摘要
针对云计算环境中服务资源跨域访问频繁,安全管理边界模糊,域外陌生资源的访问与调度需要进行身份验证和信任度量.在研究可信计算远程证明方法的基础上,提出一种采用环签名机制的消息签名算法和信任验证协议.利用域内可信资源的TPM公钥信息构建的环方程对消息进行签名与信任验证,提供无须第三方参与的验证双方可信证明.相比较常用的远程证明方法,这种方法具有计算效率高、证明过程便捷的特点,适合跨域云服务资源访问环境.通过构建安全模型证明了方法安全性,利用运算类型对比说明了方法高效性,在Hadoop平台下的应用实验验证了方法的可行性.
In cloud computing, the resources in different realm access with each other frequently. The security managing realm is hard to define. The Strange resources from different realms need identity verification and trust measurement. This paper proposed a novel signature algorism based on the ring signature mechanism and design its attestation protocol in trust computing. It signs the message by ring formation constructed by the public keys of TPMs in the same trusted realm. Comparing with the traditional remote attesta- tion, it can verify the identity of cross-realm resources anonymously, efficiently and conveniently. This solution is suit for cross- realm access in cloud computing. By building security model, comparing calculate type and the experiment in Hadoop, we confirm that the solution can be security, efficient and feasibility.
出处
《小型微型计算机系统》
CSCD
北大核心
2014年第2期324-328,共5页
Journal of Chinese Computer Systems
基金
国家"十一五"科技支撑计划项目(2006BAF01A00)资助
关键词
云计算
远程证明
环签名
跨域访问
HADOOP
cloud computing
remote attestation
ring signature
cross-realm access
hadoop
