Cloud platform trusted log auditing method for privacy protection based on trusted third party

Abstract

The invention discloses a cloud platform trusted log auditing method for privacy protection based on a trusted third party, and belongs to the field of cloud computing. The method comprises the following steps: step 1: collecting a cloud platform auditing log; step 2: securely transmitting the auditing log; step 3: generating and publishing a verification data structure of a third party auditing log; and step 4 verifying the auditing logs of a cloud service provider and the cloud user. Auditing responsibility association objects are added in the auditing events of different cloud service modes(IaaS, PaaS, SaaS), reliable collection and transmission of the auditing logs are provided based on trusted hardware, auditing log verification supporting privacy protection is provided based on a hierarchical random Merkle hash tree, and the cloud auditing responsibility chasing of cloud service providers and cloud users is supported.

Description

technical field [0001] The invention relates to a cloud security audit method, in particular to a privacy protection-oriented cloud platform trusted log audit method based on a trusted third party, which belongs to the field of cloud computing. Background technique [0002] More and more enterprises and individual users choose to deploy their business systems on public cloud, private cloud or hybrid cloud. In order to protect the legitimate rights and interests of both parties using and providing cloud services, it is more fair for the cloud service provider (Cloud Service Provider, CSP, also known as cloud service provider) to entrust a trusted third party (Trusted ThirdParty, TTP) Audit the use of cloud users (Cloud Tenant, CT, also known as cloud tenants) and the status of the cloud platform itself, and find out the illegal operations of cloud platform service providers and cloud users according to the information contained in the audit logs, and carry out corresponding a...

AI Technical Summary

Problems solved by technology

First, the object content of cloud audit is not clear, and it is difficult to hold accountable

Second, audit logs lack reliable and efficient integrity and authenticity protection

Third, the audit method may leak the privacy of cloud users and cloud service providers

The content of the cloud audit object is unclear: this is because the current cloud computing usually provides IaaS, PaaS, and SaaS services based on virtualization technology, multi-tenant architecture, and outsourcing. Many implementation details are shielded, and the security boundary between CT and CSP is no longer Clear, so the object of cloud audit is not clear, and it is not possible to pursue accountability for different cloud service models; the lack of integrity and authenticity protection of audit logs, audit log data is usually recorded on the cloud platform by software, and it is easy to be malicious The CSP administrator clears and destroys, unable to protect its integrity and authenticity, resulting in audit failure

In addition, in the face of the massive audit logs generated by the cloud platform, how to improve the verification efficiency is also a difficult problem; for the problem that the cloud audit method may leak the privacy of the audited object: first, because the cloud is provided to the user in the form of a service, it is visible to the user Poor security, cloud users have no way of knowing whether their own audit information has been leaked to unauthorized parties (such as other cloud users or malicious cloud service provider administrators), introducing a trusted third party can partially solve this problem

[0004] Most of the existing cloud service and cloud security audit researches focus on the overall performance of the cloud platform or the collection and verification test of the security evidence of a single service model. The evaluation was carried out and the factors leading to the instability of its service were found. Chen C et al. tested the memory and CPU usage of the cloud platform IaaS resources used by users to verify whether the user payment is reasonable. Audit object description methods for different cloud service models; AnbangRuan et al. proposed RepCloud, which uses TPM trusted hardware to protect the generated cloud evaluation data from tampering, but did not consider the low verification efficiency of audit logs in this way; Xu Ziyao et al. Trust computing technology uses the Merkle hash tree as the audit log storage structure, which improves the verification efficiency, but the verification process needs to modify the internal functions of the existing TPM security chip, which is not conducive to application promotion; Gu L et al. discussed cloud users, cloud services The problem of privacy protection of suppliers, but no specific implementation method is given

Deming et al. proposed a security log generation method for cloud computing environments, which mainly generates security logs by merging the unique identity of the user in the resource state table with the meta log. However, this method does not Logs provide integrity protection measures; Ye Sihai et al. proposed a trustworthy measurement method for cloud computing platforms, which introduces a third party to measure software operation indicators in cloud computing platforms, but does not consider privacy protection in the process of user audit verification question

Images