摘要
近年来,云计算已成为信息技术领域研究的焦点,受到学术界、产业界以及政府的广泛关注。云计算可以抽象为大规模的共享虚拟资源池,通过网络为用户提供软件资源、计算资源和存储资源,降低用户成本,提高各类资源的利用效率。随着云计算的普及和推广,安全问题已成为制约其发展的重要因素。存储于云平台中大量有价值的资源成为攻击目标,面临数据泄露、服务滥用、隐私及版权侵犯等安全威胁。目前已发生的各类服务中断和信息泄露事件,对各类企业和组织大规模应用云计算服务造成重大障碍。因此,探索关于云安全问题的解决方案显得十分迫切。
本文以云安全为研究对象,主要针对云平台中Java虚拟机的运行环境安全和Java软件安全这两个问题展开研究。论文的主要工作和贡献如下:
1.针对云平台中Java软件以及Java虚拟机面临的安全威胁,提出在云平台中构建水印感知的Java安全运行环境体系结构。该体系结构基于Java信任链理论,旨在解决两类问题:一是保护Java软件宿主平台(Java虚拟机)的安全;二是保护云平台中Java软件的安全。
2.针对云平台中Java软件的安全问题,提出基于软件水印的保护方案,弥补了加密等方式对于解密后的软件无法继续提供保护的不足,为云平台中的软件保护提供了新的思路。该方案在云平台中部署软件水印嵌入和检测模块,可以有效抵制内部攻击者的软件窃取行为。本文基于MapReduce框架实现了云平台中大规模软件水印的并行操作技术,为方案的有效实行提供保障。
3.针对云平台中Java虚拟机的安全问题,设计并实现了水印感知的Java虚拟机。本文在分析Java虚拟机的运行机制和源代码基础上,重编译Java虚拟机使其具有软件水印识别和响应的功能。定制的Java虚拟机能够在Java程序运行之前对其进行可信性验证:仅允许嵌有正确软件水印信息的程序运行,实现对不可信软件的管制,保证Java虚拟机运行环境安全。
4.设计并实现了一个软件水印原型系统TRUP,用于对本文提出的软件水印方案提供支持和验证。TRUP集成了经典的Java软件水印算法,支持软件水印的嵌入和提取等基本操作,实现了动态加载和卸载水印算法以及软件水印算法推荐功能,并结合Hadooop应用于云平台的大规模软件水印并行处理。
For the past few years, cloud computing has become the focus of information tech-nology field, which attracted widely attention from the academic, industry and govern-ment. Cloud computing is a large pool of easily usable and accessible virtualized re-sources, providing the users with software resources, computing resources and storageresources through the network. It cuts down the users’cost and improve the resources’efciency. However, with the rapid popularization of cloud computing, security issue hasbecome the critical factor which impedes its development. The elastic cloud resourcesand huge datasets processed are subject to security breaches, privacy abuses, and copy-right violations. The accidents such as service interruptions and data breaches keep theenterprises and organizations from deploying their business in the cloud. Therefore, it aurgent issue to explore the countermeasures for securing the cloud.
Among these security issues in cloud computing, this thesis focuses on two topics.One is the runtime environment security of Java Virtual Machine in the cloud, and theother is Java software protection in the cloud storage. The main contributions of thisthesis are summarized as follows.
(1) We propose a watermark-aware Java security runtime environment frameworkin the cloud, with the goal to mitigate the security gaps for both Java program and JavaVirtual Machine in the cloud. The framework based on Java trusted chain can be appliedto protect the Java Virtual Machine and the Java program residing in the cloud.
(2) Java program resides in the cloud are subject to security breaches. We designand implement an cloud-based watermarking system to mitigate the security gaps. It canefectively defends the attackers from stealing the software and provide an clue for trac-ing, which compensates the defects that encryption cannot cover the threat of decipheredprogram. Furthemore, we employ MapReduce to conduct the large-scale watermarkingoperations in the cloud, making our cloud-based watermarking scheme feasible.
