[1]周振吉,吴礼发,洪征,等.云计算环境下基于信任的虚拟机可信证明模型[J].东南大学学报(自然科学版),2015,45(1):31-35.[doi:10.3969/j.issn.1001-0505.2015.01.006]
 Zhou Zhenji,Wu Lifa,Hong Zheng,et al.Trust based trustworthiness attestation model of virtual machines for cloud computing[J].Journal of Southeast University (Natural Science Edition),2015,45(1):31-35.[doi:10.3969/j.issn.1001-0505.2015.01.006]
点击复制

云计算环境下基于信任的虚拟机可信证明模型()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
45
期数:
2015年第1期
页码:
31-35
栏目:
计算机科学与工程
出版日期:
2015-01-20

文章信息/Info

Title:
Trust based trustworthiness attestation model of virtual machines for cloud computing
作者:
周振吉吴礼发洪征李丙戌郑成辉
解放军理工大学指挥信息系统学院, 南京 210007
Author(s):
Zhou Zhenji Wu Lifa Hong Zheng Li Bingxu Zheng Chenghui
Institute of Command Information System, PLA University of Science and Technology, Nanjing 210007, China
关键词:
云计算 信任管理 虚拟机 群签名
Keywords:
cloud computing trust management virtual machine group signature
分类号:
TP393
DOI:
10.3969/j.issn.1001-0505.2015.01.006
摘要:
为了解决云计算环境下虚拟机可信证明存在可信证据来源不足和证明过程容易暴露节点隐私信息的缺陷,将信任管理与群签名机制相结合,提出了一种基于信任的虚拟机可信证明模型,并给出了模型的结构和虚拟机节点总体信任度的计算方法.首先,通过综合直接信任度和反馈信任度,得到虚拟机节点的整体可信度,并据此识别出恶意的虚拟机节点;然后,采用基于群签名的证据保护方法,通过检验虚拟机节点的签名来考察其可信性,以保护节点隐私的同时降低节点遭受攻击的可能性.实验结果表明,该模型在虚拟机运行过程中可以有效识别出恶意节点并保护节点的隐私信息.
Abstract:
The trust evidence sources of cloud computing nodes are usually insufficient, and during the attestation process sensitive information of the involved nodes is easily exposed. To solve these problems, a trust-based trustworthiness attestation model(TBTAM)for virtual machine is presented by combining trust management and group signature scheme. The TBTAM architecture and the calculation method of the trustworthiness of virtual machine nodes are put forward. First, considering both direct trustworthiness and feedback trustworthiness, the trustworthiness of virtual machine nodes is comprehensively evaluated, and malicious nodes are identified. Then, by the group-signature-based method for proof protection, the trustworthiness of tenants is verified by validating the signatures of nodes, which protects the privacy of nodes and reduces the attack possibilities. The experimental results show that the model can effectively identify malicious nodes and protect privacy of virtual machine nodes during the running process.

参考文献/References:

