Research On The Key Technology Of Trust Root Based On Cloud Platform

Cloud computing is another new business model after the parallel computing, grid computing and distributed computing.It exhibits five essential characteristics such as rapid elasticity, resource pooling, on-demand self-service, broad network access, measured service. These characteristics determine that cloud computing is expanding rapidly with unknown speed. Along with more and more enterprises throw themselves into the research of cloud computing, data can be found through the Internet at anytime and anywhere. Cloud security has been a challenging problem.The trusted computing platform brings effective scheme for cloud server. Trusted computing platform boots itself from the hardware to the operating system until to the application, which can ensure the cloud server’s safety from the "root". However, upon closer research, we find that the vTPM architecture has some limitations, such like that vTPM cannot be shared, and some secret key cannot be migrated, and TPM’s computing ability is limited etc. So we propose a solution called trusted root server.The trusted root server solution is characterized by separating the virtual trusted root module from the vTPM architecture, and concentrating them into one separate machine, which is called the trusted root server. Trusted root server is embedded a physical trusted root and virtualizes the physical trusted root to provide trusted function for the virtual machine. The virtual trusted root suits the trusted root specification, and provides the same functionality and interface as physical trusted root. So, From the perspective of the virtual machine, virtual trusted root is the right trust root. The major new ideas of this thesis contain as below:Firstly, we deeply study vTPM architecture, and put forward the concept of trusted root server and the main architecture of trusted cloud computing.Secondly, we design the details of the main architecture of trusted cloud computing, including trusted root server, cloud servers and the communication mechanism between them. The trusted root server provides the interface of platform integrity measurement, storage, report, platform verification and information security guarantee to the cloud server. The cloud server enables the message delivered between Domain U and Domain 0, and finally transferred to the trusted root server securely. The reliable communication mechanism between the trusted root servers and cloud server, ensures the message’s confidentiality, integrity and non-repudiation. Then, we observe vPCR values in the trusted boot process of VM and conclude that the trusted root server correctly measures the cloud server.Finally, we draw a conclusion from the research, and present the existing flaws, and make a plan about deeper work.