| Cloud Computing, as the combination of various computing and network technologies, has become not only the new Internet-based computing mode and service mode, but also the hot research topic in academia and industry. Because of the benefits of convenience, high extensibility and measured service, increasing number of enterprise and public users are beginning to accept and use cloud computing services. However, the data and applications of cloud tenants must be deployed into the cloud, and they might be accessed or damaged by attackers unexpectedly. Meanwhile, the tenants lose the fully control of their data and applications, which makes them concern the cloud security seriously. Several burning issues are strangling the development of cloud computing, such as providing secure and trusted cloud computing services, enhancing the confidence of tenants in Cloud Service Providers (CSPs), and making sure the deployed applications can be executed in expected ways.This dissertation focuses on how to establish trusted Infrastructure-as-a-Service (IaaS), which can provide trusted Guest Virtual Domains (GVDs) for the tenants. The key issues of this research includes measuring the integrity of GVDs, and letting the tenants to judge whether the GVDs can be trusted by remote attestation. With the trusted computing and system virtualization technologies, we propose and achieve three schemes to establish the trusted GVDs for different computing environments as follows:(1) We propose and achieve trusted GVDs establishing scheme based on trust transmission. The core of this scheme includes building a trusted chain from the hardware security chip to the GVDs’ applications, and measuring and logging the entities which may affect the integrity of the GVDs and the related computing platforms. For this purpose, we propose a GVD trust transmission model, since the existing trust transmission models cannot describe the trust transmission processes of virtualized computing platform precisely and protect the GVDs’ privacy; we propose Trusted pyGRUB, a trusted boot loader for GVDs which can be controlled by the tenants, for the missing link in the trust transmission processes; and we propose a remote attestation agent protocol, which can help the tenants to check whether the computing platforms and GVDs can be trusted, since the CSP hides the detailed cloud architecture which makes the tenants hardly to apperceive the integrity of the computing platforms.(2) We propose and achieve OB-IMA, a trusted GVDs establishing scheme based on out-of-the-box monitoring, in order to overcome the drawbacks of the previous scheme, such as the complexity of the attestation process, the dependence of the OS security mechanism, and the incompleteness of the measured entities. OB-IMA has the following advantages:it cannot be attacked or bypassed easily, since the basis of OB-IMA is more Virtual Machine Introspection (VMI) technology than OS security mechanism; it is transparent to the GVD, namely no modification is required for GVD; and it supports both system policy and user policy, so the tenants are able to control the measurement policies easily. Compared to other existing out-of-the-box schemes, OB-IMA is much secure, applicable and flexible. It can measure not only the files involved in kernel space behaviors, but also the configuration files and script files which do not have execution attribute.(3) We propose and achieve Coiob-IMA, a trusted GVDs establishing scheme based on in-and-out-of-the-box monitoring. Coiob-IMA aims to overcome the OB-IMA’s limitation, which prevent OB-IMA from effectively supporting Windows GVDs since the Windows kernel is not fully open-sourced. By coordinating the collection module in the GVD and the measurement module out of the GVD, and combining with real-time and beforehand measure methods, Coiob-IMA can not only measure the integrity of the Windows GVDs, but also solve the problems such as information missing and semantic gap. For this purpose, we define measured zone and its trusted extension, and certain operation sequence, which can be used for protecting the security of beforehand measure method; we propose inter-domain information transmission method, which reduces the impact on the system performance; and we propose a fine-grained registry measure method, which can be used for measuring the Windows configurations.In summary, we propose several schemes to establish the trusted GVDs for multiple virtualized computing platform and GVD OSes, which has practical significance on establishing trusted IaaS and protecting the integrity of applications deployed by the tenants.
|
PDF Full Text Request