Cloud service behavior trust model based on non-interference theory

doi:10.11772/j.issn.1001-9081.2016.10.2728

Journal of Computer Applications ›› 2016, Vol. 36 ›› Issue (10): 2728-2732.DOI: 10.11772/j.issn.1001-9081.2016.10.2728

Previous Articles Next Articles

Cloud service behavior trust model based on non-interference theory

XIE Hong'an, LIU Dafu, SU Yang, ZHANG Yingnan

Key Laboratory for Network and Information Security of Chinese Armed Police Force, Engineering University of Chinese Armed Police Force, Xi'an Shaanxi 710086, China, Xi'an Shaanxi 710086, China

Received:2016-03-01 Revised:2016-06-17 Online:2016-10-10 Published:2016-10-10
Supported by:
BackgroundThis work is partially supported by the National Natural Science Foundation of China (61402530), the Basic Research Project of Natural Science in Shaanxi Province (2014JQ8301).

基于无干扰理论的云服务行为可信模型

谢洪安, 刘大福, 苏旸, 张英男

武警工程大学网络与信息安全武警部队重点实验室, 西安 710086

通讯作者: 谢洪安,E-mail:15529332695@163.com
作者简介:谢洪安(1992—),男,江西南昌人,硕士研究生,主要研究方向:网络安全、可信计算;刘大福(1992—),男,四川德阳人,硕士研究生,主要研究方向:网络安全、可信计算;苏旸(1975—),男,陕西西安人,教授,博士,CCF会员,主要研究方向:网络安全、可信计算;张英男(1990—),男,陕西西安人,博士研究生,主要研究方向:网络安全、信息隐藏。
基金资助:
国家自然科学基金资助项目（61402530）；陕西省自然科学基础研究计划项目（2014JQ8301）。

Abstract

Abstract: In order to solve the security threat of resource sharing and privilege existed in cloud service environment, a new cloud trust model based on non-interference theory, namely NICTM, was proposed. The elements existed in cloud service such as domains, actions, situations, and outputs were abstracted to formally define the trusted domain in cloud services. Besides, the theorem of trusted user domain behavior was proved, and the user domain which followed the theorem could be proved to be trusted. Finally the prototype system was built on Xen virtualization platform, and the feasibility of the model was verified by experiments.

Key words: cloud service, trusted cloud, behavior trust, noninterference theory, virtualization

摘要： 为解决云服务环境下存在的资源共享及特权安全威胁，将传统的无干扰理论引入云服务环境中，提出一种基于无干扰理论的云服务可信模型（NICTM）。该模型将云服务中域、动作、状态、输出等进行抽象，形式化地定义了云服务环境中域的可信；然后证明了用户域行为可信定理，符合定理的用户域可以被证明是可信的；最后在Xen虚拟化平台上实现了基于模型的原型系统，并通过实验验证了模型的可行性。

关键词: 云服务, 可信云, 行为可信, 无干扰理论, 虚拟化

CLC Number:

TP309.1

XIE Hong'an, LIU Dafu, SU Yang, ZHANG Yingnan. Cloud service behavior trust model based on non-interference theory[J]. Journal of Computer Applications, 2016, 36(10): 2728-2732.

谢洪安, 刘大福, 苏旸, 张英男. 基于无干扰理论的云服务行为可信模型[J]. 计算机应用, 2016, 36(10): 2728-2732.

