| Cloud computing is believed to be the next major paradigm of computing because it will substantially reduce the cost of IT systems. Although the vision of cloud computing is very attractive, security concerns must be adequately addressed because enterprises (or data owners in general) are worried about whether their sensitive data stored and processed in the clouds can be leaked or abused. This is reasonable because in cloud computing, cloud user loses their control over the physical computers and the enterprise network boundaries. For example, the power of computer malware can get automatically amplified in cloud computing because compromising the system of a single cloud provider could cause successful attacks against all the users of that provider. This is often not the case in the current IT systems because in order to compromise multiple users, the malware has to break into all of the user computer. Therefore, cloud computing brings up a big security challenge:How can we provide trustworthy cloud computing platform for cloud user?Fortunately, the Trusted Computing technology provides a credible guarantee for cloud computing platform. In Trusted Computing, the goals are to protect the most sensitive information, such as private and symmetric keys, from theft or being used by malicious codes. Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as the platform integiry measurement, remote attestation and sealed storage. However, the current researches on trusted computing technology is still in the stage of single machine or a single virtual machine monitor, yet can not be applied to a cloud environment. Up to now, there are still many issues that need to be further studied in trusted cloud computing. First, the current technology can not build a trusted execution environment adapting to cloud environment; second cloud environment is currently in lack of trusted cloud services; third current design of the virtual machine rollback mechanism can be exploited to launch a range of attacks against cloud computing; Finally, the mechanism of vTPM is not sufficient for the virtual machine group in cloud. To solve such problems, this paper will research several key technology on construction trusted cloud computing platform research.First, for the problem on building the trusted execution environment mechanisms in the cloud environment. We present the design, implementation and analysis of a candidate solution, called Trusted Execution Environment (TEE), which takes advantage of both virtualization and trusted computing technologies simultaneously. The novelty behind TEE is the virtualization of the Dynamic Root of Trust for Measurement (DRTM).Second, for the problem on lack of the trusted cloud services in the cloud computing environment, we presents a trusted cloud services build mechanisms for cloud computing environment. We propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by trusted digital signatures service. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature’s cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of a Xen-based ADS system.Third, for the problem on virtual machine rollback attack in cloud computing, we show that the problem is relevant in cloud environments, no matter whether trusted computing technology (more precisely, Trusted Platform Module or TPM) is utilized or not. We report our successful attack experiments that exploit the VM rollback mechanism, both in the Amazon EC2environment (which does not utilize the TPM technology) and in our own experimental environment (which utilizes the TPM technology). We analyze the root-cause of the problem, and propose an adequate solution to it. We present the design arid prototype implementation of our solution, called rollback-resilient vTPM (rvTPM). Performance evaluation shows that our prototype rvTPM system in the Xen environment does not incur any significant performance penalty.Fourth, for the problem on vTPM cannot support virtual machine group in cloud computing, we describe a prototype system of TPMc and report that TPMc does not cause any significant extra cost. To overcome the above incompetency of vTPM for serving the needs of cloud computing, we propose a TPM-like mechanism that can track the security state of a set of virtual machines, which can range from a smaller number of virtual machines to all of the virtual machines in a cloud system. Specifically, we present the design of TPM for cloud, or TPMc for short, which is a system that manages and attests the security state of VMGs. As a result, each virtual machine in TPMc-enabled cloud systems has access to a vTPM and a TPMc, where TPMc is shared by a set of virtual machines. We describe the prototype implementation of TPMc and evaluate the performanceof TPMc-enabled cloud computing services. By using multiple tests, we show that TPMc fulfilling its desired functions without incuring any significant extra cost.In summary, we show the above four key technologies about constructing trusted cloud computing platform. With these mechanisms we can build trusted execution environment for all the cloud user dynamically. We can build trusted cloud services for the user virtual machine in cloud. We can let the cloud take the advantage of the virtual machine rollback mechanism. We can give the virtual machine group a trusted support like TPM.
|
PDF Full Text Request