基于TPM联盟的可信云平台管理模型

田俊峰; 常方舒

doi:10.11959/j.issn.1000-436x.2016025

您当前的位置：

首页 >

文章列表页 >

基于TPM联盟的可信云平台管理模型

学术论文 | 更新时间：2024-06-05

- 基于TPM联盟的可信云平台管理模型
- Trusted cloud platform management model based onTPMalliance
- 通信学报 2016年37卷第2期页码：1-10
- 作者机构：
  
  河北大学网络技术研究所，河北保定071002
- 作者简介：
  
  [ "田俊峰（1965），男，河北保定人，博士，河北大学教授、博士生导师，主要研究方向为信息安全、分布式计算、网络技术、可信计算、云计算。" ]
  [ "常方舒（1989），男，河北邯郸人，河北大学硕士生，主要研究方向为可信计算和云计算。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2014201165);河北省高等学校科学技术研究重点基金资助项目(ZH2015088)
- DOI：10.11959/j.issn.1000-436x.2016025
  中图分类号： TP393
- 网络出版日期：2016-02，
  
  纸质出版日期：2016-02-15
- 稿件说明：
移动端阅览
田俊峰, 常方舒. 基于TPM联盟的可信云平台管理模型[J]. 通信学报, 2016,37(2):1-10.

Jun-feng TIAN, Fang-shu CHANG. Trusted cloud platform management model based onTPMalliance[J]. Journal on communications, 2016, 37(2): 1-10.
田俊峰, 常方舒. 基于TPM联盟的可信云平台管理模型[J]. 通信学报, 2016,37(2):1-10. DOI： 10.11959/j.issn.1000-436x.2016025.

Jun-feng TIAN, Fang-shu CHANG. Trusted cloud platform management model based onTPMalliance[J]. Journal on communications, 2016, 37(2): 1-10. DOI： 10.11959/j.issn.1000-436x.2016025.

摘要

以可信计算技术为基础，针对可信云平台构建过程中可信节点动态管理存在的性能瓶颈问题，提出了基于TPM联盟的可信云平台体系结构及管理模型。针对TPM自身能力的局限性，提出了宏TPM和根TPM的概念。针对可信云中节点管理时间开销大的问题，引入时间树的概念组织TPM联盟，利用TPM和认证加密技术解决数据在TPM联盟内节点间的可信传输问题，提出了一种基于时间树的TPM联盟管理策略，包括节点配置协议、注册协议、注销协议、实时监控协议、网络管理修复协议和节点更新协议，阐述了时间树的生成算法，分析了建立可信节点管理网络的时间开销和节点状态监控的有效性。最后，通过仿真实验说明了模型具有较好的性能和有效性。

Abstract

On the basis of trusted computing technology

trusted cloud platform architecture and management model based on theTPMalliance was proposed to solve the performance bottleneck of dynamic management of trusted nodes in the building process of trusted cloud platform. MacroTPMproposed to solve the capability limitation of TPM

the concept of time-based tree was introduced to organizeTPMalliance

addressing the problem of high time cost of nodes management in trusted cloud. It usedTPMand authentication encryption technology to solve trusted transmission problem of data among nodes inTPMalliance

and a management strategy of time-based treeTPMalliance was proposed

including node configuration protocol

node registration protocol

node logout protocol

node state real-time monitor protocol

trusted nodes management network repair protocol

node update protoc explains the production algorithm of time-based tree

analyses the effectiveness of the time cost of building trusted node management network and monitoring of node state. The simulation result indicates that the model is efficient

and the time cost in trusted node management can be reduced.

关键词

Keywords

references

冯登国 , 张敏 , 张妍 . 云计算安全研究 [J ] . 软件学报 , 2011 , 22 ( 1 ): 71 - 83 .

FENG D G , ZHANG M , ZHANG Y . Study on cloud computing security [J ] . Journal of Software , 2011 , 22 ( 1 ): 71 - 83 .

GARFINKEL T , PFAFF B , CHOW J . Terra: a virtual machine-based platform for trusted computing [J ] . ACM SIGOPS Operating Systems Review , 2003 , 37 ( 5 ): 193 - 206 .

BUTT S , LAGAR-CAVILLA H A , SRIVASTAVA A . Self-service cloud computing [C ] // The 2012 ACM Conference on Computer and Communications Security . ACM , c2012 : 253 - 264 .

MCCUNE J M , LI Y , QU N . TrustVisor: efficient TCB reduction and attestation [C ] // Security and Privacy (SP), 2010 IEEE Symposium . ACM , c2010 : 143 - 158 .

TADOKORO H , KOURAI K , CHIBA S . Preventing information leakage from virtual machines’ memory in IaaS clouds [J ] . Information and Media Technologies , 2012 , 7 ( 4 ): 1421 - 1431 .

BLEIKERTZ S , BUGIEL S , IDELER H . Client-controlled cryptography-as-a-service in the cloud [C ] // Applied Cryptography and Network Security . Springer Berlin Heidelberg , c2013 : 19 - 36 .

