可信云计算中的多级管理机制研究

doi:10.3969/j.issn.1671-1122.2015.07.004

信息网络安全 ›› 2015, Vol. 15 ›› Issue (7): 20-25.doi: 10.3969/j.issn.1671-1122.2015.07.004

可信云计算中的多级管理机制研究

马威(), 韩臻, 成阳

北京交通大学计算机与信息技术学院,北京100044

收稿日期:2015-06-10 出版日期:2015-07-01 发布日期:2015-07-28
作者简介:
作者简介：马威（1985-）,男,河南,博士研究生,主要研究方向：可信计算、云计算;韩臻（1962-）,男,浙江,博士生导师,教授,主要研究方向：可信计算、信息安全体系结构;成阳（1981-）,女,江西,硕士研究生,主要研究方向：云计算。
基金资助:
国家自然科学基金[60973112];高等学校博士学科点专项科研基金[20120009110007];2012年铁道部科技研究开发计划[2012X010-B]

Research on Multi-Level Management Mechanism in Trusted Cloud Computing

Wei MA(), Zhen HAN, Yang CHENG

School of Computer and Information Technology of Beijing Jiaotong University, Beijing100044, China

Received:2015-06-10 Online:2015-07-01 Published:2015-07-28

摘要/Abstract

摘要：

在云计算飞速发展的同时,云计算安全也得到了很多关注。云安全联盟指出的云计算面临的风险,主要包括数据中心安全、事件响应、应用程序安全、密钥管理、认证和访问控制、虚拟化层安全以及灾备和业务一致性等。由于云计算和传统IT服务的不同,云计算服务提供商必须通过向用户证明其服务的安全性来获取用户的信任,因此云计算本身是一个可信计算模型,而增加服务透明度则是一项云计算服务提供商应当采取的基本措施。文章提出了一种可信云计算中的多级管理机制,使用该机制能够有效提高云计算服务的透明度,从而使用户可以参与到对自己的服务和数据的管理中,进而提高用户对云计算服务的信心;同时该机制也可以有效降低云服务提供商的运维负担。

关键词: 可信计算, 云计算, 多级管理, 可信云

Abstract:

More and more attentions are paid to security issues in cloud computing with the rapid development of cloud computing. The CSA (Cloud Security Alliance) pointed out that the risks of Cloud computing, mainly includes data center security and incident response, application security, key management, authentication and access control, the virtualization layer security, and disaster preparedness and business consistency, etc. There are a lot of differences between cloud computing and traditional IT services, so cloud computing service providers must gain the trust from clients by providing the safety of the service provided by them. Hence, cloud computing is constitutionally a trusted computing model. And it would be a fundamental approach to enhance the transparency of the service. This paper proposes a multi-level management mechanism for intrusted cloud computing. This mechanism is able to enhance the transparency of cloud computing so that the clients can get involved into the management of their own data and services. Meanwhile, this mechanism would improve the conﬁdence of clients for the cloud computing service and reduce the operation and maintenance overhead of the cloud service provider.

Key words: trusted computing, cloud computing, multi-level management, trusted cloud

中图分类号:

TP309

马威, 韩臻, 成阳. 可信云计算中的多级管理机制研究[J]. 信息网络安全, 2015, 15(7): 20-25.

Wei MA, Zhen HAN, Yang CHENG. Research on Multi-Level Management Mechanism in Trusted Cloud Computing[J]. Netinfo Security, 2015, 15(7): 20-25.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 23

