發(fā)布時(shí)間：2018-05-27 11:26

  本文選題：云計(jì)算平臺(tái) + 可信計(jì)算技術(shù)��； 參考：《中國礦業(yè)大學(xué)》2017年碩士論文

【摘要】：隨著計(jì)算機(jī)技術(shù)、網(wǎng)絡(luò)技術(shù)的不斷發(fā)展,云計(jì)算技術(shù)得到了廣泛的推廣和發(fā)展,因?yàn)樵朴?jì)算環(huán)境的靈活性、開放性以及公眾可用性等特性,給應(yīng)用安全帶來了很多挑戰(zhàn)。隨著可信計(jì)算技術(shù)的出現(xiàn),可信計(jì)算在信息安全中使用的越來越多,使用可信計(jì)算技術(shù)來保障系統(tǒng)和硬件安全的技術(shù)也越來越成熟,結(jié)合可信計(jì)算技術(shù)來解決云計(jì)算平臺(tái)和數(shù)據(jù)的安全問題成為一個(gè)主要的研究方向。本文基于可信計(jì)算技術(shù)和虛擬化技術(shù),主要從兩個(gè)方面對云計(jì)算平臺(tái)的可信安全機(jī)制進(jìn)行研究。一方面,提出基于可信計(jì)算的實(shí)時(shí)度量安全機(jī)制。針對應(yīng)用程序加載和運(yùn)行過程中的度量需要,對度量規(guī)則和度量語義進(jìn)行了定義,借助實(shí)時(shí)度量模塊,結(jié)合安全策略規(guī)則對進(jìn)程元素進(jìn)行實(shí)時(shí)度量,利用虛擬機(jī)檢測系統(tǒng)和完整性評估系統(tǒng),對應(yīng)用程序的加載狀態(tài)和運(yùn)行狀態(tài)進(jìn)行實(shí)時(shí)監(jiān)控和檢測,偵測進(jìn)程的狀態(tài)變化,并實(shí)時(shí)對進(jìn)程進(jìn)行完整性評估,有效地保障應(yīng)用程序的可信傳遞和系統(tǒng)的可信運(yùn)行。另一方面,提出基于角色的數(shù)據(jù)隔離訪問安全機(jī)制。利用虛擬化技術(shù),云計(jì)算平臺(tái)對其所儲(chǔ)存的數(shù)據(jù)進(jìn)行隔離,使用戶可以基于角色進(jìn)行隔離訪問。另外,云計(jì)算平臺(tái)通過對用戶信任證書與信任等級的綜合驗(yàn)證,及對用戶訪問行為進(jìn)行實(shí)時(shí)監(jiān)控,云計(jì)算平臺(tái)為用戶提供一個(gè)更為安全的運(yùn)行環(huán)境,從而完成對云計(jì)算平臺(tái)中數(shù)據(jù)儲(chǔ)存、隔離和訪問的保護(hù)。結(jié)合可信計(jì)算技術(shù)和虛擬化技術(shù),保護(hù)云計(jì)算平臺(tái)自身的可信與云計(jì)算平臺(tái)數(shù)據(jù)的可信,將會(huì)真正實(shí)現(xiàn)云計(jì)算平臺(tái)的可信。本文的研究成果將會(huì)為云計(jì)算安全的研究提供支撐,也會(huì)為基于可信計(jì)算的安全技術(shù)的研究方向提供借鑒。
[Abstract]:With the continuous development of computer technology and network technology, cloud computing technology has been widely promoted and developed, because of the flexibility, openness and public availability of cloud computing environment, it brings many challenges to application security. With the emergence of trusted computing technology, trusted computing is used more and more in information security, and the technology of using trusted computing technology to protect system and hardware security is becoming more and more mature. Combining trusted computing technology to solve cloud computing platform and data security issues has become a major research direction. Based on trusted computing technology and virtualization technology, this paper mainly studies the trusted security mechanism of cloud computing platform from two aspects. On the one hand, a real-time measurement security mechanism based on trusted computing is proposed. In order to meet the needs of measurement in the process of application loading and running, the measurement rules and the semantics of measurement are defined. With the help of real-time measurement module, the process elements are measured in real time with the combination of security policy rules. The virtual machine detection system and the integrity evaluation system are used to monitor and detect the loading state and running state of the application in real time, to detect the state change of the process, and to evaluate the integrity of the process in real time. It can effectively guarantee the trusted transmission of the application program and the trusted operation of the system. On the other hand, a role-based data isolation access security mechanism is proposed. With virtualization technology, cloud computing platform can isolate the data stored by cloud computing platform, so that users can be isolated access based on their roles. In addition, the cloud computing platform provides a more secure environment for users through the comprehensive verification of user trust certificates and trust levels, and real-time monitoring of user access behavior. In order to complete the cloud computing platform data storage, isolation and access protection. Combining trusted computing technology and virtualization technology to protect the trust of cloud computing platform and the credibility of cloud computing platform data will truly realize the credibility of cloud computing platform. The research results of this paper will provide support for cloud computing security research, but also provide reference for the research direction of trusted computing security technology.
【學(xué)位授予單位】：中國礦業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 唐乾;楊飛;黃琪;林果園;;基于TCB子集的訪問控制信息安全傳遞模型[J];山東大學(xué)學(xué)報(bào)(理學(xué)版);2016年07期

2 林果園;王丹茹;別玉玉;雷敏;;MTBAC:云計(jì)算環(huán)境中一種基于互信任的訪問控制模型（英文）[J];中國通信;2014年04期

3 林闖;蘇文博;孟坤;劉渠;劉衛(wèi)東;;云計(jì)算安全:架構(gòu)、機(jī)制與模型評價(jià)[J];計(jì)算機(jī)學(xué)報(bào);2013年09期

4 別玉玉;林果園;;云計(jì)算中基于信任的多域訪問控制策略[J];信息安全與技術(shù);2012年10期

5 陳文智;黃煒;謝鋮;何欽銘;;基于虛擬化平臺(tái)的可信任計(jì)算基[J];浙江大學(xué)學(xué)報(bào)(工學(xué)版);2009年02期

6 侯方勇,周進(jìn),王志英,劉真,劉蕓;可信計(jì)算研究[J];計(jì)算機(jī)應(yīng)用研究;2004年12期

相關(guān)博士學(xué)位論文 前1條

1 梁元;基于云計(jì)算環(huán)境下的可信平臺(tái)設(shè)計(jì)[D];電子科技大學(xué);2013年

相關(guān)碩士學(xué)位論文 前2條

1 劉曉蘭;云計(jì)算平臺(tái)中數(shù)據(jù)安全機(jī)制及評估研究[D];北京郵電大學(xué);2013年

2 徐日;可信計(jì)算平臺(tái)完整性度量機(jī)制的研究與應(yīng)用[D];西安電子科技大學(xué);2009年

，

本文編號：1941860