计算机科学与技术系学术报告会(2010.第六讲)

Title:

Policy-Based Infrastructure Assurance through Trusted Computing

题目:

用可信计算方法实现基于策略的可信基础架构

Speaker:

Jeffrey M. Nick

Senior Vice President Chief Technology Officer, EMC Corporation

Time:

May 25, 10:00, 2010

Place:

FIT 1-315

Contact:

 Yongwei WU (wuyw@tsinghua.edu.cn)

Abstract:

A significant challenge for enterprises moving to cloud computing is establishing trust in a cloud provider its infrastructure for sensitive workloads. Enterprises who move workloads into the cloud will need visibility into the infrastructure the ability to assess security posture, trust measurements of security, demonstrate to auditors that the infrastructure complies with a set of regulations policies. Intel, RSA, VMware recently introduced a solution that allows a cloud provider to report on the configuration of the virtual infrastructure used by a tenant’s virtual machines, based on a verifiable measurement of trust in the hardware hypervisor. Such a measurement ensures a tenant that the provider is following security best practices, including booting from a secure root of trust, protected from rootkits other malware. In this talk, I’ll share some of the details of this approach of securely booting, measuring hardware software, assessing those measurements against a security policy, reporting results.

摘要:

企业转向云计算平台所面临的重大挑战是和云供应商(包括云计算商提供的基础设施)建立信任以保证企业敏感负载和应用的安全。那些把重要负载转向云的企业需要能够可视化地获知云基础设施的信息,并且能够评估云基础设施的安全状态,可信的度量其安全性,以及能向审计部门展示这个云基础设施确实遵循了一系列法规和政策。英特尔,RSA和威睿(VMware)公司最近强强联手推出了这么一套解决方案:基于硬件和虚拟机监控器所提供的可验证的信任度量,从而云提供商能够报告租客虚拟机所使用的虚拟基础设施的配置。这种度量确保了租客能够得知云提供商遵循了最佳安全做法(例如从可信基的安全引导,获得安全保护以防止rootkis和其他恶意软件的载入)。在这个报告中我将会分享此方案的一些细节包括(1)安全启动引导技术;(2)度量硬件和软件的技术;(3)评估度量是否遵循安全策略;(4)如何可视化的获得最终报告。

BIO:

As CTO of EMC, Nick leads EMC‘s Corporate Office of Technology, which is responsible for defining the company‘s evolving information infrastructure technology vision strategy. Nick chairs EMC‘s CTO Council, which is the company‘s internal forum for technical collaboration on information infrastructure design initiatives. Nick founded chairs EMC‘s corporate Fellow Distinguished Engineer Review Boards, which are responsible for recognizing leveraging EMC‘s top technical talent in shaping integrated technology solutions for EMC‘s customers. Nick joined EMC in September 2004 from IBM, where he held the distinguished title of IBM Fellow, the highest technical honor that IBM bestows on its IT innovators. Nick graduated Magna Cum Laude from Marist College. He currently holds more than 80 U.S. patents in computer systems technology.