IaaS云虚拟机eID可信验证系统

doi:10.13190/j.jbupt.2014.05.018

北京邮电大学学报 ›› 2014, Vol. 37 ›› Issue (5): 85-90.doi: 10.13190/j.jbupt.2014.05.018

IaaS云虚拟机eID可信验证系统

吴旭^1,2, 许晋^1,2, 李春文³, 刘川意^1,2

1. 北京邮电大学计算机学院, 北京 100876;
2. 北京邮电大学可信分布式计算与服务教育部重点实验室, 北京 100876;
3. 中国农业银行总行软件开发中心, 北京 100073

收稿日期:2013-10-17 出版日期:2014-10-28 发布日期:2014-11-07
作者简介:吴旭(1963- ), 女, 研究员, 博士生导师;许晋(1990- ), 男, 硕士生, E-mail: xujin59545@bupt.edu.cn.
基金资助:
国家高技术研究发展计划项目(2012AA01A404)

Research on eID-Based Virtual Machine Trusted Attestation System in IaaS Cloud

WU Xu^1,2, XU Jin^1,2, LI Chun-wen³, LIU Chuan-yi^1,2

1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China;
3. Software Development Center, Head Office of the Agricultural Bank of China, Beijing 100073, China

Received:2013-10-17 Online:2014-10-28 Published:2014-11-07

摘要/Abstract

摘要：

为了解决云计算模式下数据与计算迁移造成的用户与云之间的互可信问题,从硬件平台、用户身份和用户行为多个维度,研究并设计了IaaS云虚拟机(eID)可信验证系统. 硬件平台采用可信第三方架构,采用全国唯一的公民网络电子身份eID标识用户身份,建立诚信记录,评估用户行为. 通过用户身份可信性验证、虚拟机可信性验证等4个阶段,有效解决了用户与云之间的互可信问题. 实验结果表明,该系统可抵御常见攻击方式,安全性高,且其计算时间复杂度在可接受范围内.

关键词: 可信计算, 云计算, 基础设施云, 网络电子身份证, 远程验证

Abstract:

In cloud computing, the data and computation migration gives rise to trust problems between the user and the cloud. Including the hardware platform, the multiple dimensions method was studied, as well as the user identity and behavior. The electronic identity (eID)-based virtual machine trusted attestation system in infrastructure-as-a-service (IaaS) cloud was designed. The hardware platform was used for trust third party architecture. The citizen's network eID was used as users unique authoritative identity. The credit records were also applied to evaluate the user's behaviors. Four steps were adopted to solve the trust problem between two sides, including trusted attestation of the user identification and trusted attestation of the virtual machine. Experiment analysis shows that this system can defend common attacks, it is more safety, and the time complexity is within acceptable limitations.

Key words: trust computing, cloud computing, infrastructure as a service, electronic identity, remote attestation

中图分类号:

TP309.1

吴旭, 许晋, 李春文, 刘川意. IaaS云虚拟机eID可信验证系统[J]. 北京邮电大学学报, 2014, 37(5): 85-90.

WU Xu, XU Jin, LI Chun-wen, LIU Chuan-yi. Research on eID-Based Virtual Machine Trusted Attestation System in IaaS Cloud[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(5): 85-90.

参考文献

[1] Pearson S. Privacy, security and trust in cloud computing[M]. [S.l.]: Springer London, 2013: 3-42.

[2] Huang J, Nicol D M. Trust mechanisms for cloud computing[J]. Journal of Cloud Computing, 2013, 2(1): 1-14.

[3] Trusted Computing Platform Alliance (TCPA). TCPA main specification version 1.1b[R]. Trusted Computing Group, 2002: 2-9.

[4] Imran K, Rehman H, Zahid A. Design and deployment of a trusted eucalyptus cloud[C]//2011 IEEE International Conference on Cloud Computing(CLOUD). Washington DC: IEEE, 2011: 380-387.

[5] Xin Siyuan, Zhao Yong, Li Yu. Property-based remote attestation oriented to cloud computing[C]//2011 Seventh International Conference on Computational Intelligence and Security. Sanya: [s.n.], 2011: 1028-1032.

[6] Manik L D, Ashutosh S, Ved P G. A dynamic ID-based remote user authentication scheme[J]. IEEE Transactions on Consumer Electronics, 2004, 50(2): 629-631.

[7] Wang Y, Liu J, Xiao F, et al. A more efficient and secure dynamic ID-based remote user authentication scheme[J]. Computer Communications, 2009, 32(4): 583-585.

[8] Lee H, Choi D, Lee Y, et al. Security weaknesses of dynamic ID-based remote user authentication protocol[J]. Proceedings of the World Academy of Science Engineering and Technology, 2009, 59: 190-193.

