Event Details

Full-stack security chain of trust and best practices in Cloud

Enterprise security is among top priority for CIOs due to ongoing threats from cyber-attacks and many are moving down the stack from software to hardware. High sensitivity workloads requires a secured full-stack platform. 

The application of trusted computing technology to enhance cloud infrastructure security has been recognized by industry. Since Folsom, OpenStack has begun integrating TXT/TPM feature to ensure a VM or workload can be run on a trusted compute pool. The dynamic nature of cloud workload (on-demand, high automation, etc) demands stringent requirements for the application of trusted compute technology. In order to provide trusted services to VM, virtual trusted root technology was introduced. Compare to pass-through mechanism, this solution adopts software-based device emulation technology to build vTPM which effectively resolve potential issues in VM migration, snapshot and other scenarios and also includes full lifecycle VM management.

What can I expect to learn?
  • 1. How to build vTPM based on software emulation, including the enhancement of libvirt, qemu, gestOS, etc.
  • 2. How does this vTPM construction method solve the data synchronization and data security problems with respect to the life cycle of virtual machine
  • 3. How is the vTPM construction method integrated with openstack to  meet the characteristics of cloud computing resource dynamics, on-demand services, automation, etc.
  • 4. The influence of this vTPM construction method on the performance and stability of virtual machine.
Tuesday, November 5, 5:00pm-5:10pm
Difficulty Level: Advanced
Inspur Electronic Information Industry Co.,Ltd, R&D Engineer
Work in Inspur Electronic Information Industry Co.,Ltd., Security Technology Department.Engaged in trusted computing, virtualization security and host security research and development. FULL PROFILE
I graduated from Zhengzhou University with a bachelor's degree in computer science and technology. I am currently a senior development engineer at Inspur. I am involved in OpenStack product development in the company. I am active in the community nova/cinder/glance project, mainly in-depth research on the nova project. FULL PROFILE