【作者】 朱智强；

【导师】 张焕国；

【作者基本信息】 武汉大学 ， 信息安全， 2011， 博士

【摘要】 针对IT领域对于计算资源集约化、规模化和专业化的需求,云计算这种新型的计算模式应运而生。云计算通过虚拟化技术对各种互联互通的资源进行有效整合和抽象,从而建立庞大的虚拟化资源池,实现资源的集中化规模化；通过网络将资源以可靠的服务模式提供给用户,使用户无需了解底层技术细节,从繁杂的IT基础设施维护工作中解放出来。由于云计算的巨大商业和社会价值,日前国内外各大IT企业(如Google、Amazon、IBM中国移动等)都先后推出了自己的云计算产品,各国政府也开始了对于云计算的初步应用研究。在云计算不断提高生产效率的同时,其暴露出来的各种安全问题也不容忽视,云计算安全问题已经成为阻碍其发展的关键因素。近年来各大云计算提供商(如微软、Google等)都出现了许多不同程度的安全事故。Gartner 2009年的调查结果显示,70%以上受访企业的CTO表示云安全问题是影响企业应用云计算的首要问题。同时云计算目前正朝着不同云服务之问互通融合的方向发展,与多个私有云或公有云联合组成规模更大的混合云时,其安全问题更为复杂,该问题目前在学术领域亟待开展深入研究。本文在分析混合云架构下跨云认证、授权管理等安全需求基础上,从跨云身份管理与认证、授权管理模型、云基础设施安全等方面开展研究,以期提高混合云服务的安全性。具体研究内容包括：1.面向混合云架构下跨云进行资源访问时对用户认证的需求,从建立私有云间基于PKI体系的信任关系入手,设计了一种面向混合云的跨云用户认证机制,并对效率和安全性进行了分析,该机制综合运用PKI体制和双线性对密签体制,满足对跨云认证中用户属性令牌的完整性、真实性保护需求,实现了混合云构架下的统一用户认证。认证机制主要包括跨云认证协议设计、令牌服务、跨云参数安全交换等,为跨云授权管理提供用户认证服务支撑,与传统方式相比,该模型认证机制具备简洁高效的特点,能满足混合云环境下用户分属不同的私有云的认证域、服务访问频繁的需求。2.综合属性访问控制和基于角色访问控制的优势,在研究跨云协同应用授权策略元素的分配关系、拥有关系、包含关系与合成关系基础上,分析了权限合成结构的时问状态、安全等级、可信环境约束关系,提出了基于策略合成的混合云授权管理模型,设计了HCAMMPC(Hybrid Cloud Authorization Management Model based on Policy Combination)模型策略合成的基本关系和授权规则,给出了模型的策略合成方法并对模型的相关结论予以证明。HCAMMPC模型具有策略动态合成、细粒度访问控制和可扩展性强的特点,能满足跨云协同服务组合应用的动态授权管理需求。3.针对基于可信技术的云计算环境基础设施中现有的链式度量结构过于简单,无法承载其度量需求的问题,提出了一种安全可扩展的星型信任度量结构,该结构能满足大规模度量需求,为云计算环境可信度量提供基础技术保障；针对云计算基础设施缺乏构建过程的有效验证问题,提出了一种非交互式的基于TPM约束的远程证明方案,该方案可以为云平台使用者提供云平台基础设施的可信凭据,为云平台提供者和云平台使用者之间建立一种可信的远程证明机制。更多还原

【Abstract】 As an emerging computing paradigm, a cloud computing abstract networked resources and integrates them through virtualization technology, which builds a huge virtual resource pool to manage resource. According to a dependable service model, resource is available and apparent for users over Internet, without the knowledge of details and management. Since the challenge and value are in economy, many IT enterprises are focusing on it. And governments and armies have also put forward some preliminary practices in the cloud computing fields.Although the cloud computing upgrades the efficiency, its security problem should not be neglected, which is the key issue hinder the development of cloud computing. Recently some cloud computing providers, like Microsoft、Google and so on, have meet security incidents. In 2009 the Gartner’s report shows that 70% of the interviewed CTO express their concerns on the cloud computing security that is the main problem for the applications of cloud computing. At the same time, the integration of different services is the direction of the development for cloud computing. When two or more clouds (private or public) compose a larger cloud, which is called hybrid cloud, many new security challenges are booming up just like multi-level security and cross-domain security. Now the security of hybrid cloud framework requires academic attention.Based on the security requirements of cross-domain authentication and access control in the hybrid cloud environment, this dissertation studies the cloud infrastructure security, cross-cloud identity management, cross-cloud access control and so on to improve the security of hybrid cloud service. The contributions of this dissertation can be listed in the following aspects:1. With the requirement of authentication in the hybrid cloud, a cross-cloud authentication mechanism is proposed, through building a trust among private clouds. And analysis on the efficiency and security is carried out. In this mechanism, Bilinear paring signcryption is integrates into PKI system, which satisfies the requirement of integrity and reality for user attribute token, and realizes a uniform authentication in a hybrid cloud framework. The authentication mechanism mainly includes the design of authentication protocol, token service and cross-cloud security exchange of parameter, provides the support of authentication for access control based atrribe-centric. Compared to the other traditional approach, the mechanism possesses more efficient and lightweight characteristic, and can satisfy the requirement of a great lot of users, frequently accessing service, high dynamic and isomerous in the hybrid cloud.2. Large numbers of users, roles, permissions and authorization restrictions in the hybrid cloud demand to manage availably. To overcome the deficiency in the hybrid cloud cooperative service application with the current model of authorization management, colligating the advantages of ABAC and RBAC, based upon the analysis of the relationship of distribution, possession, inclusion and composition among the element set in the hybrid-cloud cooperative organization, the time, security and environment of the permissions composition structure is analyzed. And the hybrid cloud authorization management model based on policy combination is proposed, the basic connection and authorization regulation of policies composition of HCAMMPC is designed, the method of policies composition is advanced, and theorems of the HCAMMPC are proved. The HCAMMPC can compose policies dynamic, access control fine granularity and expand well, and satisfy the requirement of dynamic authorization management in the hybrid cloud cooperative service application.3. Aiming at the problem of simplicity of daisy-chain structure for parallel and concurrent operations in cloud computing, a secure scalable star-style measurement structure is introduced. And to resolve the deficiency of attention method for construction of cloud computing infrastructure, a non-interaction remote attestation method with TPM restriction is proposed. Through these methods, the measurement and attestation requirements of cloud computing infrastructure are satisfied.更多还原