一种基于信任协商机制的云服务资源信任验证方法

计算机科学 ›› 2013, Vol. 40 ›› Issue (7): 107-112.

一种基于信任协商机制的云服务资源信任验证方法

杨绍禹,王世卿,郭晓峰

郑州大学信息工程学院郑州450052;郑州大学信息工程学院郑州450052;信息工程大学理学院郑州450000

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家“十一五”科技支撑计划项目(2006BAF01A00)资助

Trust Negotiation-based Services Verification in Cloud Computing

YANG Shao-yu,WANG Shi-qing and GUO Xiao-feng

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 云计算环境下,服务资源分布广泛、迁移频繁,资源之间的信任关系不易建立与维护。传统的可信计算远程验证方法存在性能瓶颈和计算复杂等问题。在研究云服务资源信任验证方法的基础上,提出一种属性协商的远程验证方法。采用环签名算法和基于属性的敏感信息保护机制,提高了信任验证计算效率,减小了敏感信息泄露的风险。设计的安全模型证明了方法的安全性。通过Hadoop平台下的实验,验证了方法的有效性和可行性。

关键词: 云计算,可信计算,远程证明,环签名,自动信任协商中图法分类号TP309文献标识码A

Abstract: In cloud computing,the resources of service are widely distributed and migrated frequently．The trust relationship between them is hard to establish and maintain．There are some problems for traditional remote attestation based on trust computing,such as performance bottleneck and computational-complexity.This article proposed a novel remote attestation mechanism based on property negotiation in cloud computing．According to the ring signature algorism and sensitive property-based protection,this mechanism promotes the computational efficiency and reduces the leakage risk of sensitive property．Security of the mechanism is verified by security model．Validity and feasibility are tested by the experiment on Hadoop platform.

Key words: Cloud computing,Trust computing,Remote attestation,Ring signature,Automated trust negotiation

杨绍禹,王世卿,郭晓峰. 一种基于信任协商机制的云服务资源信任验证方法[J]. 计算机科学, 2013, 40(7): 107-112. https://doi.org/

YANG Shao-yu,WANG Shi-qing and GUO Xiao-feng. Trust Negotiation-based Services Verification in Cloud Computing[J]. Computer Science, 2013, 40(7): 107-112. https://doi.org/

参考文献

[1] Santos N,Krishna P．Towards Trusted Cloud Computing[A]∥HotCloud’09Proceedings of the 2009conference on Hot topics in cloud computing,2009[C].CA,USA:USENIX,2009:22
[2] Armbrust,Michael,Fox,et al．A view of cloud computing[J]．Communication of the ACM,2010(4):50-58
[3] Trusted Computing Group．Trusted Computing Platform Alli-ance main specification version 1.1b[EB/OL].http//www.Trustedcomputinggroup.org,2011-11
[4] Trusted Computing Group．Trusted Computing Platform Alli-ance main specification version 1.2[EB/OL].http//www.Trustedcomputinggroup.org,2012-08
[5] Brickell E,Chen Li-qun,Li Jiang-tao．A New Direct Anonymous Attestation Scheme from Bilinear Maps[J]．Lecture Notes in Computer Science,2008(4968/2008):166-178
[6] Chen Li-qun．A DAA scheme requiring less TPM resources[J]．Lecture Notes in Computer Science,2011(6151):350-365
[7] 周彦伟,吴振强,蒋李.分布式网络环境下的跨域匿名认证机制[J].计算机应用,2010(08):2120-2124
[8] Haldar V,Chandra D,Franz M．Semantic Remote Attestation-A Virtual Machine directed approach to Trusted Computing[A]∥USENIX Virtual Machine Research and Technology Symposium[C]．2004
[9] Chen Li-qun,Lhr H,Manulis M．Property-Based Attestationwithout a Trusted Third Party[J]．Lecture Notes in Computer Science,2008(5222):31-46
[10] 刘吉强,赵佳,赵勇．可信计算中远程自动匿名证明的研究[J]．计算机学报,2009(7):1304-1310
[11] Bender A,Katz J,Morselli R．Ring Signatures:Stronger Definitions,and Constructions without Random Oracles[J]．Journal of Cryptology,2009(1):114-138
[12] Zou De-qing,Du Shang-xin,Zheng Wei-de,et al．Building Automated Trust Negotiation architecture in virtual computing environment[J]．Journal of Supercomputing,2011(1):69-85
[13] 陈小峰,冯登国．一种多信任域内的直接匿名证明方案[J].计算机学报,2008(07):1122-1128
[14] Brickell E,Chen L,Li J．A New Direct Anonymous Attestation Scheme from Bilinear Maps[C]∥LNCS 4968． Springer-Verlag,2008:166-178

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed