TC: Medium: Collaborative Research: Random Number Generation and Use in Virtualized Environments

TC：媒介：协作研究：虚拟化环境中的随机数生成和使用

• 批准号: 1065134
• 负责人: Michael Swift
• 金额: $ 74.91万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1065134&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Random

Hypervisors and virtualization simplify application and system deployment. The many benefits of virtualization have resulted in a headlong rush into a world where virtualization is ubiquitous. However, virtualization can break assumptions that applications and operating systems make about the platform. This research investigates an important case: the intersection of virtualization and random-number generators (RNGs). Strong randomization is requisite in today's computer security tools.Deployment of existing RNGs in virtualized settings introduces vulnerabilities. When RNGs fail, catastrophic attacks can be mounted on the the cryptographic services upon which modern information security relies. VM snapshots, which can be used to reset a VM and its contained applications, can cause RNGs to repeat outputs and break some encryption systems. Moreover, the environment presented by virtualization can degrade the quality of RNG outputs because entropy sources are virtual rather than physical hardware and hence lower quality.This research develops the theoretical and architectural foundations for the next generation of RNG designs and RNG-using mechanisms. The investigators quantify the scope of VM-introduced vulnerabilities using dynamic and static analysis of program source code. They develop new, secure RNG systems for use in VMs. Finally, the reserearch advances cryptographic theory by extending provable security techniques to better account for the realities of RNG deployment and use in virtualized settings.This work not only provides practical impact via stronger RNG systems but also opens up new directions in cryptographic theory in the important areas of generating and using randomness.

管理程序和虚拟化简化了应用程序和系统部署。虚拟化的许多好处导致奔向虚拟化无处不在的世界。但是，虚拟化可以破坏应用程序和操作系统对平台创造的假设。这项研究调查了一个重要案例：虚拟化和随机数发电机（RNGS）的相交。当今的计算机安全工具中，必需的强大随机化是必需的。虚拟化设置中现有RNG的部署引入了漏洞。当RNG失败时，可以将灾难性攻击安装在现代信息安全性依赖的加密服务上。可用于重置VM及其包含的应用程序的VM快照可能会导致RNG重复输出并破坏某些加密系统。此外，虚拟化提出的环境会降低RNG输出的质量，因为熵源是虚拟的而不是物理硬件，因此质量较低。这项研究为下一代RNG设计和RNG使用机制开发了理论和建筑基础。研究人员使用程序源代码的动态和静态分析量化了VM引入的漏洞的范围。他们开发了新的，安全的RNG系统，以用于VM。最后，重新研究通过扩展可验证的安全技术来更好地说明RNG部署和在虚拟化设置中的现实来提高加密理论。这项工作不仅通过更强的RNG系统提供了实践影响，而且还为生成和随机性的重要领域打开了加密理论的新方向。