【作者】 李成明；

【导师】 李明楚；

【作者基本信息】 大连理工大学 ， 计算机应用技术， 2011， 硕士

【摘要】 云计算是一种新型的计算模式,它通过虚拟化技术,整合网络上可利用的计算资源执行海量计算,同时可以根据用户的需求进行动态的资源分配、配置、部署、重部署和撤销云服务。云计算可以在不同的软件栈层向用户提供服务,其中一种是基础设施作为服务(IaaS)的模式,例如基于Xen的亚马逊EC2就是这种服务模式。公司利用云计算可以减少IT花费和投入,从而获得更好的经济效益。然而由于安全的原因,尤其是内部攻击下的数据存储安全,很少有公司会这样做。虚拟存储是云计算中的重要组成部分之一。解决这个问题的最大挑战是如何在云计算的环境下保证用户数据的机密性和完整性。可信计算技术规范中制定了关于硬件存储设备的可信存储的规范,但并未涉及到云计算环境中虚拟存储的可信性问题。为了解决这个挑战,本文在深入学习了Xen虚拟化技术和可信计算技术的基础上,总结了现有云存储技术的优缺点,设计和实现了基于虚拟化技术和可信计算技术的可信虚拟块存储(TVBS)系统。TVBS系统的设计目标是建立一个适用于IaaS云计算环境的,具有可靠性、灵活性、伸缩性和可信性的虚拟存储系统。为了达到这个目标,本文所采取的策略有隔离虚拟块设备的用户层管理程序和内核层执行程序,虚拟化硬件存储设备和限制和分化平台管理员的权限。本文在Xen虚拟化平台上设计和实现了可信虚拟块存储系统TVBS。TVBS主要由可信虚拟块存储管理程序、可信虚拟块存储宿主和可信虚拟块设备三部分组成。其中可信虚拟块设备是本系统核心组件,它具有双向认证、完整性测量和报告、自动加密和日志等功能。TVBS使虚拟块设备对于用户来说和可信的硬件存储设备一样,将平台的可信链扩展到了虚拟块设备。为了提高平台的可扩展性,本文在TVBS系统的基础上设计和实现了Windows平台下的客户端系统。通过实验评估和安全性分析,TVBS系统满足IaaS云计算中存储的性能需求和安全性需求。更多还原

【Abstract】 In age of the internet with the rapid growth in the amount of information and data, cloud computing become a hot research field in industry and academia. Cloud computing is a new computing model which can run the large computing on the various computing resource via network and can dynamically allocate configuration, deploy, redeploy and cancel the cloud services depending on customers’ requirements based on virtualization technologies. Cloud providers may offer services at various layers of the software stack. One type that this paper focuses on is Infrastructure as a Service (IaaS), such as Amazon EC2 base on Xen.Companies utilizing the IaaS cloud computing can gain many benefits in reducing their IT expenses and overhead. In reality, however, this is rarely done because of security concerns, especially storage security of insider attacks. Storage virtualization is a significant part of the cloud computing. A major challenge in solving such concerns is to provide a trusted storage service in cloud computing environment with the trusted computing technical. But recently trusted computing specification under the virtual computing environment does not involve the trustworthiness of virtual storage.To address this challenge, the this paper firstly makes the in-depth study in storage virtualization of Xen virtual machine monitor and trusted computing technologies, and summarizes the advantages and disadvantages of recently research. Then we present novel trusted storage architecture, Trusted Virtual Block Storage (TVBS) System, for storage virtualization in IaaS cloud computing based on Xen virtualization and Trusted Computing technologies. Our system aims at constructing a trusted virtual storage system in the cloud computing environment, which has the features of reliability, flexibility, scalability and trustworthiness.We firstly design and implement the Trusted Virtual Block Storage (TVBS) System based on virtualization and trusted computing technologies, which is consist of TVBD manager, TVBD master and TVBD driver. The TVBD is the core component of the TVBS system, which have the function of integrity measurement and reporting, self-encryption and logging. TVBS makes virtual block device like a trusted physical block device to user and extends host TPM trust into the computing environment within all virtual block devices. For improving the TVBS, we then design and implement the TVBS client system in Windows.The results of the evaluation and security analysis prove that our TVBS system satisfied the requirement of efficient and secure storage in IaaS cloud computing.更多还原