(3) We present and implement a watermark-ware Java Virtual Machine. Based onthe analysis of mechanism and source code of Java Virtual Machine, we re-compile it inorder to realize its ability for recognizing the watermark and taking according response.The customized Java Virtual Machine is capable of verifying the credibility of a Java program before its running. Only trusted Java program can be executed in this Javasecurity runtime environment, while wiping out the untrusted Java program.
(4) We design and implement a software watermarking prototype named TRUP,for supporting and verifying the software watermarking schemes proposed in this thesis.TRUP consists of typical Java software watermarking algorithms, including embeddingand extracting the software watermark, dynamically loading and ofoading the water-marking algorithms, intelligent recommending of the watermarking algorithms. We fur-ther applied TRUP to handle large-scale watermarking operations in the cloud, combiningwith the Hadoop framework.
引文
[1] Armbrust M, et al. Above the Clouds: A Berkeley view of cloud computing. Technical ReportUCB/EECS-2009-28, EECS Department, University of California, Berkeley, February,2009.
[2] Mell P, Grance T. The NIST Definition of Cloud Computing (Draft). Technical Report800-145, NIST, January,2011.
[3] Cloud Security Alliance. Security Guidance for Critical Areas of Focus,, December,2009.
[4] IDC, International Data Corporation. http://www.idc.com.cn/.
[5] Paliath P. Microsoft and IDC Forecast Cloud Computing To Create14Million Jobs By2015,Mar,2012.
[6] Bradley T. Google Outages Damage Cloud Credibility, Sept,2009.
[7] Brooks C. Salesforce.com sufers service outage after operations failure, Jan,2010.
[8] Johnston S J. Microsoft Cops to Cloud Computing Platform Outage, Aug,2010.
[9] Daw D. Amazon Outage Crashes Reddit, Quora, and Other Websites, Apr,2011. http://www.pcworld.com/article/225877/amazon outage crashes reddit%quora and other websites.html.
[10] Needleman R. Google Docs sufers30-minute outage, Sept,2011.
[11] Li F Q. Cloud Computing and its benefits, Oct,2010.
[12] Survey: Cloud Computing’No Hype’, But Fear of Security and Control Slowing Adoption,Feb,2009. http://www.circleid.com/posts/20090226cloud computing hype security/.
[13] IDC. Cloud Computing2010.
[14] Hwang K, Li D. Trusted Cloud Computing with Secure Resources and Data Coloring. IEEEInternet Computing,2010,14(5):14–22.
[15] Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud ComputingV3.0, Nov,2011. https://cloudsecurityalliance.org/research/security-guidance/.
[16] Business Software Alliance. Sixth Annual BSA and IDC Global Software Piracy Study, May,2009.
[17] Business Software Alliance. Seventh Annual BSA and IDC Global Software Piracy Study,May,2010.
[18] Business Software Alliance.2011BSA Global Software Piracy Study, May,2012.
[19] Business Software Alliance. Eighth Annual BSA and IDC Global Software Piracy Study, May,2011.
[20] Zhu W F. Concepts and Techniques in Software Watermarking and Obfuscation[D]. NewZealand: The Department of Computer Sciences, The University of Auckland, Aug,2007.
[21] Software Watermarking via Assembly Code Transformations[M].
[22] Bhattacharya S, Cortesi A. Zero-Knowledge Software Watermarking for C Programs. Pro-ceedings of Proceedings of the2010International Conference on Advances in Communication,Network, and Computing, Washington, DC, USA: IEEE Computer Society,2010.282–286.
[23]Collberg C, Thomborson C. Software Watermarking:Models and Dynamic Embeddings. Pro-ceedings of POPL,1999.311-324.
[24]Collberg C, Thomborson C. Watermarking, Tamper-Proofing, and Obfuscation—Tools for Software Protection. IEEE Trans. Software Eng.,2002,28(8):735-746.
