| With the development of times, cloud computing lead to access to information technology and service model revolutionary change. It provided high-performance computing resources and large-scale and low-cost share resources, and build a virtual resource environment through virtualization for multi users, in the current widely used in various fields. But because in a cloud environment, the user's data and business processes are stored in the service provider's server group on physical, the user's control efforts for their own data become lower, led to trust problem between users and service providers. Complex cloud infrastructure and cloud environments of huge amounts of data for traditional research programs are very difficult, and traditional research can not solve the internal staff theft and damage to the user's important information. In order to build a reliable cloud security system to address issues such as trust and data security in the cloud environment, the paper proposed and implemented a cloud isolation mechanism which based on trusted computing architecture, binding the mechanisms own of the cloud environment, from various angles like the isolated network infrastructure division, trusted comuputing functions' execution efficiency and invoke methods in a cloud environment, and methods of the entire architecture of secure messaging and other proposed research programs, match isolation trusted mechanisms to resources and different applications of virtual machines in the cloud to complete the cloud environment isolation mechanism. Multilayer packaging made trusted mechanism to provide simple transactional interface trusted management procedures and safety management procedures in the application layer and complete the automation calls the trusted functions. And were analyzed to validate the model and related programs through experiments and processes. Paper has done research for the following:1. In view of the current lack of trust problems in the cloud environment, this paper make the extension from the trusted cloud thinking proposed by the Chinese Academy of Engineering Consulting Project "Trusted Cloud Infrastructure Research", introduced cloud audit server and cloud service validation server based on cloud environment to provide support of trusted functions for the cloud environment, and combined to the security mechanisms own of the cloud environment, according to trusted policies formulation made from the level of resources and applications are isolated division, and gives trusted reports by trusted audit mechanism, to ensure maximum compatibility and controllable to the cloud environment, and protect the trusting relationship between cloud users and cloud service trust provider.2. In order to introduce trusted functions to the cloud environment and do not make a significant impact for the orgin program code execution efficiency, this paper proposed a trusted computing applications invocation pattern based on a multi layers encapsulation of trusted service interfaces, mode of trusted computing application calls a multi-layered package of credible service interface. Through trusted computing bottom-up five-layers encapsulation, build an application-oriented efficient encapsulation system.It standardized application layer to use trustworthy computing capabilities,and implemented the automation of trusted processes and realized transparent trusted computing support for applications.3. In order to ensure the accuracy and efficiency of the message in the transmission process, this paper presents a trusted framework messaging method, the message can be configured through the message policy to achieve the message filtering, encryption and distribution. To ensure that the message body would not be stolen in transit, this paper made effective classified according to the security level of the message transfer efficiency, thus ensured reliable transmission of messages. |
PDF Full Text Request