摘要： 提出一种基于时间戳的基础设施即服务(IaaS)动态可信证明方法。通过对云节点进行实时的动态度量，并将度量结果与度量时间绑定，验证云节点的当前运行状态可信。基于该方法，结合IaaS的服务业务流程，设计云节点注册证明、虚拟机启动证明及虚拟机关闭证明等远程证明方法，证明用户虚拟机运行于状态可信的云节点上，同时保证虚拟机数据的完整性和机密性。

关键词: 基础设施即服务, 可信证明, 实时证明, 动态度量, 时间戳, 可信云节点

Abstract: A timestamp-based dynamic remote attestation method oriented to Infrastructure as Services(IaaS) is proposed. This method measures the dynamic cloud nodes’ state in real time, binds the time of measurement with the result, and verifies the current trusted running state of cloud nodes. Based on the method, the attestation methods of cloud node register, remote virtual machine boot and shutdown in IaaS computing environment are designed. These IaaS attestation methods can be used to prove that the user’s virtual machine is booted on a cloud node with trusted running state, and protect the integrity and confidentiality of virtual machine data.

Key words: Infrastructure as Service(IaaS), trusted attestation, real-time attestation, dynamic measurement, timestamp, trusted cloud node

中图分类号: 

• TP391