers a user-friendly interface to the users of the virtual machines.