TC: Medium: Collaborative Research: Random Number Generation and Use in Virtualized Environments

TC：媒介：协作研究：虚拟化环境中的随机数生成和使用

• 批准号: 1065288
• 负责人: Yevgeniy Dodis
• 金额: $ 44.99万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1065288&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Random

Hypervisors and virtualization simplify application and system deployment. The many benefits of virtualization have resulted in a headlong rush into a world where virtualization is ubiquitous. However, virtualization can break assumptions that applications and operating systems make about the platform. This research investigates an important case: the intersection of virtualization and random-number generators (RNGs). Strong randomization is requisite in today's computer security tools.Deployment of existing RNGs in virtualized settings introduces vulnerabilities. When RNGs fail, catastrophic attacks can be mounted on the the cryptographic services upon which modern information security relies. VM snapshots, which can be used to reset a VM and its contained applications, can cause RNGs to repeat outputs and break some encryption systems. Moreover, the environment presented by virtualization can degrade the quality of RNG outputs because entropy sources are virtual rather than physical hardware and hence lower quality.This research develops the theoretical and architectural foundations for the next generation of RNG designs and RNG-using mechanisms. The investigators quantify the scope of VM-introduced vulnerabilities using dynamic and static analysis of program source code. They develop new, secure RNG systems for use in VMs. Finally, the reserearch advances cryptographic theory by extending provable security techniques to better account for the realities of RNG deployment and use in virtualized settings.This work not only provides practical impact via stronger RNG systems but also opens up new directions in cryptographic theory in the important areas of generating and using randomness.

虚拟机管理程序和虚拟化简化了应用程序和系统部署。虚拟化的诸多好处导致人们一头扎进了虚拟化无处不在的世界。但是，虚拟化可以打破应用程序和操作系统对平台的假设。本研究调查了一个重要的情况下：虚拟化和随机数发生器（RNG）的交集。强随机性是当今计算机安全工具的必要条件。在虚拟化设置中部署现有的RNG会引入漏洞。当RNG失败时，灾难性的攻击可能会对现代信息安全所依赖的加密服务进行攻击。虚拟机快照可用于重置虚拟机及其包含的应用程序，可能会导致RNG重复输出并破坏某些加密系统。此外，虚拟化环境可以降低RNG输出的质量，因为熵源是虚拟的，而不是物理硬件，因此降低quality.This研究开发的理论和架构基础，为下一代的RNG设计和RNG使用机制。调查人员使用程序源代码的动态和静态分析来量化VM引入的漏洞的范围。他们开发新的、安全的RNG系统，用于VM。最后，本研究通过扩展可证明安全技术来更好地解释RNG在虚拟化环境中部署和使用的现实，从而推进了密码理论，这项工作不仅通过更强大的RNG系统提供了实际影响，而且还在生成和使用随机性的重要领域开辟了密码理论的新方向。