【作者】 刘婷婷；

【导师】 沈昌祥；

【作者基本信息】 解放军信息工程大学 ， 密码学， 2013， 博士

【摘要】 云计算将硬件、软件等大量IT资源以服务的形式通过网络提供给用户。在云计算服务模式下，用户将数据和应用托管至云端，云服务的透明性使用户失去对数据的控制，由于云服务商可信性不易评估，因此，数据安全问题成为云计算环境下用户的首要担忧。由于云计算是根据用户的服务请求对数据进行相关操作，因此，用户和云之间的身份认证是保证数据不被非法用户冒名访问的前提。但是，由于云用户数量庞大，如何进行安全和高效的认证是用户和服务商均关注的问题。用户通过身份认证后，可以使用云提供的数据存储和计算服务。用户将大量数据存储到云端并委托云服务商对数据进行计算，本地并不存储数据的副本，虽然云服务商具有强大的技术实力和维护水平，仍无法完全避免数据发生损坏。对于静态存储的数据而言，由于数据量大，传统的将数据下载到本地进行完整性验证不再适用。当用户发现数据完整性被破坏时，只能寄希望于云服务商的灾备机制。对于在计算服务中的动态数据，由于云计算具有多租户的特点，用户通过服务进程对数据访问和计算，共享访问的进程载体成为权限的集中点，共享漏洞威胁需采取针对用户维度的权限隔离机制。如果真的发生了数据安全事件，用户如何对云服务商追究责任是一个关键问题，目前问责机制需要云服务的细节，涉及云服务商的商业秘密，较难实现。另外，由于缺乏可信保障机制，安全机制可能被攻击、篡改或旁路，无法发挥作用。云计算中数据安全问题的本质是数据所有方和服务方之间的信任管理，用户和云服务提供者之间需形成一定的数据使用约束，通过双方的信誉和技术约束手段，共同促成数据的合法使用而不被滥用和破坏。就用户来说，可以选择信赖的服务方，约定一种双方都满意的安全机制，以达到最大化的保障，就服务方而言，一旦失去诚信，将无立足之地。在这样的前提下，云服务商愿意配合用户采取一些数据安全保护技术，不会故意破坏用户的数据，但会对出现的一些数据安全事故进行隐瞒。从这一角度出发，本文对认证、静态存储数据保护和动态计算数据保护、可信云计算等关键技术进行了研究，为云用户提供全面的数据安全保护。本文的主要工作和研究成果如下：1.基于三方口令认证密钥交换（3PAKE）协议提出一种跨云认证方案，并设计了一种可证明安全的3PAKE协议。将用户、用户所属私有云和公有云分别对应3PAKE中的三方实现了跨云认证，基于所设计协议实现的方案比其它跨云认证方案有更高的计算效率。针对传统口令认证方案中存在口令安全性低、易受猜测攻击、认证后不能安全生成会话密钥等问题，基于椭圆曲线提出一种3PAKE协议，证明了协议在随机预言模型下具有会话密钥的前向安全性，能抗离线口令猜测攻击。与基于证书的PKI、基于身份的密码IBC等认证方案相比，本方案既利用了口令认证方案简单易行的优点，又通过密码学方法对口令进行了有效保护，实现了用户和云之间安全、高效的双向认证。2.提出一种用户可验证的静态数据存储方案，使用户能够实现云端数据完整性验证、数据修复以及数据泄露问责。为使用户在发现数据完整性被破坏后能够恢复数据，提出基于秘密共享的多副本存储预处理方法，并提出一种用户身份信息与可用数据分离存储方法，防止外部攻击者获得数据的属主信息后收集同一用户的数据分块重构原始文件。为了及时验证数据的完整性，提出一种支持上述多副本机制的完整性验证方法，该方法与现有完整性验证方法相比，能够确定出错的数据分块，并支持面向第三方的公开验证和数据动态更新。多副本完整性验证无法保证数据不被云服务商泄露，为解决数据泄露问责问题，基于云模型和混沌序列的良好特性，提出一种利用数据库水印实现泄露问责的方法，使用户能够追究云服务商的失职。3.基于分散信息流模型DIFC构建了动态数据安全保护系统CA_DataGuarder，提供多租户之间细粒度的数据隔离和控制。为消除DIFC的模糊性和不完整性，基于命题逻辑为标记体系和信息流规则进行形式化建模并证明了DIFC模型的安全性。基于DIFC模型的规则和特权约束条件设计分布式文件系统的保护机制、CA_DataGuarder中敏感数据对象标记和追踪控制的实现机制。在编程语言级，提出一种最小特权封装（LPE）机制，保证安全策略的执行点容易定位和监控；在操作系统层，基于统一的DIFC安全策略模型提供对上层应用的支撑，将用户信息作为应用上下文语义传递至操作系统层，实现了细粒度的数据控制和保护。与现有的基于访问控制或分散信息流控制的其他系统相比，CA_DataGuarder能提供用户维度的数据隔离，并保证安全机制不易被旁路。4.基于虚拟化架构构建了一种可信云计算平台，为上述几种数据安全保护机制的正确执行提供了可信执行环境。首先，从进程行为的角度对平台信任链传递进行形式化建模和安全证明，给出理论上的支撑。在模型基础上设计了信任链传递机制，在虚拟机监控器VMM层进行了可信增强，提出一种无序的运行时信任链传递机制，对上层用户虚拟机上的可执行程序进行完整性度量和隔离保护，防止恶意代码篡改可执行程序，破坏数据安全机制。为降低云服务商的安全开销，假设云基础设施中只有部分主机进行了可信增强，提出一种将用户虚拟机镜像与云计算环境可信性绑定的方案。更多还原

