為了滿足電腦使用者對於資料安全的需求，世界各國的公司組成了一個可信任運算組織(Trusted Computing Group)專門制定各種安全標準，其中對於可信任的平台制定了可信任平台模組(Trusted Platform Module)，以此開發的晶片做為可信任基礎，確保平台的完整性以及可信性，進而能夠保護系統上其他元件與資料的完整性。
隨著雲端運算的快速發展，各種不同的應用如雨後春筍般冒出，來自各方的新創公司與使用者更是源源不絕的投入雲端市場。雲端服務的提供商為了滿足眾多使用者的需求，必須不斷增加自己的硬體設備，並透過虛擬化的技術來調整所提供的資源。為了讓使用者在雲端環境中也能使用可信任平台模組的功能，所以近年發展了虛擬的可信任平台模組(virtual TPM)，讓同一台實體機器上的虛擬機都能享有TPM帶來的好處。
因為負載平衡、系統升級或資源調配等等軟體或硬體的原因，虛擬機需要在不同的主機之間遷移，以達到最好的運用。對於使用vTPM的虛擬機，在遷移時需要將虛擬機與vTPM一同做遷移。為了保持虛擬機在遷移的每個階段都是安全的，遷移時需要建立安全通訊管道，並確認遷移的目的端是否為可信任的，保護用戶資料的安全。
目前的通訊協定在遷移時只能做到二元的判斷，對於遷移的環境沒有更詳細的檢查，由於被遷移的虛擬機可能會需要較良好的安全性，把虛擬機遷移至舊版存有漏洞的系統環境下，則會對該虛擬機的安全性造成危害。若是在遷移時能對於遷移的環境有精細的確認，比如使用的系統、版本或地點，則可以對虛擬機的安全有較安全的保障。
本論文提出一安全VM-vTPM遷移機制，對於在雲端環境使用vTPM的使用者不需擔心VM的安全等級下降。在新主機加入時會對其各方面的屬性做確認，並給予相對應的基於屬性的加密金鑰。在遷移的過程中，會使用該金鑰對遷移的目的端進行驗證，確保目的端不僅是可信任的一方，所達到的安全等級也滿足遷移來源端的要求。

Trusted Computing Group formed by international industries develops specifications for security problems, including specification of Trusted Platform Module (TPM). Platforms built on TPM could treat it as the base of trusted computing, and then protect data confident and integrity on the platform.
Cloud computing developed rapidly in recent years. There are a lot of companies, developers and users join this market. Fulfilling the massive requirements from client, cloud service providers would expand the hardware resources and use virtualization technology to reach maximum usage of these resources. The virtualization technology for TPM, called virtual TPM, provides trusted computing for every virtual machine on the same platform.
VMs would be migrated between different hosts for load balancing, system upgrade and other reasons. The virtual machines which have vTPM need to be migrated together. In order to keep the security of the VM and vTPM, there is need to build a secure channel and check the destination authority before migration.
Current migration protocols only check the destination of migration can be trusted or not. The platform of destination runs an old and vulnerable system decreases the secure requirements of the VM migrated to the platform. It should check the property of platform before migration.
In this paper, we propose a secure VM-vTPM migration protocol for keep VM secure level after migration. Before a new hosts join to the cloud service, its property would be checked and given a property-based key. In the migration stage, platform of the source would use the key to verify the platform of destination is fulfilled of the secure level.

[1] Trusted Computing Group http://www.trustedcomputinggroup.org/
[2] TPM Main Specification Level 2 Version 1.2, Revision 116
[3] G. J. Popek and R. P. Goldberg. “Formal requirements for virtualizable third generation architectures”. ACM Symposium on Operating System Principles, pp. 121, 1973.
[4] S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. “vtpm: Virtualizing the trusted platform module”. USENIX Security Symposium, pp. 305-320, 2006.
[5] F. Stumpf and C. Eckert. “Enhancing trusted platform modules with hardware-based virtualization techniques”. International Conference on Emerging Security Information, Systems and Technologies, pp. 1–9, 2008.
[6] P. England and J. Loeser. “Para-virtualized TPM sharing”. International conference on Trusted Computing and Trust in Information Technologies, pp. 119-132, 2008.
