Research On The Security Management Strategy For Trusted Cloud Platform

Cloud computing is a major leap for the development of the information industry.It integrates computing,storages,networks,and other information resources organically,providing a more convenient means for their in-depth sharing and utilization,making the acquisition of information resources no longer limited by time and space.Cloud computing platform has become one of the important components of information infrastructure,providing an important computing power basis for promoting industrial digital transformation.In the process of operation and maintenance,the security management of computing resources,storage resources and network resources has always been a key problem to be solved.Building trusted cloud computing platform(TCCP)with trusted computing technology provides an effective way to solve the problem.However,there are still some unsolved problems in TCCP management,such as trusted collaborative measurement,trusted state migration,dynamic trust measurement of virtual machine,cross-node/network remote attestation,etc.,which make it difficult to achieve full coverage of cloud computing platform security management requirements.To address the above problems,a novel building and management scheme for TCCP is proposed in this paper,which solved the security and credibility problems of cloud computing platform by introducing trusted collaboration.The specific research content includes:1.The concept of collaborative trustworthy is proposed,and the basic capabilities and design requirements of trusted computing base for distributed system are analyzed.The construction scheme of distributed trusted computing base(DTCB)is presented by referring to the design idea of group signature and using the sealed key technology of trusted computing,which provides a distributed and cooperative trusted computing base for trusted cloud platform.DTCB adopts the group cooperation mode,and the data authenticated by any cluster member can be verified in the whole TCCP,which can effectively support the trusted measurement of virtual machine and authentication operation across computing nodes,hide the implementation details of cloud computing platform,and reduce the attack surface.The scheme has the ability of intra-cluster identity authentication,the intra-cluster transmission of private data,mitigating the man-in-the-middle attack,and provides support for the trusted transmission of private data during the trusted migration of virtual machines.In addition,the design of DTCB algorithm set takes full account of the computational cost,avoids the overload of the trusted measurement operation of a single node,does not depend on a specific cryptographic algorithm,and can compatible with various existing trusted computing technologies.2.Based on DTCB’s trusted cooperation capability,the trusted identity management and trusted migration scheme of virtual machine are presented,which improves the trust measurement and management in the full life cycle of virtual machines.Furthermore,a series of concepts are presented for the virtual machine management,such as virtual machine life cycle,virtual machine identity key(VMIK),trusted identity certificate(TCV),and virtual machine trusted evidence(TPV),which solve the problem of identity uniqueness,the trusted state consistency and continuity of virtual machine in TCCP.On this basis,the trusted virtual machine migration protocol(TVMMP)is proposed to support trusted virtual machine migration for TCCP.By using the feature of DCTB group trusted authentication,TVMMP can reduce the cost of trusted data migration,avoid the resulting system performance bottleneck,and support virtual machine trusted migration in large-scale cloud computing platform.Meanwhile,DTCB can solve the problem of trusted state consistency and continuity in the process of virtual machine migration.3.A virtual machine remote attestation scheme is proposed with the trusted cooperation capability of DTCB.The binary data of attestation has been converted to the trusted properties of virtual machine,such as configuration information,system services,process list etc.,which can reduce the complexities in calculating,migrate privacy reveal and abuse.By using propertybased attestation,the scheme can better adapt to the dynamic and fine-grained remote attestation of virtual machines.And the attestation process does not require the active cooperation of virtual machines,which can effectively prevent the interference of malicious virtual machines and has good survivability.Meanwhile,there is no extra requirements for virtual machine to install specific software and hardware,which can make the scheme achieving applicability.The trusted policy of virtual machine can be customized by the verifier,and be descripted by standardization and formalization tool description,and support the trusted property reasoning mechanism.The scheme has good flexibility and standardization.The innovations of this paper are as follows:1.The concept and the construction scheme of collaborative trustworthy of trusted are proposed;2.A novel scheme of virtual machine trusted identity management and trusted migration is proposed based on DTCB;3.A property-based attestation scheme of virtual machine is proposed.The achievements of this dissertation can solve the problem of trusted management during the life cycle of virtual machine to a certain extent.Furthermore,the research results have some valuable references for TCCP construction,management,trusted measurements of virtual machine,security computing resources sharing,multi-tenant isolation,etc.It provides a new idea for the application of trusted computing technology in cloud computing security.