基于TPM联盟的可信云平台管理模型

doi:10.11959/j.issn.1000-436x.2016025

Abstract

Abstract:

On the basis of trusted computing technology, trusted cloud platform architecture and management model based on theTPMalliance was proposed to solve the performance bottleneck of dynamic management of trusted nodes in the building process of trusted cloud platform. MacroTPMproposed to solve the capability limitation of TPM,the concept of time-based tree was introduced to organizeTPMalliance, addressing the problem of high time cost of nodes management in trusted cloud. It usedTPMand authentication encryption technology to solve trusted transmission problem of data among nodes inTPMalliance, and a management strategy of time-based treeTPMalliance was proposed, including node configuration protocol, node registration protocol, node logout protocol, node state real-time monitor protocol, trusted nodes management network repair protocol, node update protoc explains the production algorithm of time-based tree, analyses the effectiveness of the time cost of building trusted node management network and monitoring of node state. The simulation result indicates that the model is efficient, and the time cost in trusted node management can be reduced.

Key words: TPM alliance, cloud computing, trusted cloud platform, time-based tree

Jun-feng TIAN,Fang-shu CHANG. Trusted cloud platform management model based onTPMalliance[J]. Journal on Communications, 2016, 37(2): 1-10.

Figures/Tables 14

References 25

[1]	冯登国, 张敏, 张妍 . 云计算安全研究[J]. 软件学报, 2011, 22(1): 71-83. FENG D G , ZHANG M , ZHANG Y . Study on cloud computing security[J]. Journal of Software, 2011, 22(1): 71-83.
[2]	GARFINKEL T , PFAFF B , CHOW J . Terra: a virtual machine-based platform for trusted computing[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5): 193-206.
[3]	BUTT S , LAGAR-CAVILLA H A , SRIVASTAVA A . Self-service cloud computing[C]// The 2012 ACM Conference on Computer and Communications Security. ACM, c2012: 253-264.
[4]	MCCUNE J M , LI Y , QU N . TrustVisor: efficient TCB reduction and attestation[C]// Security and Privacy (SP), 2010 IEEE Symposium. ACM, c2010: 143-158.
[5]	TADOKORO H , KOURAI K , CHIBA S . Preventing information leakage from virtual machines’ memory in IaaS clouds[J]. Information and Media Technologies, 2012, 7(4): 1421-1431.
[6]	BLEIKERTZ S , BUGIEL S , IDELER H . Client-controlled cryptography-as-a-service in the cloud[C]// Applied Cryptography and Network Security. Springer Berlin Heidelberg, c2013: 19-36.
[7]	CHEN C , RAJ H , SAROIU S . cTPM: a cloudTPMfor cross-device trusted applications[C]// The 11th USENIX Conference on Networked Systems Design and Implementation USENIX Association. c2014: 187-201.
[8]	吴吉义, 沈千里, 章剑林 . 云计算:从云安全到可信云[J]. 计算机研究与发展, 2011, 48(1): 229-233. WU J Y , SHEN Q L , ZHANG J L . Cloud computing: cloud security to trusted cloud[J]. Journal of Computer Research and Development, 2011, 48(1): 229-233.
[9]	SCHIFFMAN J , MOYER T , VIJAYAKUMAR H . Seeding clouds with trust anchors[C]// The 2010 ACM Workshop on Cloud Computing Security Workshop. ACM, c2010: 43-46.
[10]	DAVI L , SADEGHI A R , WINANDY M . Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks[C]// The 2009 ACM Workshop on Scalable Trusted Computing. ACM, c2009: 49-54.
[11]	BERGER S , CáCERES R , PENDARAKIS D . TVDc: managing security in the trusted virtual datacenter[J] ACM SIGOPS Operating Systems Review, 2008, 42(1): 40-47.
[12]	BERGER S , CáCERES S , GOLDMAN K . Security for the cloud infrastructure: trusted virtual data center implementation[J] IBM Journal of Research and Development, 2009, 53(4): 6: 1-6: 12.
[13]	SAYLER A , KELLER E , GRUNWALD D . Jobber: automating inter-tenant trust in the cloud[J/OL]. , 2013.
[14]	WU R , ZHANG X , AHN G J . Design and implementation of access control as a service for iaas cloud[J]. SCIENCE, 2013, 2(3):115-130.
[15]	刘川意, 唐博, 章剑林 . 面向云计算模式的运行环境可信性动态验证机制[J]. 软件学报, 2014, 25(3): 662-674. LIU C Y , LIN J , TANG B . Dynamic trustworthiness verifi ion mechanism for trusted cloud execution environment[J]. Journal of Software, 2014, 25(3): 662-674.
[16]	LI X Y , ZHOU L T , SHI Y . A trusted computing environment model in cloud architecture[C]// Machine Learning and Cybernetics (ICMLC), 2010 International Conference. IEEE, c2010: 2843-2848.
[17]	ZHANG F , CHEN J , CHEN H . CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[C]// The Twenty-Third ACM Symposium on Operating Systems Principles. ACM, c2011: 203-216.
[18]	SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing[C]// The 2009 Conference on Hot Topics in Cloud Computing. c2009: 3.
[19]	SANTOS N , RODRIGUES R , GUMMADI K P . Policy-sealed data: a new abstraction for building trusted cloud services[C]// USENIX Security Symposium. c2012: 175-188.
[20]	王丽娜, 任正伟, 董永峰 . 云存储中基于可信平台模块的密钥使用次数管理方法[J]. 计算机研究与发展, 2013, 50(8): 1628-1636. WANG L N , REN Z W , DONG Y F . A management approach to key-used times based on trusted platform module in cloud storage[J]. Journal of Computer Research and Development, 2013, 50(8): 1628-1636.
[21]	田俊峰, 吴志杰 . 一种可信的云存储控制模型[J]. 小型微型计算机系统, 2013, 34(4): 789-795. TIAN J F , WU Z J . Trusted control model of cloud storage[J]. Journal of Chinese Computer Systems, 2013, 34(4): 789-795.
[22]	张焕国, 陈璐, 张立强 . 可信网络连接研究[J]. 计算机学报, 2010, 33(4): 706-717. ZHANG H G , CHEN L , ZHANG L Q . Research on trusted network connection[J]. Chinese Journal of Computers, 2010, 33(4): 706-717.
[23]	WANG J , ZHAO B , ZHANG H . POSTER: an E2E trusted cloud infrastructure[C]// The 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, c2014: 1517-1519.
[24]	周振吉, 吴礼发, 洪征 . 云计算环境下的虚拟机可信度量模型[J]. 东南大学学报, (自然科学版), 2014, 44(1): 45-50. ZHOU Z J , WU L F , HONG Z . Trustworthiness measurement l of virtual machine for cloud computing[J]. Journal of Southeast University, (Natural Science Edition), 2014, 44(1): 45-50.
[25]	SZYDLO M . Merkle tree traversal in log space and time[C]// Advances in Cryptology-EUROCRYPT 2004. Springer Berlin Heidelberg, c2004: 541-554.

