期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2015
卷号:9
期号:10
页码:395-404
DOI:10.14257/ijsia.2015.9.10.36
出版社:SERSC
摘要:In the field of cloud security, the cloud provider don't disclose any internal configuration information to protect itself, so the client know nothing about their data stored in the cloud and security status of the node providing services for them, thereby it causes the client's worry whether to adopt cloud computing services. So that the trust between client and cloud computing provider become one of the biggest obstacles hindering the development of the cloud computing. Based on Direct Anonymous Attestation (DAA) and Dynamic Property Trusted Attestation (DPTA), we propose a client oriented remote attestation (CORA) model in cloud environment, client can select a node in the cloud at corresponding security level according to their own needs and can dynamically verify the node's security status. At the same time, because the use of anonymous method it will not expose classified information of the node, such as configuration and location information etc. Furthermore we add service life of certificates to update certificates regularly, which enhanced the security of the attestation.
