项目名称: 净室云计算理论及应用研究
项目编号: No.61472451
项目类型: 面上项目
立项/批准年度: 2015
项目学科: 自动化技术、计算机技术
项目作者: 王国军
作者单位: 广州大学
项目金额: 82万元
中文摘要: 云计算环境下,用户数据在远程平台存储和处理,用户失去了对数据的直接控制权,而云服务提供商作为最高权利实体,可以通过管理平台的特权接口访问用户数据,因此存在数据泄露风险。针对数据远程存储和处理引起的潜在安全风险,本项目引入服务态与净室态的全新理念,研究净室云计算理论及关键技术。提出净室云计算模型,通过定义净室态的安全边界设定可信实体的行为模式,为净室态与服务态的安全转换提供基础。研究净室态安全框架构建技术,通过对虚拟机监控器进行隐秘的测量,保证验证过程的原子性、完整性和真实性,实现可信虚拟机监控器。研究净室态安全迁移技术,通过将服务执行环境限制在安全边界以内,保证虚拟机迁移过程的完整性。研究净室态实时监控技术,通过实时检测虚拟机的动态完整性,保证虚拟机运行时的可信性,实现执行环境的安全隔离/虚拟加锁。本项研究成果对安全云计算服务的研究具有重要的意义,将有利于促进云计算技术的广泛应用。
中文关键词: 云计算;可信计算;存储安全;隐私保护
英文摘要: In cloud computing, user data is stored and processed in a remote platform. In such a computing model, users lose direct control on their data, and cloud service provider (CSP), as the most privileged entity, has the right to access user data through the privilege interface of the management platform. Thus, cloud computing will incur the risk of data leakage. To avoid the potential security risks raised by remote data storage and processing, we research the theory and key technologies of Cleanroom Cloud Computing (CCC) by introducing the new concept of Service Mode and Cleanroom Mode. First, we propose Cleanroom Cloud Computing Model, which sets the behavior patterns of the trusted entities by defining the security periphery of Cleanroom Mode. The proposed model is served as the basis of the secure transformation between Service Mode and Cleanroom Mode. Then, we research the technologies of the establishment of security framework of Cleanroom Mode, which guarantees the atomicity, integrity, and authenticity of the verification process of Virtual Machine Monitor (VMM) by measuring the VMM in a private way. Furthermore, we research the technologies of the secure migration of Cleanroom Mode, which guarantees the integrity of the migration of Virtual Machines (VMs) by confining the execution environment to the security periphery of Cleanroom Mode. Finally, we research the technologies of real-time monitoring of Cleanroom Mode, which guarantees the runtime credibility of VMs and realizes security isolation/virtual lock in the execution environment, by real-time detection of the dynamic integrity of VMs. The research results of this project will have great significance to the studies of secure cloud computing services, and will be helpful for the widespread use of cloud computing.
英文关键词: Cloud Computing;Trusted Computing;Storage Security;Privacy Preserving