An Improved Method of TPM Access Control Based on Xen

Aimed at solving the problem that TPM access was threatened by attacks such as replay attack and substitution attack, an improved method of TPM access control was proposed.First, TPM long term access control function was established.Extra authorization data was created to continue authorization session after finishing the process.Meanwhile, TPM address was related with an ID of Domain U to protect TPM address form substitution attack.Then, TPM shared ownership function was established, allowing plural Domain Us to use the same TPM address and preventing from the deadlock.Sensitive data was protected against attack because shared address was not rewritable.Finally, this method was implemented based on Xen and its performance was evaluated.Experiments results verified the feasibility and the effectiveness of this method and the overhead of TPM access was within the acceptable range.