Research On Cloud Computing User Data Security Detection Method Based On Trusted Third Party

In recent years,cloud computing has been rapidly developed and popularized,providing society with powerful computing and storage capabilities,but Iaa S cloud users have lost visibility and control over personal data.Users’ needs for high-performance computing services and their concerns about data security are paradoxical.Therefore,it is necessary to carry out detection work on the data security of cloud users to improve users’ trust in the cloud platform.Although researchers have proposed many cloud data protection technologies,some technologies are only at the theoretical stage;most technologies can only protect unilateral data security;and users cannot confirm whether untrusted cloud platforms have actually used corresponding protection technologies.Therefore,in order to let Iaa S users know whether personal data is safe in the cloud,only data security protection technology is not enough.It needs to be solved by means of detection.This article will carry out detection work on the security of cloud user data to improve users’ trust in the cloud platform.Existing cloud security detection research has some shortcomings: performing the detection process on untrusted cloud platform nodes will make the results untrustworthy;changes to the cloud platform architecture and user virtual machines will affect the normal operation of cloud services.Therefore,this paper introduces a trusted third party as the entity to performs the detection.On the one hand,the results generated by TTP are objective and credible,which can convince users;on the other hand,TTP shares the overhead of the cloud platform in detection,and reduces the impact of the detection process on cloud services.Aiming at the above-mentioned security problems,this paper proposes a cloud user data security detection method based on trusted third party.By analyzing the architecture of the Iaa S cloud service model,the threat model of this paper is proposed,and it is clear that the detection objects of this paper are data security when the user virtual machine is static and dynamic.This paper introduces a trusted third party as the entity that implements the detection,and jointly deploys the detection agent on the compute nodes with the cloud service provider.Agent collects the required detection evidence and then transmits it to the trusted third party for analysis,which forms a credible detection architecture.A static storage security detection method for cloud user data is proposed,which detects from the aspects of virtual machine image tampering and illegal access to image files.It can effectively detect the malicious access behavior of guest virtual machines in cloud which described in the threat model of this paper.A data security detection method for the dynamic running of cloud virtual machines is proposed to detect whether the key information of the user’s virtual machine memory is in a safe state and whether the data in the multi-tenant environment is leaked to other tenant’s virtual machines.This paper uses KVM virtualization technology to build a multi-tenant cloud platform as experimental environment,deploys and implements the architecture and methods of this paper,and performs functional and performance tests on it.The experimental results show that the methods of this paper can effectively detect the illegal access of the guest virtual machine and the leakage of user data,and has good performance without affecting the normal operation of the cloud service.The method proposed in this paper has a good application performance.It can be applied to the trusted detection architecture based on TTP to ensure the credibility of the detection process and results.It can effectively detect the problems of cloud user data security which are the integrity and confidentiality of virtual machine images during static storage,and the running state and data leakage of virtual machines during dynamic runtime,proposed in the threat model in this paper.The detection process can minimize the changes to the cloud platform,reduce the overhead on the host system,without affecting the normal operation of cloud services.