云计算服务中数据安全的相关问题研究

云计算是一种数据密集型的运算方式,它在数据存储、数据计算及数据传输等方面都具有很大的优势。但是云计算在实际应用中所产生的数据安全问题令人担忧,数据的集中存储及网络上的安全传输问题目前没有得到充分的研究和解决,这也是云计算服务面临的挑战。该文对于云计算服务的数据安全现状进行详细的研究与分析,并且提出云计算服务数据安全保障的基本策略来提高云计算数据的安全性。     

IaaS云安全研究综述

目前,在新一代大规模互联网迅猛发展的背景下,产生的数据量也随之持续增长,这就导致用户的本地设备难以满足海量数据的存储和计算需求。与此同时,云计算作为一种经济高效且灵活的模式,具有易于使用、随用随付、不受时间和空间限制的优势,彻底改变了传统IT基础设施的提供和支付方式,可以有效解决无限增长的海量信息存储和计算问题。因此,在没有昂贵的存储成本和计算资源消耗的情况下,资源有限的用户可以采用云服务提供商（Cloud Service Provider,CSP）为用户提供所期望的服务。其中,基础设施即服务（Infrastructure as a Service,IaaS）作为云计算的三种服务类型之一,将虚拟化、分布式计算和网络存储等技术结合,可以在互联网上提供和租用计算基础设施资源服务（如计算、存储和网络）。故云计算依靠IaaS层提供的计算基础设施资源,使用户不再需要购买额外设备,从而大大降低使用成本,同时也为上层服务奠定基础。然而,随着云计算服务的不断发展,基于IaaS的安全问题引起人们的关注。为了系统了解IaaS的安全研究进展和现状,本文对IaaS的安全问题以及学术界和工业界的解决方案进行了详细调查。首先,本文介绍IaaS的相关理论基础并对分析不同类型的云安全威胁。然后,从学术界现有研究出发,分析IaaS提供的计算、存储和网络服务中存在的安全威胁,并调查现有的解决方案。此外,对工业界中云服务提供商的IaaS安全服务进行重点调查,包括数据安全、网络防护和其他安全服务等方面。最终,展望未来IaaS云安全在学术和工业环境中的发展趋势。     

云计算环境安全综述

伴随云计算技术的飞速发展,其所面临的安全问题日益凸显,在工业界和学术界引起了广泛的关注.传统的云基础架构中存在较高安全风险,攻击者对虚拟机的非法入侵破坏了云服务或资源的可用性,不可信的云存储环境增大了用户共享、检索私有数据的难度,各类外包计算和云应用需求带来了隐私泄露的风险.该文从云计算环境下安全与隐私保护技术的角度出发,通过介绍云虚拟化安全、云数据安全以及云应用安全的相关研究进展,分析并对比典型方案的特点、适用范围及其在安全防御和隐私保护方面的不同效用,讨论已有工作的局限性,进而指出未来发展趋势和后续研究方向.     

Policing as a Service in the Cloud

ABSTRACT

Security and privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for end users. However, the existing security and privacy issues in the cloud still present a strong barrier for users to adopt cloud computing solutions. This paper investigates the security and privacy challenges in cloud computing in order to explore methods that improve the users’ trust in the adaptation of the cloud. Policing as a Service can be offered by the cloud providers with the intention of empowering users to monitor and guard their assets in the cloud. This service is beneficial both to the cloud providers and the users. However, at first, the cloud providers may only be able to offer basic auditing services due to undeveloped tools and applications. Similar to other services delivered in the cloud, users can purchase this service to gain some control over their data. The subservices of the proposed service can be Privacy as a Service and Forensics as a Service. These services give users a sense of transparency and control over their data in the cloud while better security and privacy safeguards are sought.     

基于云计算的数据中心安全体系研究与实现

针对当前数据中心的安全现状,以传统数据中心安全防范体系为框架,按照云计算的要求和特点,采用"云安全"的架构为数据中心的安全体系提出了一种新的解决方案,并根据方案的设计运用一些关键技术对相关模块进行了实验室环境下的对照实现,能通过直观的界面对数据中心的安全性进行控制,以此保障了数据中心的安全,并为今后数据中心安全体系的发展奠定了基础。     

A secure re‐encryption scheme for data services in a cloud computing environment

Cloud computing as a promising technology and paradigm can provide various data services, such as data sharing and distribution, which allows users to derive benefits without the need for deep knowledge about them. However, the popular cloud data services also bring forth many new data security and privacy challenges. Cloud service provider untrusted, outsourced data security, hence collusion attacks from cloud service providers and data users become extremely challenging issues. To resolve these issues, we design the basic parts of secure re‐encryption scheme for data services in a cloud computing environment, and further propose an efficient and secure re‐encryption algorithm based on the EIGamal algorithm, to satisfy basic security requirements. The proposed scheme not only makes full use of the powerful processing ability of cloud computing but also can effectively ensure cloud data security. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security model. Copyright © 2015 John Wiley & Sons, Ltd.     

