可信云平台技术综述

doi:10.11959/j.issn.1000-436x.2019035

摘要/Abstract

摘要：

云计算安全需求使信息安全技术面临更严峻的挑战，云平台自身的可信性是保证云计算安全的基础，提高用户对云平台的信任度是云计算技术向更深层次领域发展、全面普及和应用的关键。可信云计算技术是解决上述问题的一个有效手段。从保障云计算平台可信的角度出发，通过介绍可信虚拟化、可信云平台构建及可信虚拟机等相关技术的研究进展，分析并对比了典型方案的特点、适用范围及其在可信云计算领域的不同效用，讨论已有工作的局限性，进而指出未来发展趋势和后续研究方向。

关键词: 云计算, 可信计算, 可信虚拟化, 可信云平台, 可信虚拟机

Abstract:

Information security technology confronts severe challenges because of the safety demands of cloud computing.The trustworthiness and self-safety of cloud computing platform are the foundation of cloud computing security.The confidence of cloud users is the key issue the deep development and popularization for cloud computing.The trusted cloud computing technology provides a feasible solution.From the standpoint of guaranteeing the trustworthiness of cloud computing platform,related research progresses on trusted virtualization,construction of trusted cloud platform and trusted virtual machine were introduced.Additionally,the characteristics,application scopes and effectiveness of typical schemes were analyzed and compared.Finally,current limitations and possible directions for future research were discussed.

Key words: cloud computing, trusted computing, trusted virtualization, trusted cloud platform, trusted virtual machine

中图分类号:

TP309

何欣枫,田俊峰,刘凡鸣. 可信云平台技术综述[J]. 通信学报, 2019, 40(2): 154-163.

Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology[J]. Journal on Communications, 2019, 40(2): 154-163.

