Search

CN-121979615-A - Method for migrating confidential virtual machine

CN121979615ACN 121979615 ACN121979615 ACN 121979615ACN-121979615-A

Abstract

A method for migrating a confidential virtual machine comprises the steps of constructing a first role by a first middleware on a first party and constructing a second role on a second party, negotiating a first transmission key with a first TEE firmware of the first party through the first role, negotiating a second transmission key with a second TEE firmware of the second party through the second role, encrypting a first plaintext memory page obtained by decrypting a first encrypted memory page of the first confidential virtual machine through the first TEE key by the first party, sending the obtained first encryption result to the first middleware through the first transmission key, decrypting the first encryption result through the first transmission key by the first middleware, sending the obtained second encryption result to the second party through the second transmission key by the first middleware, decrypting the second encryption result through the second transmission key by the second party, encrypting the restored first plaintext memory page through the second TEE key, and obtaining a second encrypted memory page of the second confidential virtual machine heterogeneous with the first confidential virtual machine by the second party.

Inventors

  • ZHANG YINQIAN
  • CAI JIANQUAN
  • LIU SHUANG
  • ZHAO CHAN

Assignees

  • 南方科技大学
  • 浙江蚂蚁密算科技有限公司

Dates

Publication Date
20260505
Application Date
20251231

Claims (11)

  1. 1. A method of migrating a confidential virtual machine, comprising: a first middleware connected with a first party and a second party participating in migration, constructing a first role at the first party, and constructing a second role at the second party; negotiating a first transmission key with a first TEE firmware of a first party through a first role, and negotiating a second transmission key with a second TEE firmware of a second party through a second role; The first party decrypts a first encrypted memory page of the first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, encrypts the first plaintext memory page through a first transmission key to obtain a first encryption result, and sends the first encryption result to a first middleware; The first middleware decrypts the first encryption result through the first transmission key, restores the first plaintext memory page, encrypts the restored first plaintext memory page through the second transmission key, obtains a second encryption result, and sends the second encryption result to the second party; The second party decrypts a second encryption result through a second transmission key, restores a first plaintext memory page, encrypts the first plaintext memory page through a second TEE key corresponding to a second confidential virtual machine of the second party, and obtains a second encrypted memory page for running the second confidential virtual machine, wherein the first confidential virtual machine is heterogeneous with the second confidential virtual machine.
  2. 2. The method of claim 1, wherein the first middleware builds a first role at a first party and a second role at a second party, comprising the first middleware builds the first role at the first party based on a first root of trust that matches the first party, and builds the second role at the second party based on a second root of trust that matches the second party.
  3. 3. The method of claim 1, wherein the first persona is a platform owner persona of a first TEE platform to which the first TEE firmware belongs and the second persona is a platform owner persona of a second TEE platform to which the second TEE firmware belongs.
  4. 4. The method of claim 1, wherein the first TEE firmware is configured on a first host owned by the first party, the first host further having a first virtual machine monitor configured thereon; the first party decrypts the first encrypted memory page in the first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, encrypts the first plaintext memory page through a first transmission key to obtain a first encryption result, and sends the first encryption result to a first middleware, including: The first party decrypts a first encrypted memory page in a first confidential virtual machine according to a first TEE key corresponding to the first confidential virtual machine on a first host through the first TEE firmware to obtain a first plaintext memory page, and encrypts the first plaintext memory page through a first transmission key to obtain a first encryption result; The first TEE firmware sends the first encryption result to a first virtual machine monitor on the first host machine, and the first virtual machine monitor sends the obtained first encryption result to a first middleware.
  5. 5. The method of claim 4, wherein the second TEE firmware is configured on a second host owned by the second party, the second host further having a second virtual machine monitor configured thereon; The first middleware decrypts a first encryption result through a first transmission key, restores a first plaintext memory page, encrypts the restored first plaintext memory page through a second transmission key to obtain a second encryption result, sends the second encryption result to the second party, decrypts the second encryption result through the second transmission key, restores the first plaintext memory page, encrypts the first plaintext memory page through a second TEE key corresponding to the second confidential virtual machine of the second party, and obtains a second encrypted memory page for running the second confidential virtual machine, and the method comprises the following steps: The first middleware decrypts the first encryption result through the first transmission key, restores the first plaintext memory page, encrypts the restored first plaintext memory page through the second transmission key, obtains a second encryption result, and sends the second encryption result to the second virtual machine monitor; The second TEE firmware decrypts the first encryption result through a second transmission key, restores the first plaintext memory page, encrypts the first plaintext memory page according to a second TEE key corresponding to a second confidential virtual machine on a second host, and obtains a second encrypted memory page, wherein the second encrypted memory page is used for running the second confidential virtual machine.
  6. 6. The method of claim 1, wherein the first confidential virtual machine is heterogeneous with the second confidential virtual machine, comprising: the first and second confidential virtual machines operate based on different processor architectures, or the first and second confidential virtual machines operate based on different TEE mechanisms under the same processor architecture.
  7. 7. The method of claim 1, wherein the first middleware operates in a TEE environment configured on an intermediary device not belonging to the first and second parties.
  8. 8. A method of migrating a confidential virtual machine, the method performed by a first middleware connected to a first party and a second party involved in migration, the method comprising: Constructing a first role in a first party, constructing a second role in a second party, negotiating a first transmission key with a first TEE firmware of the first party through the first role, and negotiating a second transmission key with a second TEE firmware of the second party through the second role; The method comprises the steps of obtaining a first encryption result sent by a first party, wherein the first encryption result is generated by the first party through the following steps of decrypting a first encryption memory page of a first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, and encrypting the first plaintext memory page through a first transmission key to obtain a first encryption result; Decrypting the first encryption result through the first transmission key, restoring the first plaintext memory page, encrypting the restored first plaintext memory page through the second transmission key to obtain a second encryption result, sending the second encryption result to a second party for the second party, decrypting the second encryption result through the second transmission key, restoring the first plaintext memory page, encrypting the first plaintext memory page through a second TEE key corresponding to a second confidential virtual machine of the first party, and obtaining a second encrypted memory page for running the second confidential virtual machine, wherein the first confidential virtual machine is heterogeneous with the second confidential virtual machine.
  9. 9. A middleware for interfacing with a first party and a second party participating in a confidential virtual machine migration, the middleware comprising: A construction unit configured to construct a first role in a first party, construct a second role in a second party, negotiate a first transmission key with a first TEE firmware of the first party through the first role, and negotiate a second transmission key with a second TEE firmware of the second party through the second role; The acquisition unit is configured to acquire a first encryption result sent by a first party, wherein the first encryption result is generated by the first party through the following processes of decrypting a first encryption memory page of a first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, and encrypting the first plaintext memory page through a first transmission key to obtain a first encryption result; The processing unit is configured to decrypt the first encryption result through the first transmission key, restore the first plaintext memory page, encrypt the restored first plaintext memory page through the second transmission key to obtain a second encryption result, send the second encryption result to a second party for the second party, decrypt the second encryption result through the second transmission key, restore the first plaintext memory page, encrypt the first plaintext memory page through a second TEE key corresponding to the second confidential virtual machine of the second party, and obtain a second encrypted memory page for running the second confidential virtual machine, wherein the first confidential virtual machine is heterogeneous with the second confidential virtual machine.
  10. 10. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-9.
  11. 11. A computing device comprising a memory having executable code stored therein and a processor, which when executing the executable code, implements the method of any of claims 1-9.

