云计算平台的可信安全机制研究

发布时间：2018-05-27 11:26

本文选题：云计算平台 + 可信计算技术　；参考：《中国矿业大学》2017年硕士论文

【摘要】：随着计算机技术、网络技术的不断发展,云计算技术得到了广泛的推广和发展,因为云计算环境的灵活性、开放性以及公众可用性等特性,给应用安全带来了很多挑战。随着可信计算技术的出现,可信计算在信息安全中使用的越来越多,使用可信计算技术来保障系统和硬件安全的技术也越来越成熟,结合可信计算技术来解决云计算平台和数据的安全问题成为一个主要的研究方向。本文基于可信计算技术和虚拟化技术,主要从两个方面对云计算平台的可信安全机制进行研究。一方面,提出基于可信计算的实时度量安全机制。针对应用程序加载和运行过程中的度量需要,对度量规则和度量语义进行了定义,借助实时度量模块,结合安全策略规则对进程元素进行实时度量,利用虚拟机检测系统和完整性评估系统,对应用程序的加载状态和运行状态进行实时监控和检测,侦测进程的状态变化,并实时对进程进行完整性评估,有效地保障应用程序的可信传递和系统的可信运行。另一方面,提出基于角色的数据隔离访问安全机制。利用虚拟化技术,云计算平台对其所储存的数据进行隔离,使用户可以基于角色进行隔离访问。另外,云计算平台通过对用户信任证书与信任等级的综合验证,及对用户访问行为进行实时监控,云计算平台为用户提供一个更为安全的运行环境,从而完成对云计算平台中数据储存、隔离和访问的保护。结合可信计算技术和虚拟化技术,保护云计算平台自身的可信与云计算平台数据的可信,将会真正实现云计算平台的可信。本文的研究成果将会为云计算安全的研究提供支撑,也会为基于可信计算的安全技术的研究方向提供借鉴。
[Abstract]:With the continuous development of computer technology and network technology, cloud computing technology has been widely promoted and developed, because of the flexibility, openness and public availability of cloud computing environment, it brings many challenges to application security. With the emergence of trusted computing technology, trusted computing is used more and more in information security, and the technology of using trusted computing technology to protect system and hardware security is becoming more and more mature. Combining trusted computing technology to solve cloud computing platform and data security issues has become a major research direction. Based on trusted computing technology and virtualization technology, this paper mainly studies the trusted security mechanism of cloud computing platform from two aspects. On the one hand, a real-time measurement security mechanism based on trusted computing is proposed. In order to meet the needs of measurement in the process of application loading and running, the measurement rules and the semantics of measurement are defined. With the help of real-time measurement module, the process elements are measured in real time with the combination of security policy rules. The virtual machine detection system and the integrity evaluation system are used to monitor and detect the loading state and running state of the application in real time, to detect the state change of the process, and to evaluate the integrity of the process in real time. It can effectively guarantee the trusted transmission of the application program and the trusted operation of the system. On the other hand, a role-based data isolation access security mechanism is proposed. With virtualization technology, cloud computing platform can isolate the data stored by cloud computing platform, so that users can be isolated access based on their roles. In addition, the cloud computing platform provides a more secure environment for users through the comprehensive verification of user trust certificates and trust levels, and real-time monitoring of user access behavior. In order to complete the cloud computing platform data storage, isolation and access protection. Combining trusted computing technology and virtualization technology to protect the trust of cloud computing platform and the credibility of cloud computing platform data will truly realize the credibility of cloud computing platform. The research results of this paper will provide support for cloud computing security research, but also provide reference for the research direction of trusted computing security technology.
【学位授予单位】：中国矿业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【参考文献】