[1]	Jansen W, Grance T.Guidelines on security and privacy in public cloud computing[J]. NIST special publication, 2011, (800): 144.
[2]	Mell P, Grance T.The NIST definition of cloud computing[J]. 2011, (6): 20-23.
[3]	Brunette G, Mogull R.Security guidance for critical areas of focus in cloud computing v2. 1[J]. Cloud Security Alliance, 2009: 1-76.
[4]	Wüllenweber K, Weitzel T.An empirical exploration of how process standardization reduces outsourcing risks[C]//System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on. IEEE, 2007: 240c-240c.
[5]	Ho C.Incomplete Thought—Cloudanatomy: Infrastructure, Metastructure & Infostructure[J]. 2009, (2): 59-64.
[6]	Peterson G.Don't Trust. And Verify: A Security Architecture Stack for the Cloud[J]. IEEE Security & Privacy, 2010 (5): 83-86.
[7]	Kaufman L M.Can a trusted environment provide security?[J]. Security & Privacy, IEEE, 2010, 8(1): 50-52.
[8]	Santos N, Gummadi K P, Rodrigues R.Towards trusted cloud computing[C]//Proceedings of the 2009 conference on Hot topics in cloud computing. 2009: 3.
[9]	Berger S, Cáceres R, Pendarakis D, et al.TVDc: managing security in the trusted virtual datacenter[J]. ACM SIGOPS Operating Systems Review, 2008, 42(1): 40-47.
[10]	Berger S, Cáceres R, Goldman K, et al. Security for the cloud infrastructure: Trusted virtual data center implementation[J]. IBM Journal of Research and Development, 2009, 53(4): 6: 1-6: 12.
[11]	Perez R, Sailer R, van Doorn L. vTPM: virtualizing the trusted platform module[C]//Proc. 15th Conf. on USENIX Security Symposium. 2006: 305-320.
[12]	Sailer R, Valdez E, Jaeger T, et al. sHype: Secure hypervisor approach to trusted virtualized systems[J]. Techn. Rep. RC23511, 2005.
[13]	F. John Krautheim and Dhananjay S. Phatak. Identifying Trusted Virtual Machines[C]//Xen Summit 2008, Boston, MA, June 24, 2008.
[14]	Chow R, Golle P, Jakobsson M, et al.Controlling data in the cloud: outsourcing computation without outsourcing control[C]//Proceedings of the 2009 ACM workshop on Cloud computing security. ACM, 2009: 85-90.
[15]	Cachin C, Keidar I, Shraer A.Trusting the cloud[J]. Acm Sigact News, 2009, 40(2): 81-86.
[16]	Wang C, Wang Q, Ren K, et al.Privacy-preserving public auditing for data storage security in cloud computing[C]//INFOCOM, 2010 Proceedings IEEE. Ieee, 2010: 1-9.
[17]	Khan K M, Malluhi Q.Establishing trust in cloud computing[J]. IT professional, 2010, 12(5): 20-27.
[18]	Sailer R, Zhang X, Jaeger T, et al.Design and Implementation of a TCG-based Integrity Measurement Architecture[C]//USENIX Security Symposium. 2004, 13: 16.
[19]	Seshadri A, Perrig A, Van Doorn L, et al.Swatt: Software-based attestation for embedded devices[C]//Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on. IEEE, 2004: 272-282.
[20]	Haldar V, Chandra D, Franz M.Semantic remote attestation: a virtual machine directed approach to trusted computing[C]//USENIX Virtual Machine Research and Technology Symposium. 2004, 2004.
[21]	Haldar V, Franz M.Symmetric behavior-based trust: A new paradigm for Internet computing[C]//Proceedings of the 2004 workshop on New security paradigms. ACM, 2004: 79-84.
[22]	Yoshihama S, Ebringer T, Nakamura M, et al.WS-Attestation: Efficient and fine-grained remote attestation on web services[C]//null. IEEE, 2005: 743-750.
[23]	Jaeger T, Sailer R, Shankar U.PRIMA: policy-reduced integrity measurement architecture[C]//Proceedings of the eleventh ACM symposium on Access control models and technologies. ACM, 2006: 19-28.

可信云计算中的多级管理机制研究

Research on Multi-Level Management Mechanism in Trusted Cloud Computing

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 23

相关文章 15

编辑推荐

Metrics

本文评价

[1]	陈璐, 孙亚杰, 张立强, 陈云. 物联网环境下基于DICE的设备度量方案[J]. 信息网络安全, 2020, 20(4): 21-30.
[2]	刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.
[3]	王晓, 赵军, 张建标. 基于可信软件基的虚拟机动态监控机制研究[J]. 信息网络安全, 2020, 20(2): 7-13.
[4]	白嘉萌, 寇英帅, 刘泽艺, 查达仁. 云计算平台基于角色的权限管理系统设计与实现[J]. 信息网络安全, 2020, 20(1): 75-82.
[5]	吴宏胜. 基于可信计算和UEBA的智慧政务系统[J]. 信息网络安全, 2020, 20(1): 89-93.
[6]	任良钦, 王伟, 王琼霄, 鲁琳俪. 一种新型云密码计算平台架构及实现[J]. 信息网络安全, 2019, 19(9): 91-95.
[7]	余奕, 吕良双, 李肖坚, 王天博. 面向移动云计算场景的动态网络拓扑描述语言[J]. 信息网络安全, 2019, 19(9): 120-124.
[8]	王紫璇, 吕良双, 李肖坚, 王天博. 基于共享存储的OpenStack虚拟机应用分发策略[J]. 信息网络安全, 2019, 19(9): 125-129.
[9]	崔艳鹏, 冯璐铭, 闫峥, 蔺华庆. 基于程序切片技术的云计算软件安全模型研究[J]. 信息网络安全, 2019, 19(7): 31-41.
[10]	葛新瑞, 崔巍, 郝蓉, 于佳. 加密云数据上支持可验证的关键词排序搜索方案[J]. 信息网络安全, 2019, 19(7): 82-89.
[11]	尚文利, 尹隆, 刘贤达, 赵剑明. 工业控制系统安全可信环境构建技术及应用[J]. 信息网络安全, 2019, 19(6): 1-10.
[12]	尚文利, 张修乐, 刘贤达, 尹隆. 工控网络局域可信计算环境构建方法与验证[J]. 信息网络安全, 2019, 19(4): 1-10.
[13]	田春岐, 李静, 王伟, 张礼庆. 一种基于机器学习的Spark容器集群性能提升方法[J]. 信息网络安全, 2019, 19(4): 11-19.
[14]	赵谱, 崔巍, 郝蓉, 于佳. 一种针对El-Gamal数字签名生成的安全外包计算方案[J]. 信息网络安全, 2019, 19(3): 81-86.
[15]	张振峰, 张志文, 王睿超. 网络安全等级保护2.0云计算安全合规能力模型[J]. 信息网络安全, 2019, 19(11): 1-7.