[25]Zhu W, Thomborson C. Recognition in software watermarking. Proceedings of First ACM International Workshop on Content Protection and Security (MCPS06), New York, NY, USA: ACM,2006.29-36.
[26]Nagra J, Thomborson C, Collberg C. Software Watermarking:Protective Terminology. Pro-ceedings of Proceedings of the ACSC2002,2002.
[27]Collberg C, Carter E, Debray S, et al. Dynamic Path-Based Software Watermarking. Proceed-ings of SIGPLAN'04Conference on Programming Language Design and Implementation,2004.
[28]Collberg C S, Thomborson C D. Software Watermarking:Models and Dynamic Embeddings. Proceedings of POPL,1999.311-324.
[29]Zhang C, Wang J, Thomborson C D, et al. A semi-dynamic multiple watermarking schemefor java applications. Proceedings of Digital Rights Management Workshop,2009.59-72.
[30]Zhu W, Thomborson C, Wang F Y A Survey of Software Watermarking. Proceedings of ISI,2005.454-458.
[31]Collberg C, Nagra J. Surreptitious Software:Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional, July,2009.
[32]Collberg C, Thomborson C, Low D. A Taxonomy of Obfuscating Transforma-tions. Technical Report148, Department of Computer Sciences, The University of Auckland, Jul,1997. http://www.cs.auckland.ac.nz/$\sim$collberg/Research/Publications/CollbergThomborsonLow97a/index.html.
[33]王建民,余志伟,王朝坤et al. Java程序混淆技术综述.计算机学报,2011,9(2):1578-1588.
[34]孙光,孙星明,杨蓉,et al.可嵌入水印的混淆编译框架.科学技术与工程,2005,5(10):656-660.
[35]王朝坤,付军宁,王建民,et al.软件防篡改技术综述.计算机研究与发展,2011,48(6):923-933.
[36]Naumovich G, Memon N D. Preventing Piracy, Reverse Engineering, and Tampering. IEEE Computer,2003,36(7):64-71.
[37]Wurster G, Oorschot P C, Somayaji A. A Generic Attack on Checksumming-Based Software Tamper Resistance. Proceedings of IEEE Symposium on Security and Privacy,2005.127-138.
[38]Chen H Y, Hou T W, Lin C L. Tamper-proofing basis path by using oblivious hashing on Java. SIGPLAN Notices,2007,42(2):9-16.
[39]Cappaert J, Preneel B, Anckaert B, et al. Towards Tamper Resistant Code Encryption:Practice and Experience. Proceedings of ISPEC,2008.86-100.
[40]Park T, Shin K G. Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks. IEEE Trans. Mob. Comput.,2005,4(3):297-309.
[41]Thomborson C D, Nagra J, Somaraju R, et al. Tamper-proofing Software Watermarks. Pro-ceedings of ACSW Frontiers,2004.27-36.
[42]Venners B. Inside the Java Virtual Machine.1st ed., McGraw-Hill Professional,1999.
[43]Heiss J J. Java Champion Adam Bien on Java EE and Cloud Computing,2009.
[44]Oracle Java Cloud Service. https://cloud.oracle.com/mycloud/f?p=service:java:0.
[45]盛拓.2010年中国云计算调查报告.Technical report, Sept,2010.
[46]Ghalimi I C. Cloud Computing is Memory Bound.2010..
[47]Jackson J. Java8gears up for the cloud, Aug,2011. http://www.infoworld.com/d/application-development/java-8-gears-the-cloud-169068.
[48]Java8整装待发图谋云计算.硅谷,2012,(5):50-51.
[49]Cloud Security Alliance. Top Threats to Cloud Computing V1.0, Mar,2010. https://cloudsecurity alliance.org/research/top-threats/#_downloads.
[50]Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud:exploring infor-mation leakage in third-party compute clouds. In:Al-Shaer E, Jha S, Keromytis A D,(eds.). Proceedings of ACM Conference on Computer and Communications Security. ACM,2009.199-212.
