Design And Implementation Of Virtual Root Of Trust In Cloud Environment

Nowadays,with the rapid development of cloud computing technology,more and more people are beginning to use cloud computing to facilitate their lives.The security problems that arose after them are also emerging.When people continue to rely on their applications and businesses on the cloud,they also expose a broader attack surface.While the characteristics of cloud computing facilitate the tenants,it also makes it a focus of hackers.Denial of service for cloud computing,data leakage,virtual machine escapes,migration attacks,and others are threatening the security of cloud environments.The combination of trusted computing technology and cloud computing technology has made Trust Cloud an increasingly important tool for solving cloud security problems.However,there are still some problems in the trusted origin of the trusted cloud-virtual trustworthy root: the internal structure is inconvenient to modify and expand.Since it has just entered the trusted 3.0 era,the existing virtual trusted root only supports the TPM and does not support the TPCM.No active defense can be achieved;the cryptographic algorithm used complies with foreign standards and can not be autonomously controlled at home.In order to solve the above problems,the dissertation studies the existing virtual trust roots,analyzes the insufficiency of itself or responds to the cloud environment,and then proposes a brand-new virtual root plan design and implementation.The scheme reconstructs the root of trust in a modular structure,and each module coordinates and cooperates with a unified internal message format to provide secure and reliable computing support for the cloud environment.The reconfigurable virtual root of trust based on this scheme has the following features.First,for the disadvantage that the existing trust root is inconvenient to expand,the root of trust proposed in the paper adopts a modular structure.This kind of structure abstracts the functions of each part of the root of the trust,and the modules remain loosely coupled and independent,thus achieving multiple heterogeneity and being able to simulate different architectures.Second,an active control module has been added.Through collaboration with the upper-level trusted software base,the monitoring is triggered when the system state or behavior changes,the credibility measurement is performed,and the trusted report is provided in real-time according to the measurement result to achieve the effect of active defense and provide a more complete system.Defense support.Thirdly,for cryptographic algorithm problems,cryptographic algorithms involved in the root of trust are all subject to national standards for autonomous and controllable purposes.Finally,a virtual trusted root test environment was deployed in a virtual environment to test each functional module to verify its effectiveness and reliability.