面向用户的可信云计算环境安全研究

Cloud Computing, which delivers massively scalable computing and storage resources as a service with a low cost, caused a revolutionary change for information technology acquisition and service model. However, Inherent to this model is the trustworthiness problem, which includes the security and privacy of the information. By using cloud computing, costumers loss control over their data, they do not know where their data is stored and processed in the cloud exactly. Therefore the trustworthiness of infrastructure and service becomes a significant hurdle for mainstream cloud adoption, especially in critical or sensitive scenarios. One approach to achieve trustworthy computations in cloud infrastructures is to adapt existing trusted computing solutions to the cloud computing paradigm or to use these solutions as building blocks in new cloud architecture models. In our work, we propose novel solution, a user-oriented Trusted Environment for Cloud Computing, by introducing Trusted Computing into Cloud Computing. Our solution enables organizations to maintain control of their information in the cloud and realize benefits of cloud computing. ..Firstly, we study the integrity protection and attestation method for a user domain, which is a set of cloud resources assigned to a user, and propose a 2-tier Virtual Trusted Root Model (2VTRM) and create Trusted Root Blocks (TRB) by the virtualization of a physical TPM dynamically. Based on the 2VTRM, we can build a user-oriented Trusted Cloud Infrastructure (uTCI), which makes the security of a user domain is visible and verifiable. And this, as well, solves the verifiability of the Virtual Machine (VM) simultaneously in Cloud Computing which has a plethora of VMs created dynamically...We then propose Dual-Trusted Root Model based on cryptology which merges trust from the information owner and cloud service provider to derive a root of trust (implement in the TRB) for a virtual machine on Cloud. Using The TRB, a user-oriented Trusted Private Virtual Environment (TPVE) is built, which make its security configurations can be control by the information owner. A formal description for Trusted Private VM in the TPVE is given, and the corresponding crypto-system of TPVE is deduced. Based on the crypto-system, we design a group of protocols for the VM which satisfies the flexible and scalable of the Cloud Computing. ..Finally, combining the TRB and the Chinese Wall model, we will propose a news concept, dynamic Divided-Set, which is a collection of elements among that there is no conflicts of interest. A Flexible Access Control Model, dynamic Divided-Set based Chinese Wall model, was proposed as well. Building this model between virtual domains in the Cloud will control the information flow between virtual machines with privacy.

云计算引起信息技术的获取与服务模式发生革命性变革，它以Internet技术为基础提供高性能计算资源服务和大规模的廉价共享资源。然而由于用户在使用云服务时失去对其数据的控制而带来的安全问题，成为云计算商业化应用的主要障碍。本项申请将可信计算技术应用于云计算基础结构中，（1）探索云平台上信任链的传递机制，研究云平台中基于用户域的平台完整性保护与验证方法，设计由多虚拟机构成的可信云基础设施；（2）研究用户信任源向虚拟机传递机制，设计基于双信任源（用户和云平台）的可信虚拟根模型，重点解决用户信任向云平台传递的问题，实现用户对云平台上虚拟计算环境的安全可控性；（3）研究云计算中信息流控制问题，基于虚拟可信根提出分集的概念，设计基于动态分集的柔性访问控制模型，探讨实现虚拟机间信息流安全交互的方法。

本项研究将可信计算技术应用于云计算基础结构中，研究将用户可信根与云平台可信根相融合，旨在为用户提供用户安全可配置（可控）、安全功能可验证（可视）的虚拟计算环境。研究主要从以下四个方面进行。.（1）提出基于可信计算技术的可信云基础设施架构。.本研究以可信根为信任引擎，研究云平台信任引擎与用户信任引擎相融合的方法，设计出面向用户的虚拟可信根，从而构建用户安全策略可控、安全配置可视的虚拟计算环境；利用无干扰理论从进程、虚拟机和虚拟环境三个层次形式化分析证明面向用户的可信虚拟环境的安全性与可信性，在此基础上给出实现面向用户的虚拟可信根的指导规则。 .（2）提出基于软件定义网络的可信域数据通信模型，实现用户数据通信的可信性。.本项研究将用户的所有虚拟机和接入终端看成一个可信域。引用SDN技术指定数据安全控制机制，设计基于标识的数据交互模型，通过构建基于SDN的用户数据隔离与通信模型、基于密码标识的数据通信模型、基于SDN的数据控制策略模型等技术，实现云平台及云平台与云客户端的信息流动的安全性。.（3）提出基于多云服务的数据分割-冗余存储模型，实现用户云服务的持续可靠性。.本项研究将云用户客户端与多个云服务关联，建立二级云服务模型，根据对云端可信环境的安全配置可控性、安全配置的可视性、云服务商的服务能力以及数据自身安全性等级等指标，设计了具有USB/SPI接口模式的安全认证管理模块—云盘，提出将用户数据分割-冗余的存储模型，通过该模型将用户数据存储到多个云平台，实现云服务的可靠性和安全性。.（4）提出基于云-端-人-系统多重认证与防护模型，云服务的盗用与滥用。.本项研究基于车联网自动驾驶对云客户端的安全需求，提出客户端与用户、软件与客户端硬件、云端与客户端的多重认证模型，采用云盘模块实现人-客户端硬件-软件-云端的四重认证机制，防止用户对客户端、云服务的滥用与盗用。