TRUSTED COMPUTING BASED SECURITY ARCHITECTURE FOR MOBILE CLOUD COMPUTING

摘要

Clouds are a large pool of virtualized resources such as hardware, development platforms and services which are easily accessible via internet. These resources can be configured dynamically to adjust to a variable load and for an optimum resource utilization. The available pool of resources is used by a pay-per-use model in which service guarantees are offered by the Infrastructure Provider by means of customized Service Level Agreements. Cloud paradigm is becoming popular among businesses as it reduces upfront infrastructure investments and maintenance costs. In a cloud environment the physical location of the data is independent of its representation and the data owner does not have control over the physical placement of data and integrity of virtual machine images loaded by the cloud provider remains an open issue. Important capabilities of cloud computing are its rapid elasticity that allows to scale the provided computational and storage resources in line with the demand, as well as the built-in capability to measure the service at an appropriate level of abstraction. To ensure trust in a cloud environment, the organization makes a commitment and places trust into the control mechanisms and processes employed by the cloud provider. Trust through the use of cloud computing, the organization relinquishes control over significant parts of aspects of security and privacy. As a result of this, it makes easier for an insider to access the information provoking both intentional incidents leading to loss or corruption of data. Another risk is due to the lack of clarity over data ownership. There are fewer mechanisms for data protection when data is created through cloud services are maintained in cloud storage. The first scheme depends on the migration capabilities offered by the type of the cloud service provider. The second scheme depends on the visibility of the state of the system and the state of the data produced by the cloud. One of the main issues in cloud environment is separation between a cloud providers and users. The users may be malicious nodes or hackers who intend to avoid inadvertent or intentional access to sensitive information. Cloud provider uses virtual machines (VMs) and a hypervisor to separate customers. Trusted cloud computing technologies can provide significant security improvements for Virtual Machine and virtual network separation. Hardware supported verification ensures verification of hypervisors and virtual machines. User does not have control nor knowledge of the physical placement of the data in the cloud after scheduling. To ensure strong policies and practices that address cloud security issues, each user should have a legal and regulatory mechanism to inspect cloud provider policies and practices to ensure their adequacy. The trusted storage and trusted platform management and access techniques can play a key role in limiting access to data. An automated monitoring is the best solution for trusted cloud computing base which enables the integration of different security systems and provides real-time notification of incidents and of user misbehavior.