[51]Zhang Y, Juels A, Reiter M K, et al. Cross-VM side channels and their use to extract private keys. Proceedings of ACM Conference on Computer and Communications Security,2012.305-316.
[52]Cloud Security Alliance. The Notorious Nine Cloud Computing Top Threats, Feb,2013. http://www.chinacloud.cn/upload/2013-03/13030711513081.pdf.
[53]Joshi B, Vijayan A, Joshi B. Securing cloud computing environment against DDoS attacks. Proceedings of Computer Communication and Informatics (ICCCI),2012International Con-ference on,2012.1-5.
[54]Lian S, Zhang Y, Lian S, et al. Handbook of Research on Secure Multimedia Distribution. Hershey, PA:Information Science Reference,2009.
[55]Lian S, Kanellopoulos D, Ruffo G. Recent Advances in Multimedia Information System Se-curity. Informatica (Slovenia),2009,33(1):3-24.
[56]Rindfleisch T C. Privacy, information technology, and health care. Communications of the ACM,1997,40(8):93-100.
[57]Bertino E. Data Security. Data Knowl. Eng.,1998,25(1-2):199-216.
[58]Li D, Liu C, Gan W. A new cognitive model:Cloud model. Int. J. Intell. Syst.,2009,24(3):357-375.
[59]Li D, Men H, Shi X. Membership clouds and membership cloud generators. Computer Re-search and Development,(in Chinese),1995,32(6):15-20.
[60]Hwang K, Kulkareni S, Hu Y Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement. Proceedings of Eighth IEEE International Conference on Dependable, Au-tonomic and Secure Computing (DASC'09),2009.717-722.
[61]Liu Y, Ma Y, Zhang H, et al. A Method for Trust Management in Cloud Computing:Data Coloring by Cloud Watermarking. International Journal of Automation and Computing,2011,8(3):280.
[62]Tharaud J, Wohlgemuth S, Echizen I, et al. Privacy by Data Provenance with Digital Water-marking-A Proof-of-Concept Implementation for Medical Services with Electronic Health Records. Proceedings of IIH-MSP,2010.510-513.
[63]Yu Z, Thomborson C D, Wang C, et al. A cloud-based watermarking method for health data security. Proceedings of HPCS,2012.642-647.
[64]Yang C T, Lin C H, Chang G L. Implementation of Image Watermarking Processes on Cloud Computing Environments. In:Chang R S, Kim T h, Peng S L,(eds.). Proceedings of Security-Enriched Urban Computing and Smart Grid. Springer Berlin Heidelberg,2011:131-140.
[65]Arbaugh W A, Farber D J, Smith J M. A Secure and Reliable Bootstrap Architecture. Pro-ceedings of IEEE Symposium on Security and Privacy,1997.65-71.
[66]Sailer R, Zhang X, Jaeger T, et al. Design and Implementation of a TCG-based Integrity Measurement Architecture. Proceedings of USENIX Security Symposium,2004.223-238.
[67]李晓勇,韩臻,沈昌祥Windows环境下信任链传递及其性能分析.计算机研究与发展,2007,44(11):1889-1895.
[68]Shi Y, Han Z, Shen C X. The transitive trust in Java virtual machines. Proceedings of Machine Learning and Cybernetics,2009International Conference on, volume5,2009.2802-2805.
[69]Li X Y, Zhou L T, Shi Y, et al. A trusted computing environment model in cloud architecture. Proceedings of ICMLC,2010.2843-2848.
[70]Litty L, Lie D. Manitou:a layer-below approach to righting malware. Proceedings of ASID,2006.6-11.
[71]Payne B D, Carbone M, Sharif M I, et al. Lares:An Architecture for Secure Active Monitoring Using Virtualization. Proceedings of IEEE Symposium on Security and Privacy,2008.233-247.
[72]Fukushima K, Kiyomoto S, Miyake Y Towards Secure Cloud Computing Architecture-A Solution Based on Software Protection Mechanism-. Journal of Internet Services and Infor-mation Security (JISIS),2011,1(1):4-17.