References

[1] SMITH J, NAIR R. Virtual Machines: Versatile Platforms for Systems and Processes [M]. Singapore: Elsevier, 2009: 5-8.
[2] 丁滟, 王怀民, 史佩昌, 等.可信云服务[J]. 计算机学报, 2015, 38(1):133-149.(DING Y, WANG H M, SHI P C, et al. Trusted cloud service [J]. Chinese Journal of Computers, 2015, 38(1): 133-149.)
[3] 俞能海, 郝卓, 徐甲甲, 等.云安全研究进展综述[J]. 电子学报, 2013, 41(2):371-381.(YU N H, HAO Z, XU J J, et al. Review of cloud computing security[J]. Acta Electronica Sinica, 2013, 41(2): 371-381.)
[4] 闫世杰, 陈永刚, 刘鹏, 等.云计算中虚拟机计算环境安全防护方案[J]. 通信学报, 2015, 36(11):102-107.(YAN S J, CHEN Y G, LIU P, et al. Security protection mechanism of virtual machine computing environment under the cloud computing [J]. Journal on Communications, 2015, 36(11):102-107.)
[5] SANTOS N, GUMMADI K, RODRIGUES R. Towards trusted cloud computing[C]//Proceedings of the 2009 USENIX Association Workshop on Hot Topics in Cloud Computing. Berkeley: USENIX, 2009: 14-19.
[6] 郭琰.基干VMI的虚拟机安全监控技术研究 [D] 西安:西安工业大学, 2014:20-29.(GUO Y. Virtual machine security monitoring technology based on VMI [D] Xi'an: Xi'an Technological University, 2014:20-29.)
[7] 周振吉, 吴礼发, 洪征, 等.云计算环境下的虚拟机可信度量模型[J]. 东南大学学报(自然科学), 2014, 44(1):45-50.(ZHOU Z J, WU L L F, HONG Z, et al. Trustworthiness measurement model of virtual machine for cloud computing[J]. Journal of Southeast University (Natural Science Edition), 2014, 44(1): 45-50.)
[8] ZHANG L, CHEN X S, LIU L, et al. Trusted domain hierarchical model based on noninterference theory [J]. Journal of China Universities of Posts and Telecommunications, 2015, 22(4): 7-16.
[9] GRAEME P, CHEN L Q, DALTON C. Trusted Computing Platforms[M]. Berlin: Springer, 2014: 1-25.
[10] GOGUEN J A, MESEGUER J. Security policies and security models[C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1982: 11-20.
[11] 林杰, 刘川意, 方滨兴.IVirt基于虚拟机自省的运行环境完整性度量机制[J]. 计算机学报, 2015, 38(1):191-203.(LIN J, LIU C Y, FANG B X. IVirt runtime environment integrity measurement mechanism based on virtual machine introspection[J]. Chinese Journal of Computers, 2015, 38(1): 191-203.)
[12] ZHANG F, CHEN J, CHEN H, et al. CloudVisor: retrofitting protection of virtual machines in muti-tenant cloud with nest virtualization[C]//Proceedings of the 23rd ACM Symposium on Operating System Principles. New York: ACM, 2011: 203-216.
[13] 冯帆.基于VMM的Rootkit检测及防护模型研究[D]. 北京:北京理工大学, 2014:40-48.(FENG F. The research on VMM-based Rootkit detection and protection model[D]. Beijing: Beijing Institute of Technology, 2014:40-48.)

[1]	ZHAO Qiuyun, WEI Le, SHU Hongping. Construction method of cloud manufacturing virtual workshop for manufacturing tasks [J]. Journal of Computer Applications, 2021, 41(7): 2003-2011.
[2]	Gang CHEN, Xiangru MENG, Qiaoyan KANG, Yong YANG. Virtual software defined network mapping algorithm based on topology segmentation and clustering analysis [J]. Journal of Computer Applications, 2021, 41(11): 3309-3318.
[3]	ZHAO Jihong, WU Doudou, QU Hua, YIN Zhenyu. Survivable virtual network embedding guarantee mechanism based on software defined network [J]. Journal of Computer Applications, 2020, 40(3): 770-776.
[4]	XU Yingxin, SUN Lei, ZHAO Jiancheng, GUO Songhui. Virtual field programmable gate array placement strategy based on ant colony optimization algorithm [J]. Journal of Computer Applications, 2020, 40(3): 747-752.
[5]	FAN Hongwei, HU Yuxiang, LAN Julong. Two-stage hardware acceleration resource deployment mechanism for virtual network function [J]. Journal of Computer Applications, 2018, 38(9): 2575-2580.
[6]	LU Zicong, XU Kaiyong, GUO Song, XIAO Jingxu. Dynamic measurement of Android kernel based on ARM virtualization extension [J]. Journal of Computer Applications, 2018, 38(9): 2644-2649.
[7]	LI Shuai, SUN Lei, GUO Songhui. Interrupt path optimization method of virtual cryptographic device with reducing context switching [J]. Journal of Computer Applications, 2018, 38(7): 1946-1950.
[8]	ZHANG Jiachen, LIU Xiaoguang, WANG Gang. Cache optimization for compressed databases in various storage environments [J]. Journal of Computer Applications, 2018, 38(5): 1404-1409.
[9]	WU Wenyan, JIANG Xin, WANG Xiaofeng, LIU Yuan. Multi-scale network replication technology for fusion of virtualization and digital simulation [J]. Journal of Computer Applications, 2018, 38(3): 746-752.
[10]	ZHANG Chuanhao, ZHOU Qiao. Service function chain construction method based on node utility maximization [J]. Journal of Computer Applications, 2018, 38(2): 503-508.
[11]	QI Neng, TAN Liang. Trust chain model with waterfall characteristic based on trusted virtualization platform [J]. Journal of Computer Applications, 2018, 38(2): 327-336.
[12]	LIU Mingcong, WANG Na. Information flow control model for cloud composite service supporting Chinese Wall policy [J]. Journal of Computer Applications, 2018, 38(2): 310-315.
[13]	ZHOU Qiao, YI Peng, MEN Haosong. Virtual network function backup method based on resource utility maximization [J]. Journal of Computer Applications, 2017, 37(4): 948-953.
[14]	LI Jinjin, JIA Xiaoqi, DU Haichao, WANG Lipeng. Efficient virtualization-based approach to improve system availability [J]. Journal of Computer Applications, 2017, 37(4): 986-992.
[15]	WU Zhixue. Advances on virtualization technology of cloud computing [J]. Journal of Computer Applications, 2017, 37(4): 915-923.

Cloud service behavior trust model based on non-interference theory

基于无干扰理论的云服务行为可信模型

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics