一种支持多域访问的可信云终端设计.docVIP

一种支持多域访问的可信云终端设计 段翼真 刘忠 施展 中国科学院成都计算机应用研究所 中国科学院大学 华中科技大学计算机科学与技术学院 X 关注成功！ 加关注后您将方便地在 我的关注中得到本文献的被引频次变化的通知！ 新浪微博 腾讯微博 人人网 开心网 豆瓣网 网易微博 摘????要： 为了通过单台物理终端同时运行不同安全等级业务系统、多域访问不同安全等级云服务, 综合利用虚拟机技术和可信计算技术, 提出了一种可信云计算环境下的多域访问终端解决方案.该方案通过可信密码模块 (TCM) 虚拟化和信任链传递机制实现可信环境的构建, 利用Hypervisor多级安全访问控制框架和多域通信管理保证多级安全云服务的隔离和多域并发访问.实验结果表明:该方案是可行和有效的, 可以为多域访问提供基础平台的支撑, 同时可信机制给系统带来的性能损耗相对较小, 可以满足实际应用过程中的性能需求. 关键词： 可信云; 多域访问; 多级安全; 可信密码模块 (TCM) 虚拟化; 信任链; 作者简介：段翼真 (1984-) , 男, 博士研究生, E-mail:253830444@. 收稿日期：2016-11-27 基金：国防基础科研项目 (B0420132604) Design of trusted cloud terminal supporting multi-domain access Duan Yizhen Liu Zhong Shi Zhan Chengdu Institute of Computer Application, Chinese Academy of Sciences; School of Computer Science and Technology, Huazhong University of Science and Technology; Abstract： As trusted cloud computing environment is a logical isolation of multi-domain environment, through a single physical terminal running different security level application systems to multi-domain access different security level cloud services at the same time has an urgent need.Based on the virtual machine technology and trusted computing technology, a multi-domain access terminal solution for trusted cloud computing environment was proposed.TCM (trusted cryptography module) virtualization and trust chain transfer mechanism were used to construct a trusted terminal environment, and the hypervisor′s multi-level security access control framework and the multi-domain communication management were used to assure the isolation of multi-level security cloud service and multi-domain concurrent access.Experimental result shows that the scheme is feasible and effective, which can provide a basic platform support for multi-domain access, and the performance cost of trusted mechanism is relatively small, which can meet the performance requirements in the process of actual application. Keyword： trusted cloud; multi-domain access; multi-level security; TCM (trusted cryptography modu