| Cloud computing is a popular topic, and it has been under research and development in both industrial and academic world. According to the modes of service, cloud computing is classified into three basic types which including IaaS(Infrastructure as a Service), PaaS(Platform as a Service) and SaaS(Software as a Service). This paper focuses on IaaS and the BUPT YUN system is a typical IaaS cloud. It can provide powerful service such as virtual machine, virtual disk and online storage for customers. Nevertheless, from customers’ perspective, as more and more applications are exported to YUN system, the third-party cloud, they will lose direct control of their computation and data and give up the choice of IaaS cloud. And to solve this problem, trusted computing technology is an important way.This paper first analyzes thoroughly the TPM(Trusted Platform Module), TSS(TCG Software Stack) and IMA(Integrity Measurement Architecture), which are pivotal to make up a trusted platform. Then, we design and build the T-YUN system (Trusted YUN system) which integrates those technologies into the YUN system. Compared to the later system, T-YUN has three additional parts such as trusted external party, trusted evidence collection module and remote attestation service module. The first one is used to verify the trustworthiness of physical machines; the following two parts can realize the trusted mechanism of evidence collection and remote attestation. Based on these mechanisms, this paper also implements four processes of the virtual machines’ lifecycle including physical nodes’ registration and boot-up, virtual machines’ launch and migration.At last, the experiments show that this system can not only detect the untrusted program effectively but also retain high efficiency. |
PDF Full Text Request