一种支持多域访问的可信云终端设计  被引量：2

作　　者：段翼真[1,2] 刘忠 施展[3] Duan Yizhen;Liu Zhong;Shi Zhan(Chengdu Institute of Computer Application, Chinese Academy of Sciences, Chengdu 610041, China;University of Chinese Academy of Sciences, Beijing 100049, China;School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China)

机构地区：[1]中国科学院成都计算机应用研究所,四川成都610041 [2]中国科学院大学,北京100049 [3]华中科技大学计算机科学与技术学院,湖北武汉430074

出　　处：《华中科技大学学报（自然科学版）》2017年第12期32-38,共7页Journal of Huazhong University of Science and Technology(Natural Science Edition)

基　　金：国防基础科研项目(B0420132604)

摘　　要：为了通过单台物理终端同时运行不同安全等级业务系统、多域访问不同安全等级云服务,综合利用虚拟机技术和可信计算技术,提出了一种可信云计算环境下的多域访问终端解决方案.该方案通过可信密码模块(TCM)虚拟化和信任链传递机制实现可信环境的构建,利用Hypervisor多级安全访问控制框架和多域通信管理保证多级安全云服务的隔离和多域并发访问.实验结果表明:该方案是可行和有效的,可以为多域访问提供基础平台的支撑,同时可信机制给系统带来的性能损耗相对较小,可以满足实际应用过程中的性能需求.As trusted cloud computing environment is a logical isolation of multi-domain environment,through a single physical terminal running different security level application systems to multi-domain access different security level cloud services at the same time has an urgent need.Based on the virtual machine technology and trusted computing technology,a multi-domain access terminal solution for trusted cloud computing environment was proposed.TCM（trusted cryptography module）virtualization and trust chain transfer mechanism were used to construct a trusted terminal environment,and the hypervisor′s multi-level security access control framework and the multi-domain communication management were used to assure the isolation of multi-level security cloud service and multi-domain concurrent access.Experimental result shows that the scheme is feasible and effective,which can provide a basic platform support for multi-domain access,and the performance cost of trusted mechanism is relatively small,which can meet the performance requirements in the process of actual application.

关 键 词：可信云 多域访问 多级安全 可信密码模块(TCM)虚拟化 信任链 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]