| Cloud Storage is one of the most potential application in cloud computing.Cloud storage can provide users on-demand storage service,not only allow users to store and access his own data whenever and wherever possible,but also can reduce the user cost tremendously.Cloud storage sever platform plays as the foundation to provide cloud storage service,its security is the basic guarantee of upper level applications.Trusted computing technology can provide security at hardware and system levels and build a trusted computing platform.Trusted hardware acts as the trusted root of the platform,can provide hardware based cryptographic support and protected storage for the whole system.Trusted chain can expend the trust to the whole platform started with the trusted root and provide a reliable execution environment for application software.The main research work of this paper can be divided into two parts: firstly,studied and designed the functional structure of the trusted cloud storage server.Secondly,proposed several mechanisms to assurance the security of data storage,include access control mechanism,data integrity assurance mechanism and the assurance of data stored geo-location.Trusted cloud storage server provides protection from the hardware and system level,data stoarage security machanisms provide protection from the application level.In terms of the design of the functional structure of the trusted cloud storage server,firstly this paper used trusted platform control module as the hardware trusted root of cloud storage server node and adopted Xen hypervisor and Ceph distributed file system to build a cloud storage service architecture.Then,designed the whole arctecture of the trusted server,studied the functional requirements of vTPCM,VM-vTPCM binding mechanism and proposed the migrate protocol of vTPCM.And then build trusted chain from physical platform system boot and the virtual domain.In terms of data storage security mechanisms,firstly this paper analyzed the reason of data leakage in cloud storage,analyzed and compared the advantages and disadvantages of the existing data encryption schemes,proposed client-based data encryption and adopted trusted hardware to manage all the encryption keys and to guarantee the integrity of client side softwares,and designed acess control related protocols.Then,this paper studied the existing common methods of data integrity verification,analyzed their limitations,proposed a way to use metadata to check data integrity,reduced the client side space cost.And then,adopted trusted hardware to identify physical machines and the location of the machines as to proposed a way to verify the geo-location of the stored data.The experiment verified and analyzed the viewpoints of this paper,the results showed that the trusted cloud storage server architecture and data storage security mechanisms proposed in this paper satisfied the security requirements of server platform and data storage,and had good performance and high degree of security. |
PDF Full Text Request