Protection Method For IaaS Cloud Trustworthiness Test

As a new compution mode,cloud computing brings convient services,along with new risks to data and application security.Test the trustworthiness of a cloud platform and provide fair,just and transparent selection basis for users have become an important way to enhance confidence.Among them,as the foundation of upper Paa S and Saa S,the trustworthiness of Iaa S cloud plays a crucial role.However,the Iaa S cloud is composed of many hardware and software components.The structure and interation processes among it are complicated.With the development of computer technology and improvenet of attacks,the Iaa S cloud faces huge security threats too.Therefore,it is necessary to research the Iaa S cloud trustworthiness test specifically,and lay a foundation for cloud evaluation.The research is carried out on a TPV(Third Party Verifier)based Iaa S cloud trustworthiness test framework,in which test data shoulder the important tasks of proving the credibility states of cloud components.These data have high value,and are easy to be the targets of malicious attacks.By tampering and destroying the test data,attacks can achieve the goal of hiding attack traces and evading detection.Besides,many test data contains some sensitive information of the cloud platform more or less.By intercepting them,attackers can find the weak links among the cloud security mechanisms to prepare for the next step of launching a targeted attack.In order to solve the security issues,this paper studies the protection method for Iaa S cloud trustworthiness test,and designs a security-enhanced framework.It includes three aspects:(1)At the beginning of the test,agents deployed on Iaa S nodes could be tampered or corrupted.The test data might be incorrect,affecting the correctness of TPV analysis results.In order to solve this issue,an agent protection mechanism(APM)is proposed.Combined with the opeation characteristics of Iaa S cloud,the design goals of APM are given.A kernel protection module is designed to host integrity and commands verification components for an agent.A trustworthiness state report is generated to assist TPV judgement.An inquire-based APM validity verification method is designed to identity failure APM nodes.The effectiveness of APM relies on the memorty lock mechanisms formed in modern x86 processer architecture.It requires neither restart Iaa S nodes nor the support of additional hardware or software components.(2)During the test,test data could be abused by a corrupted TPV,causing privacy leakage problems.In order to solve this issue,this paper proposes a trustworthiness analysis method for cloud components(CCo)based on a state consistency feature.According to the structural characteristics shown in the deployment and operation of Iaa S CCo,a trustworthiness analysis method for ideal case under a strong hypothesis is given.Then in the process of weakening the hypothesis,two improvements are made for semi-ideal and general cases respectively.The analysis method for general CCo is composed of five algorithms: Split TD,Organized TD,Mask TD,Gen Clus I and Verify Fe II.The first three algorithms are performed on Iaa S cloud nodes separately to convert orginal test data(TDs)to masked forms(MTDs).In this way,the TDs that are possibly carrying sensitive information stay only on their source nodes without going anywhere.By reducing the attack surface of TDs,the privacy leakage risks are minimized.The latter two algorithms are performed on TPV.Operations are executed on the MTDs to verify whether the structural feature is satisfied so as to judge the trustworthiness of CCo.If the CCo is compromised,abnormal sub-components and files will be located accurately.At the cost of introducing additional computation to both the Iaa S cloud and the TPV,this method can prevent disclosure of sensitive information and enhance privacy protection in trustworthiness testing process.(3)After the test,the evaluation results and related test data are used as trustworthiness proof data of Iaa S cloud.This type of data have the demands of strong integrity,fast responses to concurrent requents and controllability to users,which are unable to meet by existing data secure storage schemes simultaneously.In order to solve the issue,this paper proposes a blockchain based data secure storage method.Take the Virtual Machine(VM)measurements as an example to illustrate.A two-layer blockchain network is introduced here.According to two correspondences: VM-VM owner-Iaa S node,and data package-encrypted policy,the validity of data packages are verified in the first layer.The POW tasks are performed in the second layer to generate tamper-resistant metadata and construct the Mchain.By separating the computation intensive POW work to the second layer,the problems of high data confirm latency and low storage throughput are solved.The Mchain is constructed based on the blockchain technology and stored on the Iaa S cloud.With the inhenrence of multi-copy storage feature of the blockcahin,it can distribute massive requests to multiple Iaa S nodes,meeting the demand of concurrency.In addition,this paper introduces a KP-ABE based encryption.It allows VM owners to define and modify data access control policies at any time to restrict their disclosure scope.In this way,only authorized users can access the Mchain dasta,while the unauthorized will be rejected.In general,through the cooperation of one mechanism and two methods,we give targeted solutions for the security issues faced by test data in three links: generation,analysis and storage.The goal of protecting the security of trustworthiness testing process is achieved well.Therefore,this work has certain theoretical and practical significance for the development of cloud trustworthiness test.