Research On Key Techniques Of Trustworthy Verification Of Cloud Application Services

With the vigorous promotion of the industry,cloud computing has become a costeffective service and has continued evolutions.Cloud computing has been applied to various traditional areas,such as government,medical,logistics,and so on.Due to the characters of openness,dynamic nature,and shareability,cloud computing brings users benefits but applications based on cloud computing are also facing various malicious attacks from the network.There are also many security holes in the cloud applications and their middlewares.How to effectively ensure the security and credibility of cloud applications is a key issue.It not only requires cloud service provider to satisfy the basic requirements of availability,but also hopes that the behavior of cloud applications is always as expected.Considering the security requirements of application protections in cloud computing from the perspective of cloud users,we combines trusted computing with virtualization technology to leverage integrity measurement and remote attestation in the security of hosted applications in cloud computing environments.Current trustworthy verification systems lacks an effective means to support the integrity verification of dynamicallygenerated code and have an inefficiency on simultaneous concurrent attestation.In this paper,we direct at the trust issues in cloud application systems,aiming to provide runtime measurement,users' policy-driven trustworthy monitor for cloud applications as well as concurrency attestation based on attribute-based encryption.The main research results include:1.Design and implementation of a runtime measurement for cloud applications based on Java virtual machine.Selecting the most mainstream micro-service development,deployment and execution platform,we study the integrity mechanism for the bytecode of Java applications at the runtime.Based on the intrinsic principle of Java virtual machine and the execution characteristics of Java applications,we analyze the shortcomings of existing integrity measurement technologies applied to the Java environment.We proposed a bytecode integrity guarantee technology that supports Java virtual machine relying on OpenJDK and Oracle JDK.The functional security experiments and performance comparison showed the our technology is able to protect Java application from code corruption attacks.Different from the traditional trusted measurement technologies,we combines integrity measurement with the specific application execution to bridge the gap between the loading measurement and runtime trustworthy behaviors,which can ensure cloud applications running as expected.2.Design and implementation of a policy-driven integrity measurement of cloud applications at the lifecycle.Considering the characteristics of cloud application services and their life cycle,the integrity measurement technology of cloud application service life cycle to meet requirements of trusted execution is proposed and we also give further implementations to support dynamic trust.This technology is different from the traditional integrity measurement that considers the trustworthiness of cloud application services in all phases of the life cycle and provides various integrity implication for deployment,loading and execution phase.The technology can more accurately reflect the trusted status of cloud application services and enhance the ability to resist malicious attacks.3.Design and implementation of an efficient concurrent cloud attestation with attributebased encryption.Remote attestation has been proved to boost confidence in clouds to guarantee hosted cloud applications integrity.However,the state-of-the-art attestation schemes do not fit that multiple-requester raise their challenges simultaneously,thereby leading to larger performance overheads on the attester side.To address that,we propose an efficient and trustworthy concurrent attestation architecture under multi-requester scenarios to improve efficiency in the integrity and confidentiality protection aspects to generates an unforgeable and encrypted attestation report.Specifically,we propose two key techniques in this paper.The first one-aggregated attestation signature-reliably protects the attestation content from being compromised even in the presence of adversaries who have full control of the network,therefore successfully providing attestation integrity.The second one-delegation-based controlled report-introduce a third-party service to distribute the attestation report to requesters in order to save computation and communication overload on the attested party.The report is encrypted with an access policy by using attribute-based encryption and accessed by a limited number of qualified requesters,hence supporting attestation confidentiality.The research above is specific to the security requirements of hosted cloud applications,providing a complete measurement and attestation mechanism for cloud application systems.Based on the trusted computing technology,our work can improve the ability of cloud application services to deal with security threats.It also promotes the further use of trustworthy verification technology in the aspect of cloud application security.It has certain theoretical significance and practical value.