CHEN C , RAJ H , SAROIU S . cTPM: a cloudTPMfor cross-device trusted applications [C ] // The 11th USENIX Conference on Networked Systems Design and Implementation USENIX Association . c2014 : 187 - 201 .

吴吉义 , 沈千里 , 章剑林 . 云计算:从云安全到可信云 [J ] . 计算机研究与发展 , 2011 , 48 ( 1 ): 229 - 233 .

WU J Y , SHEN Q L , ZHANG J L . Cloud computing: cloud security to trusted cloud [J ] . Journal of Computer Research and Development , 2011 , 48 ( 1 ): 229 - 233 .

SCHIFFMAN J , MOYER T , VIJAYAKUMAR H . Seeding clouds with trust anchors [C ] // The 2010 ACM Workshop on Cloud Computing Security Workshop . ACM , c2010 : 43 - 46 .

DAVI L , SADEGHI A R , WINANDY M . Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks [C ] // The 2009 ACM Workshop on Scalable Trusted Computing . ACM , c2009 : 49 - 54 .

BERGER S , CÁCERES R , PENDARAKIS D . TVDc: managing security in the trusted virtual datacenter [J ] ACM SIGOPS Operating Systems Review , 2008 , 42 ( 1 ): 40 - 47 .

BERGER S , CÁCERES S , GOLDMAN K . Security for the cloud infrastructure: trusted virtual data center implementation [J ] IBM Journal of Research and Development , 2009 , 53 ( 4 ): 6 : 1 - 6 : 12 .

SAYLER A , KELLER E , GRUNWALD D . Jobber: automating inter-tenant trust in the cloud [J/OL ] . http://www.usenix.org/node/174570 http://www.usenix.org/node/174570 , 2013 .

WU R , ZHANG X , AHN G J . Design and implementation of access control as a service for iaas cloud [J ] . SCIENCE , 2013 , 2 ( 3 ): 115 - 130 .

刘川意 , 唐博 , 章剑林 . 面向云计算模式的运行环境可信性动态验证机制 [J ] . 软件学报 , 2014 , 25 ( 3 ): 662 - 674 .

LIU C Y , LIN J , TANG B . Dynamic trustworthiness verifi ion mechanism for trusted cloud execution environment [J ] . Journal of Software , 2014 , 25 ( 3 ): 662 - 674 .

LI X Y , ZHOU L T , SHI Y . A trusted computing environment model in cloud architecture [C ] // Machine Learning and Cybernetics (ICMLC), 2010 International Conference . IEEE , c2010 : 2843 - 2848 .

ZHANG F , CHEN J , CHEN H . CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization [C ] // The Twenty-Third ACM Symposium on Operating Systems Principles . ACM , c2011 : 203 - 216 .

SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing [C ] // The 2009 Conference on Hot Topics in Cloud Computing . c2009 : 3 .

SANTOS N , RODRIGUES R , GUMMADI K P . Policy-sealed data: a new abstraction for building trusted cloud services [C ] // USENIX Security Symposium . c2012 : 175 - 188 .

王丽娜 , 任正伟 , 董永峰 . 云存储中基于可信平台模块的密钥使用次数管理方法 [J ] . 计算机研究与发展 , 2013 , 50 ( 8 ): 1628 - 1636 .

WANG L N , REN Z W , DONG Y F . A management approach to key-used times based on trusted platform module in cloud storage [J ] . Journal of Computer Research and Development , 2013 , 50 ( 8 ): 1628 - 1636 .

田俊峰 , 吴志杰 . 一种可信的云存储控制模型 [J ] . 小型微型计算机系统 , 2013 , 34 ( 4 ): 789 - 795 .

TIAN J F , WU Z J . Trusted control model of cloud storage [J ] . Journal of Chinese Computer Systems , 2013 , 34 ( 4 ): 789 - 795 .

张焕国 , 陈璐 , 张立强 . 可信网络连接研究 [J ] . 计算机学报 , 2010 , 33 ( 4 ): 706 - 717 .

ZHANG H G , CHEN L , ZHANG L Q . Research on trusted network connection [J ] . Chinese Journal of Computers , 2010 , 33 ( 4 ): 706 - 717 .

WANG J , ZHAO B , ZHANG H . POSTER: an E2E trusted cloud infrastructure [C ] // The 2014 ACM SIGSAC Conference on Computer and Communications Security . ACM , c2014 : 1517 - 1519 .

周振吉 , 吴礼发 , 洪征 . 云计算环境下的虚拟机可信度量模型 [J ] . 东南大学学报 , ( 自然科学版 ), 2014 , 44 ( 1 ): 45 - 50 .

ZHOU Z J , WU L F , HONG Z . Trustworthiness measurement l of virtual machine for cloud computing [J ] . Journal of Southeast University , ( Natural Science Edition ), 2014 , 44 ( 1 ): 45 - 50 .

SZYDLO M . Merkle tree traversal in log space and time [C ] // Advances in Cryptology-EUROCRYPT 2004 . Springer Berlin Heidelberg , c2004 : 541 - 554 .

浏览量

973

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

可信云平台技术综述

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

基于强化学习的在线离线混部云环境下的调度框架

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案