Metrics

Recommended 0

No Suggested Reading articles found!

方式	描述
方式1	节点状态通过前驱节点传递到RTPM
方式2	节点状态通过兄弟节点传递到RTPM
方式3	节点状态通过前驱的前驱传递到RTPM
方式4	节点状态通过临时前驱传递到RTPM
方式5	节点状态通过RTPM计算出来

Trusted cloud platform management model based onTPMalliance

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102.
[2]	Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60.
[3]	Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud [J]. Journal on Communications, 2021, 42(4): 139-149.
[4]	Ruiqi LI, Chunfu JIA, Yafei WANG. Multi-key homomorphic proxy re-encryption scheme based on NTRU and its application [J]. Journal on Communications, 2021, 42(3): 11-22.
[5]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[6]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[7]	Youliang TIAN,Qin LUO. Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method [J]. Journal on Communications, 2020, 41(9): 118-129.
[8]	Na WANG,Kun ZHENG,Junsong FU,Jian LI. Method of ciphertext retrieval in mobile edge computing based on block segmentation [J]. Journal on Communications, 2020, 41(7): 95-102.
[9]	Lindong ZHAO,Wenqin ZHUANG,Jianxin CHEN,Liang ZHOU. Hierarchical task offloading in heterogeneous cellular network:modeling and optimization [J]. Journal on Communications, 2020, 41(4): 34-44.
[10]	Bing LIANG,Wen JI. Multiuser computation offloading for edge-cloud collaboration using submodular optimization [J]. Journal on Communications, 2020, 41(10): 25-36.
[11]	SU Mingfeng,WANG Guojun,LI Renfa. Multidimensional QoS cloud computing resource scheduling method based on stakeholder perspective [J]. Journal on Communications, 2019, 40(6): 102-115.
[12]	CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222.
[13]	Wanliang WANG, Zelin ZANG, Guoqi CHEN, Hangyao TU, Yule WANG, Linyan LU. Research on optimal two element exchange algorithm for large scale cloud computing server scheduling problem [J]. Journal on Communications, 2019, 40(5): 180-191.
[14]	Tian WANG,Xuewei SHEN,Hao LUO,Baisheng CHEN,Guojun WANG,Weijia JIA. Research progress of trusted sensor-cloud based on fog computing [J]. Journal on Communications, 2019, 40(3): 170-181.
[15]	Xinfeng HE,Junfeng TIAN,Fanming LIU. Survey on trusted cloud platform technology [J]. Journal on Communications, 2019, 40(2): 154-163.