| With the maturity of cloud computing technology and the growing scale of services,the endless security issues that facing the cloud environment have become the biggest obstacle to the “landing” of cloud services.Nowadays,the requirements of data security for society are gradually increasing.How to build a trusted cloud environment has become a research hotspot in the field of information security.Virtualization technology is one of the core technologies of cloud computing,the secure and trusted startup of virtual machines has a non-negligible importance for building a trusted cloud environment.As the country attaches more and more importance to information security,trusted computing has been upgraded to the height of national strategy,and legally requires credible support for important information systems.Therefore,it is of great significance to use trusted computing technology that with dynamic defense and active immunity to solve the trusted boot of virtual machines in cloud environment.However,the current research scheme which using trusted computing technology to solve the credibility problem of the cloud virtual machine boot process has the inadequacy,that is,the trust relationship from the hardware TPCM chip to the virtual trusted root in the virtualized environment cannot be established.The trusted metrics for the kernel and the basic application load phase of the virtual machine boot process in the cloud environment cannot be resolved.Aiming at the current problems,the main research contents of this paper are as follows:1.Aiming at the security threats faced by the virtual machine startup process in the cloud environment,combined with the trusted computing technology and virtualization technology of active immunization,this paper proposes a trusted startup framework that can actively monitor and control the trusted startup process of virtual machines,and solves the problem of uncontrollable security state of virtual machines in the cloud environment.2.For the current situation that virtual machines in the cloud are difficult to obtain trusted support,by using virtualization technology to configure each virtual machine in the cloud environment with the unique binding virtual trusted root vTPCM as its trusted source,and establishing the trust chain relationship from the underlying physical TPCM to the vTPCM in the cloud environment,the problem of unable to obtain effective trust guarantee in the process of virtual machine startup is solved.3.In view of the fact that the trusted metrics of the kernel loading phase only measure the important process of the kernel during the trusted boot process of the traditional virtual machine.this paper analysis the process that the kernel and basic application load stage of VM,and it proposes a method to measure the integrity of theunderlying image data of virtual machine instead of only measuring some important functions of kernel,which solves the problem of low reliability of virtual machine caused by incomplete measurement of kernel and basic application related load information. |
PDF Full Text Request