图/表 6

图1

表1

图2

表2

图3

图4

参考文献 66

[1]	林闯, 苏文博, 孟坤 ,等. 云计算安全:架构、机制与模型评价[J]. 计算机学报, 2013,36(9): 1765-1784.
	LIN C , SU W B , MENG K ,et al. Cloud computing security:architecture,mechanism and modeling[J]. Chinese Journal of Computers, 2013,36(9): 1765-1784.
[2]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[3]	ALANI M M . Securing the cloud:threats,attacks and mitigation techniques[J]. Journal of Advanced Computer Science ＆ Technology, 2014,3(2):202.
[4]	张玉清, 王晓菲, 刘雪峰 ,等. 云计算环境安全综述[J]. 软件学报, 2016,27(6): 1328-1348.
	ZHANG Y Q , WANG X F , LIU X F ,et al. Survey on cloud computing security[J]. Journal of Software, 2016,27(6): 1328-1348.
[5]	沈昌祥 . 用可信计算构筑云计算安全[J]. 中国经贸导刊, 2017,(16): 56-57.
	SHENG C X . Constructing cloud security with trusted compu-ting[J]. China Economic ＆ Trade Herald, 2017(16): 56-57.
[6]	丁滟, 王怀民, 史佩昌 ,等. 可信云服务[J]. 计算机学报, 2015,38(1): 133-149.
	DING Y , WANG H M , SHI P C ,et al. Trusted cloud service[J]. Chi-nese Journal of Computers, 2015,38(1): 133-149.
[7]	BERGER S , CERES R , GOLDMAN K A ,et al. vTPM:virtualizing the trusted platform module[C]// Conference on Usenix Security Symposium. USENIX Association, 2006:21.
[8]	STEFAN B , RAMóN C , KENNETH A G ,et al. vTPM:virtualizing the trusted platform module[J]. Usenix Security, 2007,15: 305-320.
[9]	BERGER S , GOLDMAN K , PENDARAKIS D ,et al. Scalable attestation:a step toward secure and trusted clouds[C]// IEEE International Conference on Cloud Engineering. IEEE, 2015: 185-194.
[10]	沈昌祥, 张焕国, 王怀民 ,等. 可信计算的研究与发展[J]. 中国科学:信息科学, 2010(2): 139-166.
	SHEN C X , ZHANG H G , WANG H M ,et al. The research ＆ devel-opment of trusted computing[J]. Science China Information Sciences, 2010(2): 139-166.
[11]	王冠, 袁华浩 . 基于可信根服务器的虚拟 TCM 密钥管理功能研究[J]. 信息网络安全, 2016(4): 17-22.
	WANG G , YUAN H H . Research of virtual trusted cryptography mod-ule’s secret key management based on the trusted root server[J]. Netinfo Security, 2016(4): 17-22.
[12]	张建标, 赵子枭, 胡俊 ,等. 云环境下可重构虚拟可信根的设计框架[J]. 信息网络安全, 2018(1): 1-8.
	ZHANG J B , ZHAO Z X , HU J ,et al. The design framework of re-configurable virtual root of trust in cloud environment[J]. Netinfo Se-curity, 2018(1): 1-8.
[13]	杨永娇, 严飞, 毛军鹏 ,等. Ng-vTPM:新一代TPM虚拟化框架设计[J]. 武汉大学学报(理学版), 2015,61(2): 103-111.
	YANG Y J , YAN F , MAO J P ,et al. Ng-vTPM:a next generation vir-tualized TPM architecture[J]. Journal of Wuhan University(Natural Science Edition), 2015,61(2): 103-111.
[14]	沈昌祥, 公备 . 基于国产密码体系的可信计算体系框架[J]. 密码学报, 2015(5): 381-389.
	SHEN C X , GONG B . The innovation of trusted computing based on the domestic cryptography[J]. Journal of Cryptologic Research, 2015(5): 381-389.
[15]	黄坚会, 沈昌祥, 谢文录 . TPCM三阶三路安全可信平台防护架构[J]. 武汉大学学报(理学版), 2018(2): 109-114.
	HUANG J H , SHEN C X , XIE W L . The TPCM 3P3C defense architecture of safety and trusted platform[J]. Journal of Wuhan University(Natural Science Edition), 2018(2): 109-114.
[16]	GARFINKEL T , PFAFF B , CHOW J ,et al. Terra:a virtual machine-based platform for trusted computing[C]// ACM Symposium on Operating Systems Principles. 2003: 193-206.
[17]	SCHUSTER F , COSTA M , FOURNET C ,et al. VC3:trustworthy data analytics in the cloud using SGX[C]// IEEE Symposium on Security and Privacy. 2015: 38-54.