[9] Yu Jinwei. The program design for the network security authentication based on the USB key technology[C]//2011 International Conference on Electronic and Mechanical Engineering and Information Technology. [S.l.]: IEEE, 2011: 2215-2218.

[10] Chuang M C, Chen M C. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics[J]. Expert Systems with Applications, 2014, 41(4): 1411-1418.

[11] 林闯, 田立勤, 王元卓. 可信网络中用户行为可信的研究[J]. 计算机研究与发展, 2008, 45(12): 2033-2043. Lin Chuang, Tian Liqin, Wang Yuanzhuo. Research on user behavior trust in trustworthy network[J]. Journal of Computer Research and Development, 2008, 45(12): 2033-2043.

[12] Tian L, Lin C, Ni Y. Evaluation of user behavior trust in cloud computing[C]//Computer Application and System Modeling (ICCASM), International Conference on. [S.l.]: IEEE, 2010: 567-572.

[13] Dewangan M B K, Shende M P. Survey on user behavior trust evaluation in cloud computing[J]. International Journal of Science, Engineering and Technology Research, 2012, 1(5): 113-117.

[14] Lin Honggang. Research on trust-degree based dynamic access control model[C]//E-Product E-Service and E-Entertainment (ICEEE), 2010 International Conference on. [S.l.]: IEEE, 2010: 1-4.

[15] Lin G, Bie Y, Lei M. Trust based access control policy in multi-domain of cloud computing[J]. Journal of Computers, 2013, 8(5): 5-10.

IaaS云虚拟机eID可信验证系统

Research on eID-Based Virtual Machine Trusted Attestation System in IaaS Cloud

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	张志华, 王梦情, 毛文涛, 刘春红, 程渤. 基于时序相关性的云平台多负载序列联合预测[J]. 北京邮电大学学报, 2020, 43(4): 68-75.
[2]	尹学渊, 陈兴蜀, 李辉, 陈林. 一种基于虚拟化的文件杀毒实现方法[J]. 北京邮电大学学报, 2018, 41(2): 50-55.
[3]	朱晓宁, 孙斌, 朱春鸽. 大规模云资源可靠性评价模型[J]. 北京邮电大学学报, 2017, 40(s1): 53-57.
[4]	徐九韵, 管超, 江丹. 一种面向信誉主观性和时变性的云服务信任管理方法[J]. 北京邮电大学学报, 2017, 40(5): 30-35.
[5]	刘靖, 吴海博, 王少帅, 贾垒. 着色Petri网模型驱动的云测试生成方法与实现[J]. 北京邮电大学学报, 2016, 39(5): 89-93,115.
[6]	肖丁, 贾亚璞, 石川. 云计算环境下的非线性能耗建模方法[J]. 北京邮电大学学报, 2016, 39(1): 107-111.
[7]	郭力争, 张翼飞, 赵曙光. 数据中心环境下能耗性能感知的优化方法[J]. 北京邮电大学学报, 2015, 38(s1): 72-76.
[8]	于俊洋, 胡志刚, 刘秀磊. HDFS平台上以能效为考量的小文件合并[J]. 北京邮电大学学报, 2015, 38(6): 34-38.
[9]	武斌, 林幸, 李卫东, 芦天亮, 张冬梅. 云计算下手机人工免疫恶意代码检测模型[J]. 北京邮电大学学报, 2015, 38(4): 34-38.
[10]	王婷, 许可, 王娜, 宋俊德. 云计算环境下可扩展的服务器优化选择策略[J]. 北京邮电大学学报, 2014, 37(s1): 83-86.
[11]	乔媛媛, 刘芳, 凌艳, 尹劲松. 云计算环境下MapReduce的资源建模与性能预测[J]. 北京邮电大学学报, 2014, 37(s1): 115-119.
[12]	宋成, 李静, 彭维平, 贾宗璞, 刘志中. 基于双线性对的直接匿名认证方案[J]. 北京邮电大学学报, 2014, 37(6): 72-76.
[13]	柳兴, 袁超伟, 杨震, 胡仲伟. 移动云计算中基于移动代理的用户切换与接入控制[J]. 北京邮电大学学报, 2014, 37(2): 88-92.
[14]	宋杰, 李甜甜, 闫振兴, 朱志良. 数据密集型计算中负载均衡的数据布局方法[J]. 北京邮电大学学报, 2013, 36(4): 76-80.
[15]	刘川意, 方滨兴, 林杰. 基础设施云模块化解构[J]. 北京邮电大学学报, 2013, 36(2): 38-43.