Research On Key Security Technologies Of Trusted Cloud Service And Terminal

Cloud computing has become a new mode of information infrastructure service,platform service and application service in mobile Internet era.A large number of application solutions and successful cases have emerged,and achieved unprecedented development.At the same time,various cloud security incidents occur frequently,and the security threats and challenges of cloud computing are becoming increasingly serious,which greatly affects the popularization and application of cloud computing.It is urgent to solve the security problem of cloud computing.This paper is based on the demand of one of the NSTMP(National Science and Technology Major Project,I am the project manager)and the requirements of practical application on cloud computing security,the security problems are mainly concluded in the following three aspects: 1)Cloud computing services lack a credible environmental foundation,and the traditional passive security solutions are difficult to handle the continuous changing security threats in the cloud environments.2)In the cloud computing environment,the combination of cloud and terminal became the normal case.The security of the terminal becomes a new challenge in the cloud environment,especially the security of the mobile terminal.3)How to meet the dynamic security requirements of users in cloud computing environment? The existing security service system is extensive and is realized mainly through a single purchase of a unified configuration,which cannot meet the dynamic and differentiated needs economically and flexibly.In this paper,according to the requirements of Engineering Doctorate,the research and innovation design are made about the major issues of cloud security in practices from the perspective of engineering.The following three aspects are focused.Firstly,an end-to-end trusted cloud security environment is proposed and practiced.Integrating the trusted computing and cloud security related technologies,a secure Paa S cloud architecture is designed,and the trust of all elements including architecture,applications,operations,data access,resource configuration,and security policies is implemented for each node in the Paa S cloud,and the end-to-end security is ensured.Secondly,the security technology of mobile application is also researched in this paper,including mobile application security consolidation,mobile application vulnerability mining and mobile application security policy control.Based on the research,the Mobile Application Security Platform System is constructed,and within it,the anti-reverse,anti-tampering,anti-debugging and dynamic loading for the android mobile application are achieved with mobile application security reinforcement technology.This paper presents and designs the signature verification,DEX protection and dynamic loading and the reinforcement of ART mode of Android application to prevent Android applications from static and dynamic attacks such as reverse compilation,tampering,debugging,and dynamic loading;The method of dynamic and static fusion of reverse data flow tracking is put forward,and which can be used to detect the data leakage risk comprehensively and avoid the vulnerability attack;A special clipboard access control method is proposed in application layer with document transparent encryption technology,resource access control technology and code instrumentation technology,and which implements the effective separation of different data and access control;The real-time encryption and decryption method is realized innovatively for the Android file in the case of group access control,and which can accurately identifies and controls the access of enterprise data and private data;A new framework of RFID authentication protocol is designed to provide anonymity and confidentiality protection for cloud tags,and which can effectively resist the attacks of counterfeiting,Terrorist,Mafia,desynchronization and tracking.Thirdly,the key technology of dynamic security cloud service is deeply researched on the differentiated security service,and the common architecture of differentiated security service is put forward.Finally,the achievements of the technical research have been implemented in a lot of applications such as Yinchuan Smart City,Hunan Provincial e-government Wisdom Cloud,Tianjin Binhai New Area Environment,Suzhou Taicang Wisdom Park etc.This project achieved well and passed the evaluation of the NSTMP,and the results of practice show the industrial feasibility and its advancement of the security cloud solutions based on the trusted cloud architecture.