[73]Catteddu D, Hogben G. Cloud Computing:benefits, risks and recommendations for informa-tion security. Technical report, Technical Report. European Network and Information Security Agency, Sept,2009.
[74]Lenk A, Klems M, Nimis J, et al. What's inside the Cloud? An architectural map of the Cloud landscape. Proceedings of Proceedings of the2009ICSE Workshop on Software Engineering Challenges of Cloud Computing, Washington, DC, USA:IEEE Computer Society,2009.23-31.
[75]Business Software Alliance. BSA Global Cloud Computing Scorecard. Technical report, February,2012.
[76] TCG. TCG Specification Architecture Overview. Specification Revision1.4. Technical re-port, Aug,2007. http://sparrow.ece.cmu.edu/group/731-s07/readings/TCG13ArchitectureOverview.pdf.
[77] Zhu W, Thomborson C. On the QP algorithm in software watermarking. Proceedings of Pro-ceedings of the2005IEEE international conference on Intelligence and Security Informatics,Berlin, Heidelberg: Springer-Verlag,2005.646–647.
[78] Stern J P, Hachez G, Koeune F, et al. Robust Object Watermarking: Application to Code.Proceedings of Information Hiding,1999.368–378.
[79] Collberg C, Thomborson C, Low D. Manufacturing Cheap, Resilient, and Stealthy OpaqueConstructs. Proceedings of POPL,1998.184–196.
[80] Identity Theft Resource Center. Data Breaches,,2007-2011. http://www.idtheftcenter.org/index.html.
[81] Liu L, Yu E S K, Mylopoulos J. Security and Privacy Requirements Analysis within a SocialSetting. Proceedings of Eleventh IEEE International Conference on Requirements Engineering(RE2003). IEEE Computer Society,2003.151–161.
[82] Thomborson C. A Framework for System Security. In: Stamp M, Stavroulakis P,(eds.). Pro-ceedings of Handbook of Information and Communication Security. Springer,2010:3–20.
[83] Yu Z, Thomborson C, Wang C, et al. A security model for VoIP steganography. Proceedingsof Multimedia Information Networking and Security,2009., volume1,2009.35–40.
[84] Amazon. Introduction to Elastic MapReduce, API version2009-03-31ed.,2009.
[85] Sandhu, Samarati. Access Control: Principles and Practice. IEEE Communications Magazine,1994,32(9):40–49.
[86] Matsui M, Yamagishi A. A New Method for Known Plaintext Attack of FEAL Cipher. Pro-ceedings of EUROCRYPT,1992.81–91.
[87] Dean J, Ghemawat S. MapReduce: Simplified Data Processing on Large Clusters. Proceedingsof OSDI,2004.137–150.
[88] Jericho Forum. Position Paper–COA Framework, November,2008.
[89] Jericho Forum. Position Paper–Collaboration Oriented Architectures, Version2.0, November,2008.
[90] Myles G, Collberg C. Software watermarking via opaque predicates: Implementation, analysis,and attacks. Electronic Commerce Research,2006,6(2):155–171.
[91] Arboit G. A Method for Watermarking JAVA Programs via Opaque Predicates. Proceedingsof Fifth International Conference on Electronic Commerce Research (ICECR-5),2002.
[92] Zunnurhain K, Vrbsky S V. Security Attacks and Solutions in Clouds. Technical report,Department of Computer Science, The University of Alabama, Aug,2010.
[93] Myles G. Software Theft Detection Through Program Identification[D]. Department of Com-puter Science: University of Arizona, March,2006.
[94] Zhang C, Wang J, Thomborson C, et al. A semi-dynamic multiple watermarking schemeforjava applications. Proceedings of Digital Rights Management Workshop,2009.59–72.
[95] Qu G, Potkonjak M. Hiding Signatures in Graph Coloring Solutions. Proceedings of the ThirdInternational Workshop on Information Hiding, London, UK: Springer-Verlag,1999.348–367.