[18]	JAIN P , DESAI S , KIM S ,et al. OpenSGX:an open platform for SGX research[C]// The Network and Distributed System Security Symposium. 2016.
[19]	杨波, 冯登国, 秦宇 ,等. 基于 TrustZone 的可信移动终端云服务安全接入方案[J]. 软件学报, 2016,27(6): 1366-1383.
	YANG B , FENG D G , QIN Y ,et al. Secure access scheme of cloud services for trusted mobile terminals using TrustZone[J]. Journal of Software, 2016,27(6): 1366-1383.
[20]	SANTOS N , . Using ARM TrustZone to build a trusted language runtime for mobile applications[C]// International Conference on Arohitectural Support for Programming Languages ＆ Operating Systems. 2016: 67-80.
[21]	王丽娜, 高汉军, 余荣威 ,等. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报, 2011,32(9): 1-8.
	WANG L N , GAO H J , YU R W ,et al. Research of constructing trust-ed virtual execution environment based on trust extension[J]. Journal on Communications, 2011,32(9): 1-8.
[22]	刘川意, 林杰, 唐博 . 面向云计算模式的运行环境可信性动态验证机制[J]. 软件学报, 2013,24(1): 1240-1252.
	LIU C Y , LIN J , TANG B.A dynamic trustworthiness verification mechanism for trusted cloud execution environment . [J]. Journal of Software, 2013,24(1): 1240-1252
[23]	刘川意, 王国峰, 林杰 ,等. 可信的云计算运行环境构建和审计[J]. 计算机学报, 2016,39(2): 339-350.
	LIU C Y , WANG G F , LIN J ,et al. Practical construction and audit for trusted cloud execution environment[J]. Chinese Journal of Computers, 2016,39(2): 339-350.
[24]	LI X Y , ZHOU L T , SHI Y ,et al. A trusted computing environment model in cloud architecture[C]// International Conference on Machine Learning and Cybernetics. 2010: 2843-2848.
[25]	WANG J , ZHAO B , ZHANG H ,et al. POSTER:an E2E trusted cloud infrastructure[C]// The ACM SIGSAC Conference on Computer and Communications Security. 2014: 1517-1519.
[26]	SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing[C]// Conference on Hot Topics in Cloud Computing. USENIX Association, 2009:3.
[27]	SANTOS N , RODRIGUES R , GUMMADI K P ,et al. Policy-sealed data:a new abstraction for building trusted cloud services[C]// USENIX Conference on Security Symposium, 2012: 1-14.
[28]	田俊峰, 常方舒 . 基于 TPM 联盟的可信云平台管理模型[J]. 通信学报, 2016,37(2): 1-10.
	TIAN J F , CHANG F S . Trusted cloud platform management model based on TPM alliance[J]. Journal on Communications, 2016,37(2): 1-10.
[29]	CHEN C , RAJ H , SAROIU S ,et al. cTPM:a cloud TPM for cross-device trusted applications[C]// The USENIX Conference on Networked Systems Design and Implementation. 2014: 187-201.
[30]	SAYLER A , KELLER E , GRUNWALD D . Jobber:automating inter-tenant trust in the cloud[C]// Workshop on Hot Topics in Cloud Computing. 2013: 1-6.
[31]	石勇, 郭煜, 刘吉强 ,等. 一种透明的可信云租户隔离机制研究[J]. 软件学报, 2016,27(6): 1538-1548.
	SHI Y , GUO Y , LIU J Q ,et al. Trusted cloud tenant separation mecha-nism supporting transparency[J]. Journal of Software, 2016,27(6): 1538-1548.
[32]	王佳慧, 刘川意, 王国峰 ,等. 基于可验证计算的可信云计算研究[J]. 计算机学报, 2016,39(2): 286-304.
	WANG J H , LIU C Y , WANG G F ,et al. Review of trusted cloud computing based on proof-based verifiable computation[J]. Chinese Journal of Computers, 2016,39(2): 286-304.
[33]	项国富, 金海, 邹德清 ,等. 基于虚拟化的安全监控[J]. 软件学报, 2012,23(8): 2173-2187.
	XIANG G F , JIN H , ZOU D Q ,et al. Virtualization-based security monitoring[J]. Journal of Software, 2012,23(8): 2173-2187.
