本文關(guān)鍵詞：云環(huán)境下計(jì)算資源的可信隔離關(guān)鍵技術(shù)研究　出處：《北京工業(yè)大學(xué)》2016年碩士論文　論文類(lèi)型：學(xué)位論文

  更多相關(guān)文章： 可信計(jì)算 可信隔離 可信度量 可信審計(jì) 云計(jì)算

【摘要】：隨著時(shí)代的發(fā)展,云計(jì)算引起信息技術(shù)的獲取與服務(wù)模式發(fā)生革命性變革,它提供高性能計(jì)算資源服務(wù)和大規(guī)模的廉價(jià)共享資源,通過(guò)虛擬化技術(shù)為眾多用戶(hù)構(gòu)建虛擬資源環(huán)境,在當(dāng)前各個(gè)領(lǐng)域得到廣泛應(yīng)用。但是因?yàn)樵谠骗h(huán)境中,用戶(hù)的數(shù)據(jù)以及業(yè)務(wù)流程在物理邏輯上都托管存放于服務(wù)商的服務(wù)器組上,用戶(hù)對(duì)自身數(shù)據(jù)的掌控力度較低,由此引發(fā)了用戶(hù)和服務(wù)商之間的信任問(wèn)題。傳統(tǒng)的研究方案面臨復(fù)雜的云環(huán)境架構(gòu)以及云環(huán)境中的海量數(shù)據(jù)很吃力,而且無(wú)法解決內(nèi)部人員對(duì)用戶(hù)重要信息的竊取和破壞。為了構(gòu)建一個(gè)可靠的云環(huán)境安全體系,解決云環(huán)境的信任和數(shù)據(jù)安全等問(wèn)題,提出并實(shí)現(xiàn)一種基于可信計(jì)算架構(gòu)的云環(huán)境隔離機(jī)制,結(jié)合云環(huán)境自身機(jī)制,從隔離的網(wǎng)絡(luò)架構(gòu)劃分、可信功能在云環(huán)境中的執(zhí)行效率和調(diào)用方法以及整個(gè)架構(gòu)中安全消息傳遞的方法等多個(gè)角度提出研究方案,對(duì)云環(huán)境中虛擬機(jī)所使用的資源和虛擬機(jī)本身應(yīng)用環(huán)境匹配不同的可信策略完成對(duì)云環(huán)境的隔離機(jī)制。提出多層可信封裝機(jī)制為應(yīng)用層的可信管理程序和安全管理程序提供簡(jiǎn)單事務(wù)型接口并完成可信功能的自動(dòng)化調(diào)用。并分別通過(guò)實(shí)驗(yàn)和流程分析驗(yàn)證相關(guān)模型和方案的有效性。主要針對(duì)以下方面做了研究:1.針對(duì)目前在云環(huán)境中信任的缺乏問(wèn)題,從中國(guó)工程院咨詢(xún)項(xiàng)目《云可信架構(gòu)研究》提出的可信云思想做出擴(kuò)展,在云環(huán)境基礎(chǔ)上引入云安全審計(jì)服務(wù)器和云服務(wù)驗(yàn)證環(huán)境服務(wù)器來(lái)為云環(huán)境提供可信方面的支持,并與云環(huán)境自身的安全機(jī)制結(jié)合,根據(jù)制定的可信策略從資源和應(yīng)用層面分別做出隔離劃分,并通過(guò)可信審計(jì)機(jī)制給出可信報(bào)告,最大程度保證了對(duì)云環(huán)境的兼容和可控,并保障了云用戶(hù)和云服務(wù)商的信任關(guān)系。2.為了引入可信功能而且對(duì)云環(huán)境本身的程序代碼執(zhí)行效率不產(chǎn)生明顯影響,提出了一種多層封裝的可信服務(wù)接口的可信計(jì)算應(yīng)用調(diào)用模式。通過(guò)對(duì)可信計(jì)算中自底向上的五層封裝,構(gòu)建了一個(gè)面向應(yīng)用的可信服務(wù)接口的可信計(jì)算應(yīng)用調(diào)用模式,規(guī)范了應(yīng)用層對(duì)可信計(jì)算功能的使用方式,并實(shí)現(xiàn)了可信計(jì)算功能對(duì)應(yīng)用層的透明支持以及自動(dòng)化觸發(fā)。3.為了保證消息在傳遞過(guò)程中的準(zhǔn)確性和效率,本文提出一種可信架構(gòu)的消息傳遞方法,可以通過(guò)消息策略的配置來(lái)實(shí)現(xiàn)對(duì)消息的篩選、分發(fā)和加密。保證消息本體不會(huì)在傳輸途中遭到盜取,并根據(jù)安全級(jí)別對(duì)消息的傳遞效率做了有效分類(lèi),從而保證了消息的可靠傳輸。
[Abstract]:With the development of the times, cloud computing has revolutionized the acquisition and service mode of information technology. It provides high-performance computing resources services and large-scale low-cost shared resources. Using virtualization technology to build virtual resource environment for many users has been widely used in various fields, but in the cloud environment. The user's data and business process are hosted in the server group of the service provider in the physical logic, and the user's control of their own data is low. This leads to the trust problem between users and service providers. Traditional research solutions face complex cloud environment architecture and massive data in the cloud environment is very difficult. In order to build a reliable cloud environment security system and solve the cloud environment trust and data security and other problems. A cloud environment isolation mechanism based on trusted computing architecture is proposed and implemented. The execution efficiency of trusted function in the cloud environment and the method of invoking the method, as well as the method of secure messaging in the whole architecture, etc., are proposed in this paper. The isolation mechanism of cloud environment is implemented by matching different trusted strategies between the resources used by virtual machines in cloud environment and the virtual machine itself. A multi-layer trusted encapsulation mechanism is proposed as a trust manager and security management in application layer. The program provides simple transactional interface and accomplishes the automatic call of trusted function. The validity of related models and schemes is verified by experiment and flow analysis respectively. The following aspects are mainly studied:. 1. Address the current lack of trust in the cloud environment. From the Chinese Academy of Engineering consulting project "cloud trusted architecture research" proposed by the trusted cloud ideas to expand. The cloud security audit server and the cloud service authentication environment server are introduced on the basis of the cloud environment to provide trusted support for the cloud environment and combine with the security mechanism of the cloud environment itself. According to the established trusted strategy, the resources and the application level are separated, and the trusted report is given through the trusted audit mechanism, which ensures the compatibility and controllability of the cloud environment to the greatest extent. The trust relationship between cloud users and cloud service providers is guaranteed. 2. In order to introduce trusted function, it has no obvious effect on the efficiency of program code execution in cloud environment itself. In this paper, a trusted computing application invocation mode based on multi-layer encapsulated trusted service interface is proposed, which is based on the bottom-up five-layer encapsulation of trusted computing. In this paper, a trusted computing application call mode for application trusted service interface is constructed, and the application layer's usage mode of trusted computing function is standardized. In order to ensure the accuracy and efficiency of message delivery, a trusted architecture message passing method is proposed in this paper. Message policy can be configured to filter, distribute and encrypt messages, to ensure that message ontology will not be stolen on the way of transmission, and to effectively classify the transmission efficiency of messages according to the security level. This ensures the reliable transmission of messages.
【學(xué)位授予單位】：北京工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP309
，

本文編號(hào)：1390398