本文選題：云計算平臺 + 可信計算技術�。� 參考：《中國礦業(yè)大學》2017年碩士論文

【摘要】：隨著計算機技術、網絡技術的不斷發(fā)展,云計算技術得到了廣泛的推廣和發(fā)展,因為云計算環(huán)境的靈活性、開放性以及公眾可用性等特性,給應用安全帶來了很多挑戰(zhàn)。隨著可信計算技術的出現,可信計算在信息安全中使用的越來越多,使用可信計算技術來保障系統和硬件安全的技術也越來越成熟,結合可信計算技術來解決云計算平臺和數據的安全問題成為一個主要的研究方向。本文基于可信計算技術和虛擬化技術,主要從兩個方面對云計算平臺的可信安全機制進行研究。一方面,提出基于可信計算的實時度量安全機制。針對應用程序加載和運行過程中的度量需要,對度量規(guī)則和度量語義進行了定義,借助實時度量模塊,結合安全策略規(guī)則對進程元素進行實時度量,利用虛擬機檢測系統和完整性評估系統,對應用程序的加載狀態(tài)和運行狀態(tài)進行實時監(jiān)控和檢測,偵測進程的狀態(tài)變化,并實時對進程進行完整性評估,有效地保障應用程序的可信傳遞和系統的可信運行。另一方面,提出基于角色的數據隔離訪問安全機制。利用虛擬化技術,云計算平臺對其所儲存的數據進行隔離,使用戶可以基于角色進行隔離訪問。另外,云計算平臺通過對用戶信任證書與信任等級的綜合驗證,及對用戶訪問行為進行實時監(jiān)控,云計算平臺為用戶提供一個更為安全的運行環(huán)境,從而完成對云計算平臺中數據儲存、隔離和訪問的保護。結合可信計算技術和虛擬化技術,保護云計算平臺自身的可信與云計算平臺數據的可信,將會真正實現云計算平臺的可信。本文的研究成果將會為云計算安全的研究提供支撐,也會為基于可信計算的安全技術的研究方向提供借鑒。
[Abstract]:With the continuous development of computer technology and network technology, cloud computing technology has been widely promoted and developed, because of the flexibility, openness and public availability of cloud computing environment, it brings many challenges to application security. With the emergence of trusted computing technology, trusted computing is used more and more in information security, and the technology of using trusted computing technology to protect system and hardware security is becoming more and more mature. Combining trusted computing technology to solve cloud computing platform and data security issues has become a major research direction. Based on trusted computing technology and virtualization technology, this paper mainly studies the trusted security mechanism of cloud computing platform from two aspects. On the one hand, a real-time measurement security mechanism based on trusted computing is proposed. In order to meet the needs of measurement in the process of application loading and running, the measurement rules and the semantics of measurement are defined. With the help of real-time measurement module, the process elements are measured in real time with the combination of security policy rules. The virtual machine detection system and the integrity evaluation system are used to monitor and detect the loading state and running state of the application in real time, to detect the state change of the process, and to evaluate the integrity of the process in real time. It can effectively guarantee the trusted transmission of the application program and the trusted operation of the system. On the other hand, a role-based data isolation access security mechanism is proposed. With virtualization technology, cloud computing platform can isolate the data stored by cloud computing platform, so that users can be isolated access based on their roles. In addition, the cloud computing platform provides a more secure environment for users through the comprehensive verification of user trust certificates and trust levels, and real-time monitoring of user access behavior. In order to complete the cloud computing platform data storage, isolation and access protection. Combining trusted computing technology and virtualization technology to protect the trust of cloud computing platform and the credibility of cloud computing platform data will truly realize the credibility of cloud computing platform. The research results of this paper will provide support for cloud computing security research, but also provide reference for the research direction of trusted computing security technology.
【學位授予單位】：中國礦業(yè)大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP309

【參考文獻】

相關期刊論文 前6條

1 唐乾;楊飛;黃琪;林果園;;基于TCB子集的訪問控制信息安全傳遞模型[J];山東大學學報(理學版);2016年07期

2 林果園;王丹茹;別玉玉;雷敏;;MTBAC:云計算環(huán)境中一種基于互信任的訪問控制模型（英文）[J];中國通信;2014年04期

3 林闖;蘇文博;孟坤;劉渠;劉衛(wèi)東;;云計算安全:架構、機制與模型評價[J];計算機學報;2013年09期

4 別玉玉;林果園;;云計算中基于信任的多域訪問控制策略[J];信息安全與技術;2012年10期

5 陳文智;黃煒;謝鋮;何欽銘;;基于虛擬化平臺的可信任計算基[J];浙江大學學報(工學版);2009年02期

6 侯方勇,周進,王志英,劉真,劉蕓;可信計算研究[J];計算機應用研究;2004年12期

相關博士學位論文 前1條

1 梁元;基于云計算環(huán)境下的可信平臺設計[D];電子科技大學;2013年

相關碩士學位論文 前2條

1 劉曉蘭;云計算平臺中數據安全機制及評估研究[D];北京郵電大學;2013年

2 徐日;可信計算平臺完整性度量機制的研究與應用[D];西安電子科技大學;2009年

，

本文編號：1941860