[34]	GARFINKEL T . A virtual machine introspection based architecture for intrusion detection[J]. Proc.network ＆ Distributed Systems Security Symp, 2003: 191-206.
[35]	PAYNE B D . Simplifying virtual machine introspection using LibVMI[J]. Office of Scientific ＆ Technical Information Technical Reports, 2012: 1-20.
[36]	李保珲, 徐克付, 张鹏 ,等. 虚拟机自省技术研究与应用进展[J]. 软件学报, 2016,27(6): 1384-1401.
	LI B H , XU K F , ZHANG P ,et al. Research and application progress of virtual machine introspection technology[J]. Journal of Software, 2016,27(6): 1384-1401.
[37]	SCHIFFMAN J , VIJAYAKUMAR H , JAEGER T . Verifying system integrity by proxy[M]. Berlin: SpringerPress, 2012: 179-200.
[38]	ZHANG T , LEE R B . CloudMonatt:an architecture for security health monitoring and attestation of virtual machines in cloud computing[C]// International Symposium on Computer Architecture. 2015: 362-374.
[39]	ZHANG T , LEE R B . Monitoring and attestation of virtual machine security health in cloud computing[J]. IEEE Micro, 2016,36(5): 28-37.
[40]	XIANG G , JIN H , ZOU D ,et al. VMDriver:a driver-based monitoring mechanism for virtualization[C]// Reliable Distributed Systems. 2010: 72-81.
[41]	JIA L , ZHU M , TU B . T-VMI:trusted virtual machine introspection in cloud environments[C]// International Symposium on Cluster,Cloud and Grid Computing. 2017: 478-487.
[42]	王庆飞, 严飞, 王鹃 ,等. IaaS 下虚拟机的安全存储和可信启动[J]. 武汉大学学报(理学版), 2014,60(3): 231-236.
	WANG Q F , YAN F , WANG J ,et al. Secure storage and trusted launch of virtual machine in IaaS[J]. Journal of Wuhan University(Natural Science Edition), 2014,60(3): 231-236.
[43]	PALADI N , GEHRMANN C , ASLAM M ,et al. Trusted launch of virtual machine instances in public IaaS environments[M]. Berlin:Springer. 2013.
[44]	ZHANG Y , JUELS A , OPREA A ,et al. HomeAlone:co-residency detection in the cloud via side-channel analysis[C]// Security and Privacy. 2011: 313-328.
[45]	EZHILCHELVAN P , MITRANI I . Evaluating the probability of malicious co-residency in public clouds[J]. IEEE Transactions on Cloud Computing, 2017,5(3): 420-427.
[46]	SMYTH B , RYAN M , CHEN L . Direct anonymous attestation (DAA):ensuring privacy with corrupt administrators[C]// European Conference on Security and Privacy in Ad-Hoc and Sensor Networks. 2007: 218-231.
[47]	杨力, 张俊伟, 马建峰 ,等. 改进的移动计算平台直接匿名证明方案[J]. 通信学报, 2013,34(6): 69-75.
	YANG L , ZHANG J W , MA J F ,et al. Improved direct anonymous at-testation scheme for mobile computing platform[J]. Journal on Com-munications, 2013,34(6): 69-75.
[48]	周彦伟, 杨波, 吴振强 ,等. 基于身份的跨域直接匿名认证机制[J]. 中国科学:信息科学, 2014,44(9): 1102-1120.
	ZHOU Y W , YANG B , WU Z Q ,et al. Direct anonymous authentica-tion scheme in cross-domain based on identity[J]. Science China In-formation Sciences, 2014,44(9): 1102-1120.
[49]	张严, 冯登国, 于爱民 . 云计算环境虚拟机匿名身份证明方案[J]. 软件学报, 2013,24(12): 2897-2908.
	ZHANG Y , FENG D G , YU A M . Virtual machine anonymous attesta-tion in cloud computing[J]. Journal of Software, 2013,24(12): 2897-2908.
[50]	王中华, 韩臻, 刘吉强 ,等. 云环境下基于PTPM和无证书公钥的身份认证方案[J]. 软件学报, 2016,27(6): 1523-1537.
	WANG Z H , HAN Z , LIU J Q ,et al. ID authentication scheme based on PTPM and certificateless public key cryptography in cloud envi-ronment[J]. Journal of Software, 2016,27(6): 1523-1537.
[51]	于爱民, 冯登国, 汪丹 . 基于属性的远程证明模型[J]. 通信学报, 2010,31(8): 1-8.