[1] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011, 22(1):71-83.
  Feng Dengguo, Zhang Min, Zhang Yan, et al. Study on cloud computing security[J]. Journal of Software, 2011, 22(1):71-83.(in Chinese)
[2] 黄瑛, 石文昌. 云基础设施安全性研究综述[J]. 计算机科学, 2011, 38(7): 24-30,69.
  Huang Ying, Shi Wenchang. Survey of research on cloud infrastructure[J]. Computer Science, 2011, 38(7): 24-30,69.(in Chinese)
[3] Trusted Computing Group. TCG specification architecture overview, version 1.4 [EB/OL].(2007-08)[2014-06-25]. http://www.trustedcomputinggroup.org/resources/tcg-architecture-overview-version-14/.
[4] Santos N, Gummadi K P, Rodrigues R. Towards trusted cloud computing[C]//Proceedings of 2009 Conference on Hot Topics in Cloud Computing. San Diego, CA, USA, 2009: 14-19.
[5] Krautheim F J. Private virtual infrastructure for cloud computing[C]//Proceedings of 2009 Workshop on Hot Topics in Cloud Computing. San Diego, CA, USA, 2009: 1-5.
[6] Krautheim F J, Phatak D S, Sherman A T. Introducing the trusted virtual environment module: a new mechanism for rooting trust in cloud computing[C]//2010 Trust and Trustworthy Computing. Berlin, Germany, 2010: 211-227.
[7] Schiffman J, Moyer T, Vijayakumar H, et al. Seeding clouds with trust anchors[C]//Proceedings of 2010 ACM Workshop on Cloud Computing Security Workshop. New York, USA, 2010: 43-46.
[8] Neisse R, Holling D, Pretschner A. Implementing trust in cloud infrastructures[C]//Proceedings of 2011 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. Newport Beach, CA, USA, 2011: 524-533.
[9] Zhao Y, Cong P Y. On remote attestation based on trusted cloud computing[J]. Journal of Applied Sciences, 2013, 13(22): 5092-5098.
[10] Ateniese G, Camenisch J, Joye M, et al. A practical and provably secure coalition-resistant group signature scheme[C]//The 20th Annual International Cryptology Conference. Santa Barbara, CA, USA, 2000: 255-270.
[11] 陈泽文, 王继林, 黄继武, 等. ACJT群签名方案中成员撤销的高效实现[J]. 软件学报, 2005, 16(1): 151-157.
  Chen Zewen, Wang Jilin, Huang Jiwu, et al. An efficient revocation algorithm in ACJT group signature[J]. Journal of Software, 2005, 16(1): 151-157.(in Chinese)
[12] Calheiros R N, Ranjan R, Beloglazov A, et al. CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms[J]. Software:Practice and Experience, 2011, 41(1): 23-50.
[13] Medina A, Matta I, Byers J. BRITE: Boston University representative internet topology generator [EB/OL].(2001-03)[2014-06-25]. http://www.cs.bu.edu/fac/matta/Research/BRITE/.

相似文献/References:

[1]徐小龙,熊婧夷,程春玲.基于云端计算架构的恶意代码联合防御机制[J].东南大学学报(自然科学版),2011,41(2):220.[doi:10.3969/j.issn.1001-0505.2011.02.002]
 Xu Xiaolong,Xiong Jingyi,Cheng Chunling.Joint defense mechanism of malicious code based on cloud and client computing architecture[J].Journal of Southeast University (Natural Science Edition),2011,41(1):220.[doi:10.3969/j.issn.1001-0505.2011.02.002]
[2]周振吉,吴礼发,洪征,等.云计算环境下的虚拟机可信度量模型[J].东南大学学报(自然科学版),2014,44(1):45.[doi:10.3969/j.issn.1001-0505.2014.01.009]
 Zhou Zhenji,Wu Lifa,Hong Zheng,et al.Trustworthiness measurement model of virtual machine for cloud computing[J].Journal of Southeast University (Natural Science Edition),2014,44(1):45.[doi:10.3969/j.issn.1001-0505.2014.01.009]
[3]王旭阳,胡爱群,方昊.基于LWE的单层同态云计算方案[J].东南大学学报(自然科学版),2016,46(5):945.[doi:10.3969/j.issn.1001-0505.2016.05.008]
 Wang Xuyang,Hu Aiqun,Fang Hao.Single-layer homographic cloud computing scheme based on LWE[J].Journal of Southeast University (Natural Science Edition),2016,46(1):945.[doi:10.3969/j.issn.1001-0505.2016.05.008]

备注/Memo

备注/Memo:
收稿日期: 2014-07-26.
作者简介: 周振吉(1985—),男,博士生;吴礼发(联系人),男,博士,教授,博士生导师,wulifa@vip.163.com.
基金项目: 江苏省自然科学基金资助项目(BK2011115, BK20131069).
引用本文: 周振吉,吴礼发,洪征,等.云计算环境下基于信任的虚拟机可信证明模型[J].东南大学学报:自然科学版,2015,45(1):31-35. [doi:10.3969/j.issn.1001-0505.2015.01.006]
更新日期/Last Update: 2015-01-20