Description

Method for migrating confidential virtual machine Technical Field One or more embodiments of the present specification relate to the field of trusted computing and virtual machine technology, and more particularly, to a method of migrating a confidential virtual machine. Background Virtual machine Live Migration (Live Migration) is a technique that migrates an operating virtual machine from one physical host to another physical host and continues to operate without interrupting the operation of the virtual machine. The confidential virtual machine (Confidential Virtual Machine, CVM) is a virtualization technology for protecting confidentiality of data in a virtual machine by using TEE (Trusted Execution Environment) technology, and even if, for example, a cloud platform manager, a host manager, or a malicious program acquires control rights of the host machine, the data in the virtual machine cannot be snooped at will. The migration scheme for the normal virtual machine (Normal Virtual Machine, NVM) is difficult to use for migration of the confidential virtual machine, as the confidential virtual machine is protected by TEE technology. Disclosure of Invention Embodiments in the present specification aim to provide a method for migrating a confidential virtual machine, which can securely transfer a memory page of the confidential virtual machine between a source party and a target party by using a middleware as an intermediary terminal through a transfer key between the middleware and the source party and a transfer key between the middleware and the target party. Furthermore, the problem that the source party and the target party heterogeneous in the TEE environment cannot pass through the role authentication mechanism of the two parties and cannot negotiate the transmission key between the two parties due to the unmatched trust root and the negotiation key algorithm, so that the memory data of the confidential virtual machine cannot be transmitted between the two parties safely is solved, and the defects in the prior art are overcome. According to a first aspect, there is provided a method of migrating a confidential virtual machine, comprising: a first middleware connected with a first party and a second party participating in migration, constructing a first role at the first party, and constructing a second role at the second party; negotiating a first transmission key with a first TEE firmware of a first party through a first role, and negotiating a second transmission key with a second TEE firmware of a second party through a second role; The first party decrypts a first encrypted memory page of the first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, encrypts the first plaintext memory page through a first transmission key to obtain a first encryption result, and sends the first encryption result to a first middleware; The first middleware decrypts the first encryption result through the first transmission key, restores the first plaintext memory page, encrypts the restored first plaintext memory page through the second transmission key, obtains a second encryption result, and sends the second encryption result to the second party; The second party decrypts a second encryption result through a second transmission key, restores a first plaintext memory page, encrypts the first plaintext memory page through a second TEE key corresponding to a second confidential virtual machine of the second party, and obtains a second encrypted memory page for running the second confidential virtual machine, wherein the first confidential virtual machine is heterogeneous with the second confidential virtual machine. In one possible implementation, wherein the first middleware builds a first role at a first party and a second role at a second party, the first middleware builds the first role at the first party based on a first trust root matching the first party, and builds the second role at the second party based on a second trust root matching the second party. In one possible implementation, the first role is a platform owner role of a first TEE platform to which the first TEE firmware belongs, and the second role is a platform owner role of a second TEE platform to which the second TEE firmware belongs. In one possible implementation, the first TEE firmware is configured on a first host owned by the first party, and a first virtual machine monitor is further configured on the first host; the first party decrypts the first encrypted memory page in the first confidential virtual machine through a first TEE key corresponding to the first confidential virtual machine to obtain a first plaintext memory page, encrypts the first plaintext memory page through a first transmission key to obtain a first encryption result, and sends the first encryption result to a first middleware, including: The first party decrypts a firs