摘要
为了通过单台物理终端同时运行不同安全等级业务系统、多域访问不同安全等级云服务,综合利用虚拟机技术和可信计算技术,提出了一种可信云计算环境下的多域访问终端解决方案.该方案通过可信密码模块(TCM)虚拟化和信任链传递机制实现可信环境的构建,利用Hypervisor多级安全访问控制框架和多域通信管理保证多级安全云服务的隔离和多域并发访问.实验结果表明:该方案是可行和有效的,可以为多域访问提供基础平台的支撑,同时可信机制给系统带来的性能损耗相对较小,可以满足实际应用过程中的性能需求.
As trusted cloud computing environment is a logical isolation of multi-domain environment,through a single physical terminal running different security level application systems to multi-domain access different security level cloud services at the same time has an urgent need.Based on the virtual machine technology and trusted computing technology,a multi-domain access terminal solution for trusted cloud computing environment was proposed.TCM(trusted cryptography module)virtualization and trust chain transfer mechanism were used to construct a trusted terminal environment,and the hypervisor′s multi-level security access control framework and the multi-domain communication management were used to assure the isolation of multi-level security cloud service and multi-domain concurrent access.Experimental result shows that the scheme is feasible and effective,which can provide a basic platform support for multi-domain access,and the performance cost of trusted mechanism is relatively small,which can meet the performance requirements in the process of actual application.
作者
段翼真
刘忠
施展
Duan Yizhen;Liu Zhong;Shi Zhan(Chengdu Institute of Computer Application, Chinese Academy of Sciences, Chengdu 610041, China;University of Chinese Academy of Sciences, Beijing 100049, China;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第12期32-38,共7页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国防基础科研项目(B0420132604)
关键词
可信云
多域访问
多级安全
可信密码模块(TCM)虚拟化
信任链
trusted cloud
multi-domain access
multi-level security
TCM (trusted cryptographymodule) virtualization
trust chain
