共查询到20条相似文献,搜索用时 171 毫秒
1.
文章提出了一个网络安全防护的动态模型,并基于该模型实现了系统原型。该系统实现了信息流的访问控制和攻击分析检测的有机整合,并根据攻击分析检测的结果进行闭环响应;同时利用TCP服务识别技术以及主动端口扫描技术及时地获得网络服务的变化,然后根据这些变化动态加载分析检测规则,提高了攻击分析检测的准确性和效率。实验结果表明,系统有效地实现了闭环动态防护机制。 相似文献
2.
云时代,云应用程序编程接口(API)是服务交付、能力复制和数据输出的最佳载体。然而,云API在开放服务和数据的同时,增加了暴露面和攻击面,攻击者通过数据劫持和流量分析等技术获取目标云API的关键资源,能够识别用户的身份和行为,甚至直接造成背后系统的瘫痪。当前,针对云API的攻击类型繁多,威胁与防护方法各异,缺乏对现有攻击和防护方法的系统总结。该文梳理了云API安全研究中云API面临的威胁和防护方法,分析了云API的演化历程和类别划分;讨论了云API的脆弱性以及云API安全研究的重要性;提出了云API安全研究框架,涵盖身份验证、云API分布式拒绝服务(DDoS)攻击防护、重放攻击防护、中间人(MITM)攻击防护、注入攻击防护和敏感数据防护6个方面相关研究工作综述。在此基础上,探讨了增加人工智能(AI)防护的必要性。最后给出了云API防护的未来挑战和发展趋势。 相似文献
3.
在典型的IaaS云中,用户使用云服务需要通过虚拟机实现。最近有研究表明,在大多数常用的加密协议(如SSL/TLS等)中,至关重要的加密密钥,可能被攻击者通过跨虚拟机的旁路攻击截获。针对这种攻击方式,提出了一种云虚拟机密钥保护系统,通过将加密密钥随机分割为多个分片,并将每个分片存储于不同的虚拟机中,能有效保护云中的加密密钥,抵御各类跨虚拟机的旁路攻击。此外,云虚拟机密钥保护系统会周期性地对加密密钥进行重新分割,即便攻击者能够截获局部的加密密钥,也无法进行还原。将云虚拟机密钥保护系统作为一种对应用软件透明的扩展库,运行在亚马逊EC2云的web服务器,取得了较好的成果。 相似文献
4.
OpenStack云计算平台提供基础设施即服务(IAAS),而在IAAS中最突出的问题之一就是虚拟机的安全问题.文中利用目前广泛应用的VPN技术,在OpenStack云平台上实现了一种保护虚拟机安全的策略,并可以提供不同安全级别的虚拟机,最后实验验证了该安全策略的有效性和可控性. 相似文献
5.
基于云系统实例,分析在虚拟机监控与证据采集中,如何面向Iaa S云服务,优化设计系统功能,提升其监控及证据采集能力,降低系统成本。云系统中面向Iaa S云服务,设计实现虚拟机监控与证据采集,提升虚拟机监控能力,较之前提升21.0%,其证据采集能力也得到提高,且降低系统开发成本,节约成本费用达到38.0%。在云系统的虚拟机监控与证据采集中,应用面向Iaa S云服务,发挥积极应用价值,提升系统监控及数据采集能力,发挥积极影响。 相似文献
6.
虚拟化技术的广泛运用为新型计算环境带来了新的安全威胁和挑战,如何通过增强虚拟机的安全性保障云服务的安全,是目前亟需解决的问题。文章一方面研究虚拟化技术如何对可信计算平台提供支撑,另一方面研究可信计算平台如何为虚拟化技术提供安全保障服务。通过构建基于可信计算的虚拟化安全架构,对面向虚拟化的可信计算平台关键技术进行分析和研究,能够较好地解决虚拟化带来的新安全问题。 相似文献
7.
8.
OpenStack云计算平台提供基础设施即服务(IAAS),而在IAAS中最突出的问题之一就是虚拟机的安全问题。文中利用目前广泛应用的VPN技术,在OpenStack云平台上实现了一种保护虚拟机安全的策略,并可以提供不同安全级别的虚拟机,最后实验验证了该安全策略的有效性和可控性。 相似文献
9.