	YU A M , FENG D G , WANG D . Property-based remote attestation model[J]. Journal on Communications, 2010,31(8): 1-8.
[52]	冯登国, 秦宇 . 一种基于 TCM 的属性证明协议[J]. 中国科学:信息科学, 2010,40(2): 189-199.
	FENG D G , QIN Y . A property attestation protocol based on TCM[J]. Science China Information Sciences, 2010,40(2): 189-199.
[53]	NING Z H , JIANG W , ZHAN J ,et al. Property-based anonymous attestation in trusted cloud computing[J]. Journal of Electrical ＆Computer Engineering, 2014(17): 1-7.
[54]	AWAD A , KADRY S , LEE B ,et al. Property based attestation for a secure cloud monitoring system[C]// IEEE/ACM International Conference on Utility and Cloud Computing. 2014: 934-940.
[55]	AHMAD R W , GANI A , HAMID S H A ,et al. A survey on virtual machine migration and server consolidation frameworks for cloud data centers[J]. Journal of Network ＆ Computer Applications, 2015,52(C): 11-25.
[56]	ZHANG Y , JUELS A , OPREA A ,et al. HomeAlone:co-residency detection in the cloud via side-channel analysis[C]// IEEE Symposium on Security and Privacy. 2011: 313-328.
[57]	HAN Y , CHAN J , ALPCAN T ,et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017,14(1): 95-108.
[58]	XU Z , WANG H , WU Z . A measurement study on co-residence threat inside the cloud[C]// The USENIX Conference on Security Symposium. 2015: 1-24.
[59]	梁鑫, 桂小林, 戴慧珺 ,等. 云环境中跨虚拟机的 cache 侧信道攻击技术研究[J]. 计算机学报, 2017,40(2): 317-336.
	LIANG X , GUI X L , DAI H J ,et al. Cross-VM cache side channel at-tacks in cloud:a survey[J]. Chinese Journal of Computers, 2017,40(2): 317-336.
[60]	DANEV B , MASTI R J , KARAME G O ,et al. Enabling secure VM-vTPM migration in private clouds[C]// The Annual Computer Security Applications Conference. 2011: 187-196.
[61]	HONG Z , WANG J , ZHANG H G ,et al. A trusted VM-vTPM live migration protocol in clouds[J]. Proceedings of International Work shop on Cloud Computing ＆ Information Security, 2013,52(1391): 299-302.
[62]	ASLAM M , GEHRMANN C , BJORKMAN M . Security and trust preserving VM migrations in public clouds[C]// The IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2012: 869-876.
[63]	CELESTI A , SALICI A , VILLARI M ,et al. A remote attestation approach for a secure virtual machine migration in federated cloud environments[C]// IEEE Symposium on Network Cloud Computing and Applications. 2011: 99-106.
[64]	HE X , TIAN J . A trusted VM live migration protocol in IaaS[C]// Trusted Computing and Information Security. 2017: 41-52.
[65]	范伟, 孔斌, 张珠君 ,等. KVM虚拟化动态迁移技术的安全防护模型[J]. 软件学报, 2016,27(6): 1402-1416.
	FAN W , KONG B , ZHANG Z J ,et al. Security protection model on live migration for KVM virtualization[J]. Journal of Software, 2016,27(6): 1402-1416.
[66]	石源, 张焕国, 吴福生 . 一种可信虚拟机迁移模型构建方法[J]. 计算机研究与发展, 2017,54(10): 2284-2295.
	SHI Y , ZHANG H G , WU F S . A method of constructing the model of trusted virtual machine migration[J]. Journal of Computer Research and Development, 2017,54(10): 2284-2295.

TPM虚拟化方式	实现机制	并发访问支持	与物理TPM关系
TPM passthrough	I/O虚拟化	单个虚拟机独占	直接访问
基于函数库模拟	函数库模拟，如libtpms	多虚拟机并发	完全脱离
CUSE TPM	虚拟用户空间字符设备/dev/vTPM0	多虚拟机并发	完全脱离

对比技术	信任根	隔离环境个数	动态可信度量	并发性	支持的功能
Intel SGX	CPU和enclave	多个	支持	多个enclave并发执行	安全隔离，远程证明
ARM TrustZone	硬件平台、trust OS	2个	支持	串行	安全启动，安全隔离