Cloud Security Based On Server Simulated Trusted Platform Module

The popularity of the Internet and the boost of business data have contributed to the rapid development of cloud computing.The advantages as high performance,low cost and scalability have pushed cloud computing centers to become the infrastructure of the Internet.Cloud operators and suppliers achieved revenues of $250 billion in 2018,which is a 32%increase from 2017.However,cloud security has become the most worrying issue for enterprises and ordinary users,as it has brought several new security issues at the level of system and platform,such as scanning virtual machine vulnerability Trojans,worms and other malware attacks,VM spread and VM escape,etc.Meanwhile,in the field of system security,the trusted computing platform based on trusted platform module has become one of the important solutions for computing security.In recent studies,the concept and model of vTPM designed for cloud computing are proposed,and it has been preliminary implemented in XEN and other simulators.However,the existing vTPM scheme is implemented based on the TPM chips installed on the server,and the computing performance of those TPM chips is too weak to meet the scalability and high efficiency requirements in the cloud computing environment,can't uniformly manage and verify the entire cloud computing center neither.This also limits the application and extension of trusted computing in the field of cloud security.In response to the above problems,this study designed a cloud computing archi-tecture based on trusted authentication server.TVS is a server equipped with TPM hardware,which can guarantee its credibility and enhance the performance of services which provide trusted verification,encryption,decryption,and storage in line with TP-M2.0 specifications through hardware acceleration cards and a method to improve the performance of TVS through system software optimization is proposed,according to the experimental results.Further,a study is conducted which is for the trusted measure-ment an verification of cloud computing based on TVS and also applied to management strategies such as VM migration strategy,has improved the overall security.The innovation of this study is mainly reflected in the following aspects:1.It has designed an extensible trusted computing architecture oriented to cloud computing center.TVS is added to the architecture,and an entire trusted computing system is built combined with CA,which is a certificate server.Then,an experimental environment is built for verification and performance optimization.It has summarized the basic elements and the startup process,then analyzed the advantages and the ex-tensibility of the architecture,designed a method in line with REST principle provides trusted services.Furthermore,the key-based trusted communication protocol is studied,and the three processes of identity authentication,session key negotiation and encrypted transmission of communication between server and TVS in the trusted communication protocol are described in detail.Based on the three-layer tree structure of "vTPM-nvTPM-TVS",the connection between the vTPM and the server which the vTPM is located is established to track VMs associate with the vTPM.2.The trusted measurement and verification methods aiming at cloud computing centers are studied based on TVS.In the process of multi-level trusted measurement,comprehensive credential verification is performed in terms of trustable servers,trustable virtual machine images,and trustable virtual machines.And this thesis discussed the application of non-interference theory in trusted measurement,modeled the overall sys-tem from the formal definition,analyzed and explained the TVS trusted channel from the perspective of non-interference.Moreover,the verification of TVS confidence lev-el includes trusted verification based on TVS local storage,trusted verification report based on TVS measurement and trusted verification based on model.Model-based trusted verification defined a verification model which has multi-level security integrity strategy,and proposed a theory about the TVS trust channel delivery security credi-ble theorem,ensuring entities have high integrity level will not been modified by low integrity level entities without authority.3.This thesis studied the VM management method and strategy based on TVS.The core of TVS identity authentication for VM is the authentication of platform i-dentity keys,mainly about the process of the issuance for platform identity certificate and the authentication for platform identity,focus on reducing the leakage of the hid-den information about platform identity.Then,the online security migration based on TVS lock implemented the VM-vTPM online migration protocol and analyzed the performance based on remote proof of the protocol,and then,the study proposed a dynamic migration protocol based on the trusted measurement report,analyzed the performance and gave the remote proof of the protocol.Finally,this study proposed a dynamic migration decision method based on credibility measurement report.This thesis designed and verified a solution to solve the cloud security issue in cloud computing center by the combination of software and hardware,analyzed and optimized the performance.This solution solved the issue that it's hard to reinstall and configure the TPM on the running server and the issue that the performance of TPM chip is too weak to meet the high load of the server.This solution may become server products and apply to upgrades and security enhancements for existing cloud computing center Meanwhile,further research is needed to improve the efficiency of system in aspects of efficient credible measurement models and credible remote verification methods.