本文選題：云計(jì)算 + 可信審計(jì)　； 參考：《計(jì)算機(jī)學(xué)報(bào)》2016年02期

【摘要】：可信的云計(jì)算運(yùn)行環(huán)境很大程度決定了云服務(wù)的推廣和有效使用.采用可信計(jì)算技術(shù)的基本假設(shè)是所有在運(yùn)行環(huán)境中安裝的內(nèi)核模塊和應(yīng)用程序都需要事先指定并已知其執(zhí)行代碼的完整性信息.這個(gè)假設(shè)在云用戶實(shí)際使用時(shí)往往是不可能的.所以該文提出了一種將虛擬可信根vTPM和可信審計(jì)技術(shù)結(jié)合起來的用戶可信運(yùn)行環(huán)境構(gòu)建與審計(jì)機(jī)制.對(duì)于體系結(jié)構(gòu)棧中可事先固定的、在啟動(dòng)和運(yùn)行時(shí)不變的組件,通過vTPM作可信根保證可信啟動(dòng);對(duì)于運(yùn)行過程中變化的、無法事先確定的組件,文中提出了一種可信審計(jì)的方法,即對(duì)用戶虛擬機(jī)的運(yùn)行態(tài)環(huán)境進(jìn)行證據(jù)收集和證據(jù)審計(jì),監(jiān)測(cè)實(shí)際使用中用戶運(yùn)行環(huán)境的可信性.若用戶運(yùn)行環(huán)境處于不可信狀態(tài),則及時(shí)通知用戶采取相應(yīng)措施.最后文中基于該可信機(jī)制的原型系統(tǒng)對(duì)其有效性和性能代價(jià)進(jìn)行定量測(cè)試和評(píng)價(jià),實(shí)驗(yàn)結(jié)果表明:該機(jī)制針對(duì)典型的不可信威脅是有效的,且引入的性能代價(jià)對(duì)用戶實(shí)際使用的影響可以忽略.
[Abstract]:Trusted cloud computing environment determines the promotion and effective use of cloud services. The basic assumption by using trusted computing technology are all installed in the operating environment of the kernel module and the application requires the integrity of the information specified in advance and is known for its executable code. This assumption is often not possible in actual cloud users when in use. So this paper presents a user trusted environment and auditing mechanism combining virtual trusted root vTPM and trusted audit technology. For the construction of the pre fixed architecture stack, components unchanged during startup and operation, ensure the trusted root of trusted startup by vTPM to change during the operation; the component cannot be determined in advance, this paper has put forward a method of trusted audit, namely the runtime environment of the user virtual machine of evidence collection and evidence audit, monitoring When users run environmental credibility. If the user operation environment is not credible, timely notify the user to take corresponding measures. Finally, the prototype system of the trusted mechanism quantitatively to test and evaluate its effectiveness and performance cost based on the experimental results show that the mechanism for the typical credible threat is effective effect of performance cost, and the introduction of the actual use of the user can be ignored.

【作者單位】： 北京郵電大學(xué)軟件學(xué)院;北京郵電大學(xué)可信分布式計(jì)算與服務(wù)教育部重點(diǎn)實(shí)驗(yàn)室;北京郵電大學(xué)計(jì)算機(jī)學(xué)院;
【基金】：國(guó)家自然科學(xué)基金(61202081)資助~~
【分類號(hào)】：TP309

【共引文獻(xiàn)】

中國(guó)期刊全文數(shù)據(jù)庫(kù) 前10條

1 馮登國(guó);秦宇;汪丹;初曉博;;可信計(jì)算技術(shù)研究[J];計(jì)算機(jī)研究與發(fā)展;2011年08期

2 魏占禎;李偉;池亞平;方勇;;基于可逆向擴(kuò)展的可信數(shù)據(jù)封裝存儲(chǔ)方案[J];吉林大學(xué)學(xué)報(bào)(工學(xué)版);2012年04期

3 劉瀾;袁道華;童星;王鐘磊;;一種針對(duì)可信計(jì)算平臺(tái)的分布式可信驗(yàn)證機(jī)制[J];計(jì)算機(jī)工程與應(yīng)用;2012年02期

4 辛思遠(yuǎn);趙勇;廖建華;王婷;;操作系統(tǒng)內(nèi)核的動(dòng)態(tài)可信度量模型[J];計(jì)算機(jī)應(yīng)用;2012年04期

5 王寧;吳振強(qiáng);符湘萍;;實(shí)時(shí)監(jiān)控下的動(dòng)態(tài)遠(yuǎn)程證明模型[J];計(jì)算機(jī)應(yīng)用研究;2011年05期

6 吳昊;毋國(guó)慶;;程序的動(dòng)態(tài)完整性:模型和方法[J];計(jì)算機(jī)研究與發(fā)展;2012年09期

7 鄧銳;陳左寧;;基于策略嵌入和可信計(jì)算的完整性主動(dòng)動(dòng)態(tài)度量架構(gòu)[J];計(jì)算機(jī)應(yīng)用研究;2013年01期

8 張策;崔剛;傅忠傳;;TCG下可信度量機(jī)制與模型分析[J];哈爾濱工業(yè)大學(xué)學(xué)報(bào);2013年01期

9 歐嵬;王勇軍;韓文報(bào);;基于用戶行為的可信模型研究[J];計(jì)算機(jī)工程與科學(xué);2013年05期

10 毛澍;張，

本文編號(hào)：1753626