Research On Key Technologies Of Building Trusted Virtual Private Datacenter For Cloud Computing

Cloud Computing is a new business model which makes the virtual physical resource into logical resource for different users to sharingand using.Cloud computing have being developed rapidlybecause of the easy for using,rapid elasticity,on-demand self-service,etc.advantages.However,virtualization technology to improve the scale and efficiency of the cloud service,there are some information security challenges waiting for been sovled,such as the tenantsworry about the security issues bcause of losing the control of the physical equipments and infrastructure,or concen about data breach caused bythe malicious behavior by the cloud service administrators and other tenants.The Trusted Computing technology provides a credible guarantee for physical equipments and has been widely used in business.Therefore,Trusted Computing technology is an important solution to construct secure and stable cloud platform.However,the research on trusted computing technology is still in the stage of single virtual machine monitor,and can not be applied to more complex cloud environment.There are some issues should be studied and solved,including how to deal with the multi-tenants and dynamic service model,such as the virtual machine migration and the corresponding changes of the trusted root,as well as establish the virtual resource level cloud data-center depending on the different security policies.In order to solve the problem of isolation,trust and security of a large number of virtual resources in cloud environment,this paper proposed the model of Trusted Virtual Private Datacenter named TVPDc based on the trusted computing technology and research several key technology on construction the TVPDc.Firstly,after analysising the security requirements of cloud computing,we construct the trusted virtual private datacenter architecture and describe the overall framework,key components and management plane.We analyze the isolation mechanism,integrity architecture and user authentication mechanism and resource scheduling design principles.This solution ensures that the tenants trust the cloud services from the level of the cloud product architecture design and the underlying principles,rather than the vendor's management perspective.Second,we describe the TVM(trusted cloud host)architecture and the related vTPM technology.The vTPM is one of the key technologies of this paperin which provides the VM integrity measurement,conduct the trust by establish the root from the underlying hardware and transmit the trusted chain to the tenant'supper application.The TPM(Trusted Platform Module)specification of TCG(Trusted Computing Group)is based on the binary integrity and remote attestation and it can not deal with the highly dynamic issues of cloud computing.We propose an improved property-based measurement and remote attestation scheme to solve the problem.Thirdly,we propose a VM migration protocol based on vTPM.The traditional VM migration mechanism is generally concerned only with the migration effectiveness and performance,rather than the information security.We take advantage of the vTPM architecture,focusing on the mutual authentication of source and destination platforms,and the integrity and confidentiality of virtual machine image files.Finally,the trust and security mechanisms of cloud services are not limited to between phscial platform and the virtual resources within the cloud,as well as the mutual authentication between users and cloud service applications.We propose a Smart Card-Based remote authentication acheme with anonymityto ensure the security and reliability of the authentication process.