【Abstract】 Cloud computing provides a large number of IT resources such as hardware and software as aservice to users through the network. In cloud computing service model, users host data andapplication to the cloud, due to the cloud service transparency, they lose control of the data. Becauseit is difficult to assess cloud provider’s credibility for users, data security has become the primaryconcern in cloud computing.Since cloud computing does related operations based on user’s service request,authentication between users and cloud providers can avoid illegal access from assumed identity.Whereas, due to the large number of users, how to realize safe and efficient authentication is themain concern for users and service providers. Having been authenticated, users can use thedata storage and computing services. Users upload large amounts of data to the cloud andcommission cloud service providers to calculate without the local copy stored. Although thecloud service provider is with strong technical strength and maintenance, it is not possible tocompletely prevent data damage or leakage occurs. For static storage of data, due to the mass ofdata, it is no longer applicable to verify integrity after downloading data to local in traditional way. Ifusers find data integrity is compromised, they can only pray the cloud service provider’s disasterrecovery mechanism works. Because of the characteristics of multi-tenant in the cloud, users accessdata and compute through the service process for dynamic data in computing service, the processcarrier of shared access become focal point of authority. But it is difficult to achieve effectiveisolation and control of different users’ data by shared permissions on OS level, data isolationmechanism of application solely is easily bypassed, so data confidentiality and integrity inmulti-tenant environment remain to be resolved. If the data disclosure really happens, it is a keyissue to charge service providers’ responsibility. Current accountability mechanisms need detailsof cloud services, which are related to cloud service providers’ trade secrets, consequently it isdifficult to achieve. In addition, due to the lack of trusted protection mechanism, securitymechanism may be attacked, tampered or bypassed, accordingly it fails.The essence of the cloud data security problem is the trust management between data ownerand service provider, certain data constraints should be formed between them. They achieve certain data useagreement through reputation and technical means of restraint, contribute to the legitimate use of data andprevent from destroying. Users can choose to rely on service provider side by reaching a mutually satisfactorysecurity mechanism to maximize safety and security, service providers will not have a place to live in once helost credibility. In this context, cloud service providers are willing to cooperate with users to take data securityprotection technology, and never do intentional destruction of user data, but they may hide data safetyaccident. From this point of view, the thesis studies on the authentication, static memory data protection, dynamic calculation data protection and trusted cloud computing, etc. are studied, toprovide comprehensive data security protection for cloud users.The main research work are as follows:1. A cross-cloud authentication scheme based on3PAKE (three-party passwordauthenticated key exchange) protocol is proposed and a provably secure authentication protocolis designed for the scheme. Users, the private cloud to which the users belong and the publiccloud correspond to the three parties of the3PAKE protocol which realizes cross-cloudauthentication. The authentication scheme based on our protocol is more computation efficientthan other cross-cloud authentication schemes. Traditional password authentication is vulnerableto password-guessing attacks and cannot generate a session key securely. To solve the problemsof password authentication, a protocol based on elliptic curve cryptosystem is put forward. Theprotocol is proved to be forward secure for session keys and defeat off-line password guessingattack in the random oracle model. Compared with the PKI or IBC authentication scheme, thisscheme is simple and of high security which realizes the efficiency, safety and fairnessbidirectional authentication process with public cloud.2. A static data storage scheme users can verify is put forward, which enables users torealize cloud data integrity verification, bug reparation and data leakage accountability. In orderto enable users to recover after finding data breaches, we present a multi-copy storagepreprocessing method on secret sharing and a storage method separating user identityinformation from available data, to prevent external attackers to collect the same user’s datablock to reconstruct the original file after obtaining owner’s information of data. Integrityverification methods supporting above multi-copy mechanism is proposed to verify the dataintegrity in time, compared with existing integrity verification method, it can determine the errordata block and support publicly verifiable from third-party and data dynamical update.Multi-copy integrity verification cannot guarantee data not leaked by cloud service provider, tosolve this problem, a data leaked accountability method using database watermark is presented,which is based on the good characteristics of the cloud model and chaotic sequence, and help theuser to investigate service provider’s dereliction of duty..3. Dynamic Data security protection system CA_DataGuarder is built based on thedispersion information flow model the CA_DIFC, which provides fine-grained data isolation andcontrol between multi tenants. In order to eliminate the ambiguity and integrity of the DIFC, wecomplete formal modeling for mark system and information flow rules based on propositionallogic, and prove CA_DIFC’s safety. Then we design a distributed file system protectionmechanisms, sensitive data object marking and tracking control implementation mechanism inCA_DataGuarder based on the rules and privileges constraints. On the programming language level, we propose a LPE(least privilege encapsulation) mechanism to guarantee that theimplementation of security strategy is easy to locate and monitor. On operating system layer, itsupports upper cloud application based on a unified DIFC security policy model, transfers userinformation as the application context semantic to OS layer, which realizes fine-grained datacontrol and protection.4. A trusted cloud computing platform is constructed based on virtualization-basedarchitecture, which provides a trusted execution environment to execute above data securityprotection mechanisms. First of all, we realize formal modeling and safety proving for thetransfer of platform trust chain and afford theoretical support. Given the openness of OS, in ordernot to increase the user’s security overhead, we enhance credibility in VMM (a virtual machinemonitor) layer, and propose a unordered trust chain transfer mode, which provides integritymeasurement and isolation protection for executable program for the upper VMs againstmalicious code tampering and destroy data security mechanism destroying. To reduce thesecurity overhead of cloud service providers, it is assumed that only part of the host cloudinfrastructure is enhanced, then we propose a credibility binding plan of virtual machine imagesand cloud computing environment.更多还原