【作者】 余志伟；

【导师】 王建民；

【作者基本信息】 清华大学 ， 计算机科学与技术， 2013， 博士

【摘要】 近年来,云计算已成为信息技术领域研究的焦点,受到学术界、产业界以及政府的广泛关注。云计算可以抽象为大规模的共享虚拟资源池,通过网络为用户提供软件资源、计算资源和存储资源,降低用户成本,提高各类资源的利用效率。随着云计算的普及和推广,安全问题已成为制约其发展的重要因素。存储于云平台中大量有价值的资源成为攻击目标,面临数据泄露、服务滥用、隐私及版权侵犯等安全威胁。目前已发生的各类服务中断和信息泄露事件,对各类企业和组织大规模应用云计算服务造成重大障碍。因此,探索关于云安全问题的解决方案显得十分迫切。本文以云安全为研究对象,主要针对云平台中Java虚拟机的运行环境安全和Java软件安全这两个问题展开研究。论文的主要工作和贡献如下：1.针对云平台中Java软件以及Java虚拟机面临的安全威胁,提出在云平台中构建水印感知的Java安全运行环境体系结构。该体系结构基于Java信任链理论,旨在解决两类问题：一是保护Java软件宿主平台(Java虚拟机)的安全；二是保护云平台中Java软件的安全。2.针对云平台中Java软件的安全问题,提出基于软件水印的保护方案,弥补了加密等方式对于解密后的软件无法继续提供保护的不足,为云平台中的软件保护提供了新的思路。该方案在云平台中部署软件水印嵌入和检测模块,可以有效抵制内部攻击者的软件窃取行为。本文基于MapReduce框架实现了云平台中大规模软件水印的并行操作技术,为方案的有效实行提供保障。3.针对云平台中Java虚拟机的安全问题,设计并实现了水印感知的Java虚拟机。本文在分析Java虚拟机的运行机制和源代码基础上,重编译Java虚拟机使其具有软件水印识别和响应的功能。定制的Java虚拟机能够在Java程序运行之前对其进行可信性验证：仅允许嵌有正确软件水印信息的程序运行,实现对不可信软件的管制,保证Java虚拟机运行环境安全。4.设计并实现了一个软件水印原型系统TRUP,用于对本文提出的软件水印方案提供支持和验证。TRUP集成了经典的Java软件水印算法,支持软件水印的嵌入和提取等基本操作,实现了动态加载和卸载水印算法以及软件水印算法推荐功能,并结合Hadooop应用于云平台的大规模软件水印并行处理。更多还原

【Abstract】 For the past few years, cloud computing has become the focus of information tech-nology field, which attracted widely attention from the academic, industry and govern-ment. Cloud computing is a large pool of easily usable and accessible virtualized re-sources, providing the users with software resources, computing resources and storageresources through the network. It cuts down the users’cost and improve the resources’efciency. However, with the rapid popularization of cloud computing, security issue hasbecome the critical factor which impedes its development. The elastic cloud resourcesand huge datasets processed are subject to security breaches, privacy abuses, and copy-right violations. The accidents such as service interruptions and data breaches keep theenterprises and organizations from deploying their business in the cloud. Therefore, it aurgent issue to explore the countermeasures for securing the cloud.Among these security issues in cloud computing, this thesis focuses on two topics.One is the runtime environment security of Java Virtual Machine in the cloud, and theother is Java software protection in the cloud storage. The main contributions of thisthesis are summarized as follows.(1) We propose a watermark-aware Java security runtime environment frameworkin the cloud, with the goal to mitigate the security gaps for both Java program and JavaVirtual Machine in the cloud. The framework based on Java trusted chain can be appliedto protect the Java Virtual Machine and the Java program residing in the cloud.(2) Java program resides in the cloud are subject to security breaches. We designand implement an cloud-based watermarking system to mitigate the security gaps. It canefectively defends the attackers from stealing the software and provide an clue for trac-ing, which compensates the defects that encryption cannot cover the threat of decipheredprogram. Furthemore, we employ MapReduce to conduct the large-scale watermarkingoperations in the cloud, making our cloud-based watermarking scheme feasible.(3) We present and implement a watermark-ware Java Virtual Machine. Based onthe analysis of mechanism and source code of Java Virtual Machine, we re-compile it inorder to realize its ability for recognizing the watermark and taking according response.The customized Java Virtual Machine is capable of verifying the credibility of a Java program before its running. Only trusted Java program can be executed in this Javasecurity runtime environment, while wiping out the untrusted Java program.(4) We design and implement a software watermarking prototype named TRUP,for supporting and verifying the software watermarking schemes proposed in this thesis.TRUP consists of typical Java software watermarking algorithms, including embeddingand extracting the software watermark, dynamically loading and ofoading the water-marking algorithms, intelligent recommending of the watermarking algorithms. We fur-ther applied TRUP to handle large-scale watermarking operations in the cloud, combiningwith the Hadoop framework.更多还原