Research Of Virtual Environment Security In Cloud Computing

The Cloud Computing has led a revolution in information capturing technology and servicemode, which supplies users with high-powered computing resource and large-scale low-costshared resources based on Internet. The security problem of Cloud Computing becomes moreand more important and attracts attentions from the industry as the widely and in-depthapplication of Cloud Computing. In Cloud Computing, the possession of controlling hostcomputer platform is taken from users themselves by the Cloud Computing provider, the userslost their dominate in physical, as the multi-tenancy in Cloud platform, the privacy and securityof information on the platform have became the most attention problem for users.Trusted computing is a key technology to solve the trusting problem of remote platform,which faces resource-constrained, measurement mechanisms rigidities in actual application. Thethesis studies on the key technology of trusted platform based on trusted computing andvirtualization, aiming at the multi-tenancy and virtualization of cloud computing. The details andinnovation are as follows:(1) Design a tree-like chain model for trusted virtual machine (TCTVM), using the methodof software TPM and design a user-oriented virtual TPM (μTPM) by the virtualizationtechnology. μTPM is a critical mass of user-specific virtual TPM security policy, trustedcomputing services to provide enhanced virtual machine for each user;(2) Design the basic structure of μTPM, User Security strategy, and implement the trusteduser-oriented virtual machine (UTVM) under the Xen environment, on which the user canimplement its special security measures by μTPM, such as loading special drivers, measuring theproprietary of critical software, etc;(3) In order to protect the critical software, design a software guard model based on path,which can measure the integrity of critical software dynamically. In addition to protect thesoftware’ integrity, the model can prevent software reverse engineering attacks and bypass attackfrom attacking the guards.(4) A path-based software guard prototype systems is designed and implemented in a virtualmachine based on μTPM, the feasibility of the model is verified by experiments.