This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed...This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.展开更多
Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is ...Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.展开更多
Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an import...Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an important nature of subjective trust,uncertainty should be preserved and exhibited in trust definition,representation and evolution.Consider the drawbacks of existing mechanisms based on random mathematics and fuzzy theory,this paper designs an uncertainty enhanced trust evolution strategy based on cloud model theory.We define subjective trust as trust cloud.Then we propose new algorithms to propagate,aggregate and update trust.Furthermore,based on the concept of similar cloud,a method to assess trust level is put forward.The simulation results show the effiectiveness,rationality and efficiency of our proposed strategy.展开更多
基金supported by The National Natural Science Foundation for Young Scientists of China under Grant No.61303263the Jiangsu Provincial Research Foundation for Basic Research(Natural Science Foundation)under Grant No.BK20150201+4 种基金the Scientific Research Key Project of Beijing Municipal Commission of Education under Grant No.KZ201210015015Project Supported by the National Natural Science Foundation of China(Grant No.61370140)the Scientific Research Common Program of the Beijing Municipal Commission of Education(Grant No.KMKM201410015006)The National Science Foundation of China under Grant Nos.61232016 and U1405254and the PAPD fund
文摘This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.
基金supported by the National Natural Science Foundation of China (No.61272447)
文摘Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.
基金Supported by the National Natural Science Foundation of China under Grant No.60703048the Open Foundation of State Key Lab of Software Engineering of Wuhan University under Grant No.SKLSE20080720the Open Foundation of State Key Laboratory for Novel Software Technology of Nanjing University under Grant No.KFKT2009B22
文摘Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an important nature of subjective trust,uncertainty should be preserved and exhibited in trust definition,representation and evolution.Consider the drawbacks of existing mechanisms based on random mathematics and fuzzy theory,this paper designs an uncertainty enhanced trust evolution strategy based on cloud model theory.We define subjective trust as trust cloud.Then we propose new algorithms to propagate,aggregate and update trust.Furthermore,based on the concept of similar cloud,a method to assess trust level is put forward.The simulation results show the effiectiveness,rationality and efficiency of our proposed strategy.
