Research On Key Techniques Of Trusted Protection For Virtual Environment In The Cloud Computing

Due to the rapid development of current hardware and software technologies and the Internet,cloud computing has become the most influential information infrastructure,and has been widely used in various fields of both social production and daily life.Cloud computing facilitates its consumers with a flexible and efficient virtualized storage and computing environment,by consolidating and virtualizing various hardware resources.However,there are still some difficulties for the customers to adopt the virtualized environment in cloud computing,in which many security threats from different levels exist.Meanwhile,the emerging of new attack methods and the widening attack surface caused by virtualization have further increased the difficulty in protecting the security of the virtualized environment.How to build a secure and trusted virtualized environment in cloud computing as well as alleviate users' concerns about cloud computing security issues have become one of those most important issues to be addressed in the further studies in terms of cloud computing technology.This paper mainly focuses on the security issues regarding the virtualized environment in cloud computing.By analyzing the security risks and user security requirements,we propose a method based on the integration of trusted computing and virtualization technology to build a trusted virtualized environment in cloud computing.In the existing researches,there are defects including the poor flexibility and inefficiency of the trusted verification mechanism,the limited security requirements of users and the unreliable security monitoring of virtual machines(VMs).This paper conducts research from three aspects: dynamically trusted verification of virtual machine environment,user-controlled security monitoring of VM and reliability enhancement of security monitoring.Following results are achieved in the current study:1.We propose a flexible and reliable trusted verification technology for VMs in the cloud.Aiming at the security threats faced by VMs in cloud computing environment,this paper proposes a dynamically trusted measurement and remote attestation scheme based on the security and integrity requirements of VMs and the characteristics of virtualized environments.The approach leverages virtual machine introspection(VMI)technology to achieve fine-grained integrity measurement outside,which can flexibly meet various trusted verification requirements of users.The proposed approach can also provide an effective mitigation mechanism for users in case of security breaches.Furthermore,considering the shortcomings of traditional verification mechanism in cloud environment,this scheme also designs and implements an efficient and reliable verification mechanism based on the hash-based signature technology,which improves the practicability and reliability of this scheme in protecting user VMs in practical applications.2.We propose a user-controllable security monitoring technology for VMs in the cloud.The existing protection approaches for user VMs are not feasible to support tenants to customize individual security services based on their security requirements flexibly.To meet various user security requirements in practice,we propose a user-controllable framework for monitoring VMs in the cloud for security analysis in this paper.By extending the VMI technology,the proposed framework enables the users to monitor the security status of the remote VMs in a reliable manner,thereby the users' trustworthiness on the VM security is further improved.Moreover,the security analysis and the security monitoring of the VM can be well separated by the framework,which allows the users to customize the personalized security function autonomously.The proposed framework enhances effectiveness of monitoring by taking advantages of architectural characteristics of cloud environment,thereby achieving efficient and reliable capabilities of security and credible assurance.3.We propose a technology for strengthening the reliability of introspection.As a safe and reliable VM monitoring technology,VMI can provide strong technical supports for the security and trusted protection of virtualized environments.However,the semantic gap in the VMI technology affects its reliability greatly in the application.By studying the existing solutions applied to solve the semantic gap in VMI technology,and analyzing the defects and shortcomings of these solutions in solving the security problems of VMs in the cloud environment,a hardware-assisted technology for strengthening VMI technology is proposed.The technology dynamically tracks the behavior characteristics in the VM through the support of hardware assisted virtualization.By further utilizing supervised machine learning methods,the evasive or aggressive behavior against VMI is accurately identified.In this case,the error of semantic interpretation in the VMI can be avoided,and the reliability of the VMI technology in supporting trusted protection is effectively enhanced.The above researches aim at the security requirements of virtualized environments in cloud computing,and propose trusted protection solutions from three different aspects:cloud service providers,virtual machine users,and security support technologies.Our work provides a relatively complete mechanism for the virtualized environment in cloud computing to deal with various security threats.