Research On Key Issues In Cloud Computing Security Based On Trusted Computing

Cloud computing is a new computing service pattern. It is rapidly developing inindustries for its advantages such as convenience, economy, high extensibility, and etc.Customers can outsource their computations and data to cloud providers. It greatly cuts downcustomers’ cost on computations and storages. However, it also means the customers get outof control of their computations and data. So cloud computing security is a vital problem thatwill affect its development. In this thesis, we proposed a secure, efficient and multipurposetrusted cloud computing platform (TCCP) based on trusted computing base (TCB) from theviewpoint of cloud infrastructure security. For this purpose, we combined trusted computingtechnologies with virtual machine technologies. We researched on the TCCP from4aspects.They were security architecture, integrity measurement and protection, remote attestation, andunified identity authentication to customers. The main contributions of this thesis are listed asfollows.1. By rounded analyses of the methods of integrity measurement and protection, weclearly presented a thought that it should be based on security policies to achieve a dynamicintegrity protection, which provided an important idea for the current situation unable toensure the dynamic integrity of a system depending on dynamic integrity measurements.Hence, we proposed an intransitive noninterference trusted model. And then, based on it, weproposed a dynamic integrity protection model named BIBA-BLP mandatory access controlmodel to enforce information flow control between components on the TCCP. Based on theBIBA-BLP model, we proposed a suit of integrity protection frameworks used for the staticand dynamic integrity protection, referring to the method of constructing trusted chains inPRIMA. They ensured the integrity of the TCCP at boot time and runtime. For the staticintegrity protection framework, we separately proposed two trusted boot frameworks based onTrustedGRUB and TBoot (Trusted Boot), adopting SRTM and DRTM technologies underexisting hardware and software environments. They were used to do the extensions of staticand dynamic trusted chains for the privileged domain Dom0. In succession, we constructed atrusted chain for the user domain DomU. And then, for the dynamic integrity protectionframework, we implemented it mainly from3security demands of the trusted channel in it according to trusted decision conditions, including the integrity protection of components inthe trusted channel, the access control between domains, and the security storage and accessto sensitive data in domains. As for the first, we implemented it by monitoring PTEs (PageTable Entities), which ensured the dynamic integrity of insecure components in the channel.As for the second, we implemented it by adopting the multilevel security policies ofBIBA-BLP model to enforce the information flow control, which ensured the efficientseparation from domains each other. And as for the third, we implemented it by adopting anovel authorization protocol called OOAP protocol proposed in this thesis, which ensured thelegal access to all protected objects and avoided the known security leak in existingauthorization protocols. The above3implementations satisfied the trusted decision conditionsof the intransitive noninterference trusted model, and ensure the TCCP be trusted at runtime.2. Based on trusted computing technologies and a property-based signature mechanism,we proposed an elegant, secure, efficient and anonymous remote attestation protocol toTCCPs, namely, the RAA-CCP protocol. There was a need for neither bilinear parings norproperty certificates nor AIK certificates in the protocol, which greatly simplified thecertificate managements. It concurrently achieved the identity attestation and integrity stateattestation to computing nodes. Analyses and experiments show the protocol satisfies theproperties of non-forgeability, anonymity of platform identity, protection of configurationprivacy and resistance to collusion, and has fine performance even under the strong security.It well satisfies the security and performance demands of remote attestation in cloudsurroundings. Then, based on it, we proposed a protocol of remote attestation to user domainsand a vTPM migration protocol. The remote attestation protocol attested to the physical noderunning it as well as the user domain itself. And the vTPM migration protocol required thedestination platform to at least satisfy the same security properties as ones of the sourceplatform, and then allowed the vTPM instance to be migrated by encryption. This ensured thesecurity of the migration process and the destination platform.3. Based on the PGP trust model and the RAA-CCP protocol, we proposed an elegant,secure and scalable scheme for unified identity authentications to cloud users. The scheme iscapable to provide a strong identity authentication for all cloud services and easily achieveSingle Sign-On (SSO) by the form of a middleware. In the scheme, user managements were combined with public-key managements through the PGP model, which was very flexible forthe increase of cloud users and avoided the exhaustive certificate managements in traditionalPKI. And based on the RAA-CCP protocol, the scheme implemented an allianceauthentication without centers, which made a cross-domain authentication no longer process across-certification between CAs, and avoided massive computations when building certificatepaths and verifying the validity of certificate chains. And so it greatly raised the efficiency ofalliance authentications. Analyses show the scheme satisfies the properties of easiness,security, and universality. In addition, the scheme will be more efficient if the data inpublic-key rings keep synchronal, and at this time, the balance of loads on authenticationservers will be automatically achieved. The scheme well satisfies the demands of identityauthentications in cloud surroundings.In short, we set up truly trusted cloud computing surroundings through combiningtrusted computing technologies with virtual machine technologies to build TCCPs, whichensures that cloud users are indeed able to enjoy the cloud computing. The achievements inthis thesis not only promote the researches on cloud computing security, but also provide areference for the work based on trusted computing.