###
Journal of Software:2014.25(3):662-674

面向云计算模式运行环境可信性动态验证机制
刘川意,林杰,唐博
(北京邮电大学 软件学院, 北京 100876;可信分布式计算与服务教育部重点实验室(北京邮电大学), 北京 100876;北京邮电大学 计算机学院, 北京 100876;可信分布式计算与服务教育部重点实验室(北京邮电大学), 北京 100876;中国邮政储蓄银行 信息科技建设部, 北京 100808)
Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment
LIU Chuan-Yi,LIN Jie,TANG Bo
(Software School, Beijing University of Posts and Telecommunications, Beijing 100876, China;Key Laboratory of Trustworthy Distributed Computing and Service BUPT, Ministry of Education, Beijing 100876, China;School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;Key Laboratory of Trustworthy Distributed Computing and Service BUPT, Ministry of Education, Beijing 100876, China;Department of IT Construction, Postal Savings Bank of China, Beijing 100808, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 3306   Download 4939
Received:February 07, 2013    Revised:June 21, 2013
> 中文摘要: 如何为用户提供一个可证明、可验证的可信运行环境,是云计算模式面临的重要问题.提出一种动态的用户运行环境可信性验证机制TCEE(trusted cloud execution environment).通过扩展现有可信链,将可信传递到用户虚拟机内部,并周期性地对用户运行环境的内存和文件系统进行完整性验证.TCEE引入可信第三方TTP(trusted third party),针对用户虚拟机运行环境的可信性进行远程验证和审计,避免了由用户维护可信验证的相关信息和机制,同时也能够避免云平台敏感信息的泄露.实现了基于TCEE的原型系统,对TCEE的有效性和性能代价进行定量测试和评价.实验结果表明,该机制可以有效检测针对内存和文件系统的典型威胁,且对用户运行环境引入的性能代价较小.
中文关键词: 云计算  可信性验证  可信计算  TPM
Abstract:Providing a provable and verifiable execution environment for the tenants is a very important problem in the cloud computing mode. This paper proposes a dynamic trustworthiness verification mechanism for the tenants' virtual execution environment, named TCEE (trusted cloud execution environment), which extends the current trusted chain into virtual machine's architecture stack. It cyclically verifies the trustworthiness of the memory and file systems within the virtual execution environments. TCEE introduces a TTP (trusted third party) to perform the verification and audit action against tenants' virtual machines to avoid heavy involvement of end tenants and unnecessary information leakage of the cloud providers. A prove-of-concept prototype is implemented according to TCEE to evaluate the effectiveness and the performance overhead incurred. Experimental results show that TCEE is effective and its performance overhead is minor.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61202081) 国家自然科学基金(61202081)
Foundation items:
Reference text:

刘川意,林杰,唐博.面向云计算模式运行环境可信性动态验证机制.软件学报,2014,25(3):662-674

LIU Chuan-Yi,LIN Jie,TANG Bo.Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment.Journal of Software,2014,25(3):662-674