A method for trust management in cloud computing: Data coloring by cloud watermarking

With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtualized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security.     

基于可信第三方的公有云平台的数据安全存储方案

近些年来,随着云计算的广泛应用,越来越多的企业、机构与个人开始使用云服务,将自己的数据放在云端。在云服务兴起的同时,随之而来的数据安全问题受到越来越多的关注。由于数据储存在云端,因此产生了许多突出的安全性问题。文章提出了一套基于可信第三方平台的公有云数据安全解决方案。该方案以独立的可信第三方平台为核心,在数据加密、密钥管理、数据感知、数据共享、事故责任等方面具有一定的优势。     

DNACDS: Cloud IoE big data security and accessing scheme based on DNA cryptography

The Internet of Everything (IoE) based cloud computing is one of the most prominent areas in the digital big data world. This approach allows efficient infrastructure to store and access big real-time data and smart IoE services from the cloud. The IoE-based cloud computing services are located at remote locations without the control of the data owner. The data owners mostly depend on the untrusted Cloud Service Provider (CSP) and do not know the implemented security capabilities. The lack of knowledge about security capabilities and control over data raises several security issues. Deoxyribonucleic Acid (DNA) computing is a biological concept that can improve the security of IoE big data. The IoE big data security scheme consists of the Station-to-Station Key Agreement Protocol (StS KAP) and Feistel cipher algorithms. This paper proposed a DNA-based cryptographic scheme and access control model (DNACDS) to solve IoE big data security and access issues. The experimental results illustrated that DNACDS performs better than other DNA-based security schemes. The theoretical security analysis of the DNACDS shows better resistance capabilities.     

一种基于云的 Web 应用安全服务

安全云服务的核心思想是借助云计算的高可靠性、弹性扩容、按需定制的特点,将传统硬件网络安全功能虚拟化,以服务的形式对外提供安全防护能力。目前该服务技术和研究处于初期发展阶段,在技术概念、实施架构以及拓展应用方面还没有统一的界定,因此开展安全云服务技术和应用研究具有重要的理论和实践意义。本文以中国科学院信息保障示范工程“Web应用安全云服务平台”为实践背景,首先明确阐述安全云服务的概念、特征、应用领域及国内外发展现状,然后针对Web应用的安全,提出基础架构设计及关键技术,并描述该架构下具体应用的实践效果。     

云计算数据安全技术探讨

计算机技术发展的过程中,数据安全问题一直是一个重要课题,云计算概念的提出为计算机数据安全工作提供了新的解决办法。文章根据目前计算机网络安全的现状,对云计算数据安全技术的相关工作进行探讨。     

基于SecLA的云服务商选择方法研究

云计算应用领域不断拓展,用户越来越关注云服务的安全性,现有云服务商选择方法主要考量性能和费用,缺乏有效的安全属性考评方法,为此提出了基于安全等级协议的云安全量化评比方法。基于云安全联盟的云控制矩阵及配套共识评估问卷,设计了云服务商安全指标体系及量化评分模型;对Web服务协议框架进行扩展,设计了云安全等级协议的模板框架;引入负提供参数来增强比较优势度法,实现了云安全等级的量化评比。实验检验了系列方法的可行性及有效性,与参数评估方法、简单线性加权方法等的对比表明,优先度排序更加合理,负提供参数对决策起到了良好的辅助效果。     

云计算环境下开放数据安全性研究

云计算技术是计算机技术未来发展趋势,云计算技术基于Internet技术,现在是网络时代,数据在网络上传播,保护数据的安全性是迫在眉睫,在云计算技术开发大数据的平台下,如何保护数据的安全是学者广泛研究的范畴.本论文从基于云计算环境下对开发数据的安全性进行研究,从不同层面阐述数据安全性的重要,希望本论文能为研究元计算技术安全性的学者提供理论参考依据.     

