{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:11:23Z","timestamp":1760112683697,"version":"build-2065373602"},"reference-count":21,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2024,8,7]],"date-time":"2024-08-07T00:00:00Z","timestamp":1722988800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2023YFB3107605"],"award-info":[{"award-number":["2023YFB3107605"]}]},{"name":"Key Laboratory of Trusted Distributed Computing and Services, Ministry of Education (Beijing University of Posts and Telecommunications)","award":["2023YFB3107605"],"award-info":[{"award-number":["2023YFB3107605"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Cloud computing, as the most widely applied and prominent domain of distributed systems, has brought numerous advantages to users, including high resource sharing efficiency, strong availability, and excellent scalability. However, the complexity of cloud computing environments also introduces various risks and challenges. In the current landscape with numerous cloud service providers and diverse hardware configurations in cloud environments, addressing challenges such as establishing trust chains, achieving general-purpose virtual remote attestation, and ensuring secure virtual machine migration becomes a crucial issue that traditional remote attestation architectures cannot adequately handle. Confronted with these issues in a heterogeneous multi-cloud environment, we present a targeted solution\u2014a secure migration-enabled generic virtual remote attestation architecture based on improved TEE. We introduce a hardware trusted module to establish and bind with a Virtual Root of Trust (VRoT), addressing the challenge of trust chain establishment. Simultaneously, our architecture utilizes the VRoT within TEE to realize a general-purpose virtual remote attestation solution across heterogeneous hardware configurations. Furthermore, we design a controller deployed in the trusted domain to verify migration conditions, facilitate key exchange, and manage the migration process, ensuring the security and integrity of virtual machine migration. Lastly, we conduct rigorous experiments to measure the overhead and performance of our proposed remote attestation scheme and virtual machine secure migration process. The results unequivocally demonstrate that our architecture provides better generality and migration security with only marginal overhead compared to other traditional remote attestation solutions.<\/jats:p>","DOI":"10.3390\/info15080470","type":"journal-article","created":{"date-parts":[[2024,8,7]],"date-time":"2024-08-07T08:42:28Z","timestamp":1723020148000},"page":"470","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Elevating Security in Migration: An Enhanced Trusted Execution Environment-Based Generic Virtual Remote Attestation Scheme"],"prefix":"10.3390","volume":"15","author":[{"given":"Jie","family":"Yuan","sequence":"first","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yinghua","family":"Shen","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rui","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8063-1103","authenticated-orcid":false,"given":"Xinghai","family":"Wei","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6559-9745","authenticated-orcid":false,"given":"Dongxiao","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,7]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1422","DOI":"10.1109\/TDSC.2022.3154887","article-title":"A Software-Based Remote Attestation Scheme for Internet of Things Devices","volume":"20","author":"Cao","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2954","DOI":"10.1109\/TDSC.2022.3193106","article-title":"FeSA: Automatic Federated Swarm Attestation on Dynamic Large-Scale IoT Devices","volume":"20","author":"Kuang","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"3123","DOI":"10.1109\/TIFS.2020.2983282","article-title":"SARA: Secure asynchronous remote attestation for IoT systems","volume":"15","author":"Dushku","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_4","unstructured":"Nunes, I.D.O., Eldefrawy, K., Rattanavipanon, N., Steiner, M., and Tsudik, G. (2019, January 14\u201316). {VRASED}: A Verified {Hardware\/Software}{Co-Design} for Remote Attestation. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_5","unstructured":"Nunes, I.D.O., Dessouky, G., Ibrahim, A., Rattanavipanon, N., Sadeghi, A.R., and Tsudik, G. (2019, January 7\u20139). Towards systematic design of collective remote attestation protocols. Proceedings of the 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), Dallas, TX, USA."},{"key":"ref_6","unstructured":"Perez, R., Sailer, R., and van Doorn, L. (August, January 31). vTPM: Virtualizing the trusted platform module. Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11704-019-9096-y","article-title":"A survey of Intel SGX and its applications","volume":"15","author":"Zheng","year":"2021","journal-title":"Front. Comput. Sci."},{"key":"ref_8","first-page":"1450","article-title":"Strengthening VM isolation with integrity protection and more","volume":"53","year":"2020","journal-title":"White Pap. January"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Cheng, P.C., Ozga, W., Valdez, E., Ahmed, S., Gu, Z., Jamjoom, H., Franke, H., and Bottomley, J. (2023). Intel TDX Demystified: A Top-Down Approach. arXiv.","DOI":"10.1145\/3652597"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Narayanan, V., Carvalho, C., Ruocco, A., Alm\u00e1si, G., Bottomley, J., Ye, M., Feldman-Fitzthum, T., Buono, D., Franke, H., and Burtsev, A. (2023). Remote attestation of SEV-SNP confidential VMs using e-vTPMs. arXiv.","DOI":"10.1145\/3627106.3627112"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"102300","DOI":"10.1016\/j.cose.2021.102300","article-title":"Remote attestation and integrity measurements with Intel SGX for virtual machines","volume":"106","author":"Kucab","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Cheng, J., Zhang, K., and Tu, B. (2021, January 20\u201322). Remote Attestation of Large-scale Virtual Machines in the Cloud Data Center. Proceedings of the 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China.","DOI":"10.1109\/TrustCom53373.2021.00041"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ozga, W., and Fetzer, C. (2021, January 5\u201311). TRIGLAV: Remote Attestation of the Virtual Machine\u2019s Runtime Integrity in Public Clouds. Proceedings of the 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), Chicago, IL, USA.","DOI":"10.1109\/CLOUD53861.2021.00013"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"711","DOI":"10.1109\/TC.2020.2995638","article-title":"Vise: Combining intel sgx and homomorphic encryption for cloud industrial control systems","volume":"70","author":"Coppolino","year":"2020","journal-title":"IEEE Trans. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3291047","article-title":"Demystifying arm trustzone: A comprehensive survey","volume":"51","author":"Pinto","year":"2019","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Birkholz, H., Thaler, D., Richardson, M., Smith, N., and Pan, W. (2023, January 01). Remote ATtestation procedureS (RATS) Architecture. RFC 9334. Available online: https:\/\/www.rfc-editor.org\/info\/rfc9334.","DOI":"10.17487\/RFC9334"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1016\/j.comnet.2018.01.039","article-title":"AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS","volume":"134","author":"Feng","year":"2018","journal-title":"Comput. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"De Oliveira Nunes, I., Jakkamsetti, S., Rattanavipanon, N., and Tsudik, G. (2021, January 15\u201319). On the TOCTOU problem in remote attestation. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event.","DOI":"10.1145\/3460120.3484532"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1038\/s41928-020-0372-5","article-title":"Physical unclonable functions","volume":"3","author":"Gao","year":"2020","journal-title":"Nat. Electron."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Schwarz, M., Lipp, M., Moghimi, D., Van Bulck, J., Stecklina, J., Prescher, T., and Gruss, D. (2019, January 11\u201315). ZombieLoad: Cross-privilege-boundary data sampling. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354252"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"5048","DOI":"10.1109\/TCSI.2023.3298913","article-title":"PMU-Spill: A New Side Channel for Transient Execution Attacks","volume":"70","author":"Qiu","year":"2023","journal-title":"IEEE Trans. Circuits Syst. I Regul. Pap."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/8\/470\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:31:20Z","timestamp":1760110280000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/8\/470"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,7]]},"references-count":21,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2024,8]]}},"alternative-id":["info15080470"],"URL":"https:\/\/doi.org\/10.3390\/info15080470","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2024,8,7]]}}}