信息网络安全 ›› 2015, Vol. 15 ›› Issue (11): 21-26.doi: 10.3969/j.issn.1671-1122.2015.11.004

• 技术研究 • 上一篇    下一篇

云租户虚拟机主动可信验证机制的研究与应用

陶政1,2, 胡俊1,2,3, 吴欢1, 杨静1   

  1. 1.可信计算北京市重点实验室,北京 100124
    2.北京工业大学计算机学院,北京 100124
    3.信息安全等级保护关键技术国家工程实验室,北京 100124
  • 收稿日期:2015-09-15 出版日期:2015-11-25 发布日期:2015-11-20
  • 作者简介:

    作者简介: 陶政(1990-),男,河南,硕士研究生,主要研究方向:云安全和可信计算;胡俊(1972-),男, 河北,讲师,博士,主要研究方向:系统安全和可信计算;吴欢(1990-),男,浙江,硕士研究生,主要研究方向:网络安全和工业控制安全;杨静(1989-),女,山东,硕士研究生,主要研究方向:网络安全和工业控制安全。

  • 基金资助:
    国家自然科学基金青年科学基金[61501007];中国工程院重大咨询研究项目;高等学校博士学科点专项科研基金[20131103120001]

Research and Application of Cloud Computing Tenant Virtual Machine Active Trusted Verify Mechanism

TAO Zheng11,2, HU Jun11,2,3, Wu Huan1, Yang Jing11   

  1. 1. Beijing Key Laboratory of Trusted Computing, Beijing 100124, China
    2. College of Computer Science, Beijing University of Technology, Beijing 100124, China
    3. National Engineering Laboratory for Critical Technologies of Information Security Classified Protection, Beijing 100124, China
  • Received:2015-09-15 Online:2015-11-25 Published:2015-11-20

摘要:

近年来随着云计算的迅速发展,其安全问题也成为当前研究的热点,但是大多数研究采用被动调用机制和较为固化的策略定义的可信计算思想,很难适应云环境复杂的信任关系和需求。文章提出一种基于主动可信计算思想的云环境虚拟机主动可信验证机制,通过主动监控机制,各组件独立运行,便于设置复杂的信任关系,也可以适应动态、分布式的云环境。该机制针对云环境中运营商和租户的信任关系,由用户和运营商的SLA协议来制定基准可信库,由可信第三方来为租户提供可信报告。与传统技术相比,该机制使租户对自身拥有的虚拟机安全可以查阅和验证,保证了云环境中虚拟机的可信。

关键词: 云计算安全, 租户虚拟机, 可信计算, 主动可信机制

Abstract:

Recent years,cloud computing developed rapidly,and it’s security become the current research focus.But a lot of the researches about trusted computing are passive called by applications and use fixed format policies.It’s difficult to adapt the complicated relations.This paper presents a verify mechanism for virtual machines in cloud computing environment,this mechanism based on active trusted computing thought,through the acitive monitor,all components runs independently.It can works with complicated relations and adapt to dynamic distributed system.With this mechanism,users and facilitator make confirm the standard trusted lib through SLA protocol,third-party verifier provide report for users.Compared with conventional way,users can look up the report to know and ensured current security status of virtual machines in cloud computing environment.

Key words: cloud computing security, tenanct virtual machine, trusted computing, active trusted computing mechanism

中图分类号: