Research Of Trusted Cloud Architecture And The Key Technologies

Cloud computing provides compatible and highly reliable computing resources to share,such as network,server,storage and application.It is very convenient to access resources via network according to personal needs.These resources can be managed and released immediately,hardly need the management from users or the helps from providers.The cloud computing system is in fast development and has been widely used in every field.Due to the fact that the cloud computing has been virtualized and the fundamental facilities and the usage are separated,there is gradual attention to the security issue while the users are enjoying the convenience of this technology.It has always been a hot topic about the security of cloud computing system,which has severely affected its development and application.There are four categories of current research on the cloud computing security.First,the reasearch of VMM security.Second,the application of current technology into cloud.Third,the classification of different roles in cloud and allocation of different strategies accordingly.Fourth,the application of new technologies,such as the trusted computing technology,to strengthen the security of cloud.These three categories can somehow solve security issues in cloud system to some extent,however,problems still exist.From the point of systematical structure,we propose the trusted cloud structure,which is based on the trusted computing theory and research technology.We focus on the study of the key technologies to reinforce the security in cloud computing system.Currently,the trusted computing system and its application has become a hot research field.The trusted computing provides basic warrant for supportive platform of security application in trusted remote attestation,trusted measurement and trusted storage.Based on the framework of information security certainty,this paper provides an idea of the application of trusted computing technology into cloud computing.A three-protective model is raised for the security of cloud computing system.From the characteristic of cloud computing system,we are trying to build a structure of the trusted cloud system and studying the key technologies from trusted computing environment,trusted network and intensive authorization of security management center.Followings are some detailed aspects where endeavors have been made in research and creativity.(1)Based on the idea of controlling origin,we did integrity measurement and trusted remote attestation for the basic computing environment of the cloud computing system.Furthermore,we proposed Trusted Virtual Machine Integrity Monitor(TVMIM)mechanism based on the guidance of cloud computing network boot.TVMIM is using security structure called hybrid mode and can realize trusted measurement module within inner core of operational system of cloud computing joint,and the security verification module was realized in network storage system.Through the interaction of trusted measurement module and security verification module,the trusted verification and controlling of codes which the cloud computing boot requires can be completed,thus the trusted computing environment can be established.(2)The administration of virtual resources is another important element of the cloud computing system,for the management of virtual resources,a trusted dynamic administration method for virtual resource is proposed.Through technologies such as in-situ monitoring,trusted verification,a trusted administration of the virtual resources in the cloud computing system and the normal operational condition of the system security can be guaranteed.(3)The introduction of the trusted dynamic boundary between the cloud system service and the users,it can greatly simplify the systematical boundary.This system incorporates the complicated and uncontrollable multi-boundaries into one boundary.The security of the system can be warranted by controlling technology of the security dynamic boundary.(4)The core of the trusted cloud system is the management platform for intensive authorization,which is in charge of the security strategy and resources of the whole system.Due to the characteristics of the cloud system,the amount of the strategy in the security management platform is huge.For this matter,the duplicated model of the trusted cloud security management platform is proposed based on LDAP.The group of security management platform of the trusted cloud was built up by LDAP,and the duplicated strategy of the strategy management was discussed.We are aiming at the security strategies being issued in a fast and security way.