Considering cloud computing continues to grow and flourish, the increasing number of cloud infrastructures results in unlimited resources and convenient pay-as-you-go services, which makes it essential to ensure software integrity (including OS, apps, and configurations) on such massive devices to guarantee both privacy and safety. As a key technical solution, remote attestation allows a remote entity to validate integrity state of targeted cloud devices. Aiming to attest the real integrity state of cloud system and improve scalability and efficiency of existing scheme, a Collective Attestation scheme towards Cloud System named CACS is presented in this paper. First, in order to promote scalability, CACS proposes an attestation scheme based on cooperation between cloud servers. Second, to increase efficiency, CACS puts forward Attestation Relationship Tree structure, which could determine the cooperative objects and tasks during the collective attestation. Besides, identity-based aggregation signature technology is adopted to quickly verify the authenticity of integrity report about cloud servers. To evaluate the efficiency and scalability, CACS is simulated in a large-scale cloud system. Experimental results show that not only is CACS able to effectively prove a cloud system of 30,000 nodes in 19.9 s, but also it could perform well in terms of scalability compared to current cloud system attestation schemes.

考虑到云计算的持续增长和蓬勃发展，云基础架构的数量不断增加，带来了无限的资源和便捷的按需付费服务，这对于确保如此庞大的软件（包括操作系统，应用程序和配置）的完整性至关重要保护隐私和安全的设备。作为一项关键技术解决方案，远程证明允许远程实体验证目标云设备的完整性状态。为了证明云系统的真实完整性，提高现有方案的可扩展性和效率，提出了一种针对云系统的集体认证方案，称为CACS。首先，为了提高可伸缩性，CACS提出了一种基于云服务器之间协作的证明方案。第二，要提高效率，CACS提出了证明关系树结构，可以确定集体证明过程中的协作对象和任务。此外，采用基于身份的集合签名技术，可以快速验证云服务器完整性报告的真实性。为了评估效率和可伸缩性，在大型云系统中模拟了CACS。实验结果表明，CACS不仅能够在19.9 s内有效地证明30,000个节点的云系统，而且与当前的云系统认证方案相比，它在可伸缩性方面也能表现良好。采用基于身份的聚合签名技术，可以快速验证云服务器完整性报告的真实性。为了评估效率和可伸缩性，在大型云系统中模拟了CACS。实验结果表明，CACS不仅能够在19.9 s内有效地证明30,000个节点的云系统，而且与当前的云系统认证方案相比，它在可伸缩性方面也能表现良好。采用基于身份的聚合签名技术，可以快速验证云服务器完整性报告的真实性。为了评估效率和可伸缩性，在大型云系统中模拟了CACS。实验结果表明，CACS不仅能够在19.9 s内有效地证明30,000个节点的云系统，而且与当前的云系统认证方案相比，它在可伸缩性方面也能表现良好。