Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is ...Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.展开更多
Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an import...Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an important nature of subjective trust,uncertainty should be preserved and exhibited in trust definition,representation and evolution.Consider the drawbacks of existing mechanisms based on random mathematics and fuzzy theory,this paper designs an uncertainty enhanced trust evolution strategy based on cloud model theory.We define subjective trust as trust cloud.Then we propose new algorithms to propagate,aggregate and update trust.Furthermore,based on the concept of similar cloud,a method to assess trust level is put forward.The simulation results show the effiectiveness,rationality and efficiency of our proposed strategy.展开更多
基金supported by the National Natural Science Foundation of China (No.61272447)
文摘Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (laaS) platform is a problem that must be solved. The laaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted laaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the laaS's trusted attestation by apprising the VM, Hypervisor, and host Operating System's (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the laaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.
基金Supported by the National Natural Science Foundation of China under Grant No.60703048the Open Foundation of State Key Lab of Software Engineering of Wuhan University under Grant No.SKLSE20080720the Open Foundation of State Key Laboratory for Novel Software Technology of Nanjing University under Grant No.KFKT2009B22
文摘Resources shared in e-Science have critical requirements on security.Thus subjective trust management is essential to guarantee users' collaborations and communications on such a promising infrastructure.As an important nature of subjective trust,uncertainty should be preserved and exhibited in trust definition,representation and evolution.Consider the drawbacks of existing mechanisms based on random mathematics and fuzzy theory,this paper designs an uncertainty enhanced trust evolution strategy based on cloud model theory.We define subjective trust as trust cloud.Then we propose new algorithms to propagate,aggregate and update trust.Furthermore,based on the concept of similar cloud,a method to assess trust level is put forward.The simulation results show the effiectiveness,rationality and efficiency of our proposed strategy.