针对网络攻防环境难以构建的难题,提出了基于虚拟环境的网络攻防模拟实验平台,给出了模拟实验平台的组成结构,分析了在该平台上开展网络攻防模拟实验过程和系统运行机制。分别对网络攻击子系统和网络防护子系统进行了详细设计,研究了两个子系统中采用的关键技术及实现方法。通过采用虚拟机技术,在服务器上虚拟出网络攻击和网络防护子系统,能够实现当前绝大多数的网路攻击操作以及网络防护的配置管理,能够为用户提供功能更为全面、性能更为优越、仿真程度更为逼真的网络攻防实验训练环境。 相似文献
10.
11.
Cloud computing is one of the space-ground integration information network applications.Users can access data and retrieve service easily and quickly in cloud.The confidentiality and integrity of the data cloud have a direct correspondence to data security of the space-ground integration information network.Thus the data in cloud is transferred with encrypted form to protect the information.As an important technology of cloud security,access control should take account of multi-factor and cipher text to satisfy the complex requirement for cloud data protection.Based on this,a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed.Firstly,the aims and assumptions of PRE-MFAC were given.Secondly,the system model and algorithm was defined.Finally,the security and properties of PRE-MFAC were analyzed.The proposed scheme has combined the PRE and multi-factor access control together and realized the multi-factor permission management of cipher text in cloud.Meanwhile,it can make the best possible use of cloud in computing and storing,then reduce the difficulty of personal user in cryptographic computing and key managing. 相似文献
12.
13.
云数据中心是新一代信息基础设施的代表,其安全问题也成为近年来备受关注的焦点,具有重要的意义。首先,在对现有云安全形势分析的基础上,通过新兴的内生安全概念探索云数据中心的安全架构、关键技术和实现方法,期望利用拟态构造设计解决现有防护手段难以处理的漏洞、后门等内生安全问题。其次,提出了一种云数据中心内生安全架构与相关关键技术实现构想,同时给出了现有云平台系统拟态化改造的模式与技术趋势。未来,基于拟态架构的内生安全云数据中心或将为新一代信息基础设施建设提供有效的安全解决方案,进而加速云化服务模式的应用与推广。 相似文献
14.
15.
16.
As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes. 相似文献
17.
18.
《电子学报:英文版》2016,(5):801-806
Control flow monitoring,information flow tracking and memory monitoring are the three main solutions to enhance the security of embedded system at the hardware architecture level.However,most of the current studies about the security of embedded system consider the above solutions in separate dimensions rather than a combined effort.We start from the operation model at the instruction level,and propose a security multi-strategy which combines information flow tracking and memory monitoring by studying the security operating mechanism of embedded system.As a hardware approach this strategy extends the embedded processor architecture with additional security defense control.The experimental results show this multi-strategy is more effective and can detect more malicious attacks than a single solution.The effectiveness of our proposed security multi-strategy has been verified in a Field programmable gate array (FPGA) prototype platform based on a customized Leon3 microprocessor. 相似文献
19.
For the problem that the shared decryption key lacks of fine-grained access control and the search results lacks of correctness verification under one-to-many search model,a verifiable attribute-based searchable encryption scheme based on blockchain was proposed.The ciphertext policy attribute-based encryption mechanism was used on the shared key to achieve fine-grained access control.Ethereum blockchain technology was combined to solve the problem of incorrect search results returned by the semi-honest and curious cloud server model,so it could prompt both the cloud server and the user to follow the rules of the contract honestly and achieved service-payment fairness between the user and the cloud server in the pay-per-use cloud environment.In addition,based on the irreversible modification of the blockchain,the cloud server was guaranteed to receive the service fee,and the user was assured to obtain the correct retrieval results without additional verification which reduced the computational overhead of the user.The security analysis shows that the scheme satisfies the semantic security against adaptive chosen keyword attack and can protect the privacy of users and the security of data.The performance comparison and experimental results show that the scheme has certain optimizations in security index generation,search token generation,retrieval efficiency and transaction quantity,so it is more suitable for one-to-many search scenarios such as smart medical. 相似文献
20.
随着云计算、大数据、智慧城市、5G等新兴技术的快速发展,电子政务的体系架构、系统实施与安全保障技术迎来了新的机遇与挑战。同时,云计算在提供服务的同时也面临着诸多安全问题,信息资源的安全存储与用户隐私保护即是其中之一。本文首先基于云计算技术,设计了"互联网+电子政务"云平台的框架体系,然后针对电子政务服务体系中的云存储安全展开研究,提出了平台中信息资源全生命周期安全存储模型,以便保护信息资源在整个生命周期中都不会被攻击者获得。安全性分析表明,方案能够隐藏存储在云端的电子政务资源的特征,保障数据安全存储,并能对用户个人信息提供有效保护。 相似文献