Safeguarding Cloud Computing Infrastructure: A Security Analysis

Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.     

Empirical evaluation of a cloud computing information security governance framework

ContextCloud computing is a thriving paradigm that supports an efficient way to provide IT services by introducing on-demand services and flexible computing resources. However, significant adoption of cloud services is being hindered by security issues that are inherent to this new paradigm. In previous work, we have proposed ISGcloud, a security governance framework to tackle cloud security matters in a comprehensive manner whilst being aligned with an enterprise’s strategy.ObjectiveAlthough a significant body of literature has started to build up related to security aspects of cloud computing, the literature fails to report on evidence and real applications of security governance frameworks designed for cloud computing environments. This paper introduces a detailed application of ISGCloud into a real life case study of a Spanish public organisation, which utilises a cloud storage service in a critical security deployment.MethodThe empirical evaluation has followed a formal process, which includes the definition of research questions previously to the framework’s application. We describe ISGcloud process and attempt to answer these questions gathering results through direct observation and from interviews with related personnel.ResultsThe novelty of the paper is twofold: on the one hand, it presents one of the first applications, in the literature, of a cloud security governance framework to a real-life case study along with an empirical evaluation of the framework that proves its validity; on the other hand, it demonstrates the usefulness of the framework and its impact to the organisation.ConclusionAs discussed on the paper, the application of ISGCloud has resulted in the organisation in question achieving its security governance objectives, minimising the security risks of its storage service and increasing security awareness among its users.     

Evaluating cloud deployment scenarios based on security and privacy requirements

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on-demand resources. Despite, however, many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation’s security and privacy goals and relevant cloud computing deployment models. Although the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering, and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work.     

User Centric Block-Level Attribute Based Encryption in Cloud Using Blockchains

Cloud computing is a collection of distributed storage Network which can provide various services and store the data in the efficient manner. The advantages of cloud computing is its remote access where data can accessed in real time using Remote Method Innovation (RMI). The problem of data security in cloud environment is a major concern since the data can be accessed by any time by any user. Due to the lack of providing the efficient security the cloud computing they fail to achieve higher performance in providing the efficient service. To improve the performance in data security, the block chains are used for securing the data in the cloud environment. However, the traditional block chain technique are not suitable to provide efficient security to the cloud data stored in the cloud. In this paper, an efficient user centric block level Attribute Based Encryption (UCBL-ABE) scheme is presented to provide the efficient security of cloud data in cloud environment. The proposed approach performs data transaction by employing the block chain. The proposed system provides efficient privacy with access control to the user access according to the behavior of cloud user using Data Level Access Trust (DLAT). Based on DLAT, the user access has been restricted in the cloud environment. The proposed protocol is implemented in real time using Java programming language and uses IBM cloud. The implementation results justifies that the proposed system can able to provide efficient security to the data present in and cloud and also enhances the cloud performance.     

云计算安全及应用探析

随着云计算的普及和越来越多的云计算产品投入使用,频频爆发的安全事件也呈现在人们眼前,安全问题更加重要并且已经严重制约了其发展。首先对云计算的概念和发展进行了概述,分析了云计算面临的安全威胁,对提出了应对风险的云计算安全防范关键技术,最后对云计算环境下少数民族文化知识服务进行了探讨。     

云环境下自动信任协商机制研究

针对云计算环境带来的安全性问题,在目前云安全模型研究的基础上,对分层的云服务框架模型进行了安全性分析.综合考虑云计算环境特点,在不影响云服务质量的前提下保证数据安全,建立了一个云安全访问控制模型ACCP.该模型利用自动信任协商机制可以不依靠数据中心第三方安全服务,通过双方信任证集的交互和策略的控制自适应地建立组合安全域.通过在用户-服务以及组合服务之间两个场景下信任协商建立过程,表明了模型可行性和有效性.     

利用可信计算技术改善云计算的安全性

云计算影响了互联网上世界上任何地方远程服务器处理、数据存储和共享的方式。这种共享多种分布式资源方式,使得安全问题更加复杂化。本文分析了云计算环境下的安全服务,通过整合可信计算环境来建立云计算系统。可信计算平台模式可以提高云计算的安全性。可信计算模式重要的安全服务包括加密,认证,完整性和保密性等都可以用在云计算系统中。