[7] A. Sadeghi, C. Stüble, and M. Winandy. “Property-based TPM virtualization”, International conference on Information Security, pp. 1-16, 2008.
[8] V. Goyal, O. Pandey, A. Sahai, and B. Waters. “Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data”. ACM conference on Computer and Communications Security, 2006.
[9] Amazon Elastic Compute Cloud http://aws.amazon.com/ec2/
[10] Microsoft Windows Azure http://azure.microsoft.com/zh-tw/
[11] M. Pearce, S. Zeadally, and R. Hunt. “Virtualization: Issues, security threats, and solutions”. ACM Computing Surveys, Vol. 45, no. 2, pp. 17:1-17:39, March 2013.
[12] C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt and A. Warfield. “Live Migration of Virtual Machines”. Symposium on Networked Systems Design & Implementation, Vol. 2,pp. 273-286, 2005
[13] B. Danev, R. Masti, G. Karame and S. Capkun. “Enabling secure VM-vTPM migration in private clouds”. Annual Computer Security Applications Conference, pp. 187-196, 2011
[14] J. Oberheide, E. Cooke and F. Jahanian. “Exploiting live virtual machine migration”. Black Hat DC, Washington DC, February 2008.
[15] R. Anand , R. Regan and S. Sarswathi. ” Security issues in virtualization environment”. International Conference on Radar, Communication and Computing, pp. 254-256, 2012.
[16] P. Sharma, S. K. Sood and S. Kaur. “Security Issues in Cloud Computing”, Communications in Computer and Information Science, Vol. 169, pp. 36-45, 2011.
[17] TCG software stack http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification
[18] Xen Source Repositories http://xenbits.xensource.com/
[19] H. Stamer and M. Strasser.“A Software-Based Trusted Platform Module Emulator”. Trusted Computing - Challenges and Applications, Vol. 4968, pp. 33-47, Austria, 2008.
[20] S. Gujrathi. “Heartbleed Bug: An OpenSSL Heartbeat Vulnerability”. International Journal of Computational Science and Engineering, Vol2, pp. 61-64, 2014.
[21] F. Sabahi. “Cloud computing security threats and responses”. International Conference on Communication Software and Networks, pp. 245-249, 2011.
[22] H. C. Lim, S. Babu, J. S. Chase and S. S. Parekh. “Automated control in cloud computing: challenges and opportunities”. Automated control for datacenters and clouds, pp. 13-18, 2009.
[23] R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka and J. Molina. “Controlling data in the cloud: outsourcing computation without outsourcing control”. ACM workshop on Cloud computing security, pp. 85-90, 2009.
[24] A. Almutairi, M. Sarfraz, S. Basalamah, W.G. Aref and A. Ghafoor. “A Distributed Access Control Architecture for Cloud Computing”. Software, IEEE, Vol. 29, pp. 36-44, 2012.
[25] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt and A. Warfield. “Xen and the art of virtualization”. ACM Symposium on Operating Systems Principles, Vol. 37, pp. 164-177, 2003.
[26] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum and E. W. Felten. “Lest we remember: cold-boot attacks on encryption keys”. Communications of the ACM - Security in the Browser, Vol. 52, pp. 91-98, 2009.
[27] TCG Software Stack (TSS) Specification, Version 1.2. http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification
[28] TCG Architecture Overview, Version 1.4. http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14
[29] R. Sailer, X. Zhang, T. Jaejer and L. Van Doorn. “Design and Implementation of a TCG-based Integrity Measurement Architecture”. USENIX Security Symposium, Vol13, pp. 16, 2004.
[30] Setting up TPM protected certificates using a Microsoft Certificate Authority. http://blogs.technet.com/b/pki/archive/2014/06/05/setting-up-tpm-protected-certificates-using-a-microsoft-certificate-authority-part-1-microsoft-platform-crypto-provider.aspx
[31] A Guide to Hardware-Based Endpoint Security. http://www.trustedcomputinggroup.org/resources/how_to_use_the_tpm_a_guide_to_hardwarebased_endpoint_security
[32] Direct Anonymous Attestation. http://www.zurich.ibm.com/security/daa/