基于云的计算机取证系统研究

云计算是目前最流行的互联网计算模式,它具有弹性计算、资源虚拟化、按需服务等特点。在云计算的环境中,云计算中心直接提供由基础设施、平台、应用等组成的各种服务,用户不再拥有自己的基础设施、软件和数据,而是共享整个云基础架构。这种方式直接影响了云计算环境的安全性和可用性,给云计算带来了巨大的隐患。在分析和研究云计算环境下的安全缺陷和安全威胁的前提下,提出了一种基于云的计算机取证系统的设计方案———利用计算机取证技术解决云计算环境的安全问题,同时利用云计算技术和超算技术满足传统取证对高性能计算的需求。     

云计算安全防护方案探究

近年来,云计算系统已经得到许多企业用户的认可,很多企业已经部署了自己业务相关的云服务环境。过程中发现,除了企业特别注重云计算系统的稳定性、性能、隔离等问题,云计算环境的安全性也格外受企业的关注。云计算安全不同于传统安全防护,新技术引入也会产生新的安全问题。基于此,笔者从云计算环境本身入手,分析云环境容易出现的安全问题,并结合主流安全设备、虚拟化技术而形成的资源池给出了保障云计算系统的安全防护方案。     

云计算安全服务相关问题研究

云计算作为当前信息技术领域的热门话题,一直以来受到了社会各界的广泛关注。随着互联网技术的不断发展、网络业务量的扩大,给云计算安全服务带来了严峻的挑战和机遇,其良性发展成为了保障社会稳定和经济发展的重要基础条件。为此,本文从云计算本质及安全问题的分析出发,就云计算建设下的突出领域从云基础设施服务、云环境可信控制、云传输安全管理以及云安全应用服务几个方面进行了深入的阐述,最后在此基础之就对于构建自主性可控云安全进行了分析。其写作的主要目的在于为后期云计算安全服务的理论及实践工作奠定一个具有参考价值的文献基础。     

云计算安全研究专刊前言

随着信息技术的发展快速步入大数据时代,云计算作为推动信息技术实现按需供给、促进信息技术和数据资源充分利用的全新业态,已成为信息化发展过程中的重大变革和信息技术发展的必然趋势.然而,正是由于云计算模式所具有的一些特性,如云计算平台的服务外包和基础设施公有化特征、超大规模多租户资源共享特征、云计算环境的动态复杂性、云平台资源的高度集中性、云平台的开放性等,使得人们在享受云计算所提供的应用便利和成本低廉的同时,也逐渐意识到了其在诸多安全方面的全新挑战.新的计算模式需要新的安全保障技术、理论和方法来应对安全挑战,如在外包环境下如何实现用户数据安全防护、如何实现虚拟化技术的安全性、如何设计适合云计算环境的安全协议、如何构建一个安全可靠的云计算平台以及如何测试和评价云计算平台的安全性等.本专刊选题为“云计算安全研究”,力图反映我国学者在云计算安全领域的近期研究成果. 专刊公开征文仅限一轮,共征得投稿37篇.稿件几乎全部来自国家211大学或者中科院相关研究单位,质量相对较高.稿件内容涉及云计算安全理论、算法以及应用等诸多方面的研究内容.对于云计算环境,云数据以及云计算应用等方面的安全问题进行了深入的探讨,反映了我国学者近期对于云计算安全关注的主要方向.特约编辑先后邀请了40余位云计算安全及相关领域的专家参与审稿工作,每篇投稿邀请2位专家进行评审.稿件评审时间历经3个月,经初审、复审、云计算安全专题研讨会宣读和终审各个阶段,最终由软件学报编委会批准,决定19篇论文入选本专刊.纵观所收录的文章,它们的研究范围和内容可分为三个部分.     

一种云计算安全模型与架构设计研究

由于云计算存在安全性的问题,使得原本具备大规模、动态、开放和分布式计算环境等优势的云计算目前更多的是以小规模、静态的私有云的模式出现。为了解决云平台的安全问题,文章从用户维、数据维、业务维和环境维构造相应的云安全服务平台及相关服务出发,基于Eucalyptus平台设计了一种轻量级的云计算多维安全平台架构。达到云平台安全、云服务安全和安全云服务,以满足在应用云计算提供服务的过程中所需的安全可信需求。     

异构云环境下AHP定权的多目标强化学习作业调度方法

随着新型基础设施建设(新基建)的加速,云计算将获得新的发展契机.数据中心作为云计算的基础设施,其内部服务器不断升级换代,这造成计算资源的异构化.如何在异构云环境下,对作业进行高效调度是当前的研究热点之一.针对异构云环境多目标优化调度问题,设计一种AHP定权的多目标强化学习作业调度方法.首先定义执行时间、平台运行能耗、成...     

基于云理论的可信技术研究

针对云计算环境下信息的安全性和可靠性方面的欠缺, 为了建立灵活多适应性的安全机制, 将云与可信的概念相结合, 是现今安全领域的一个主要研究方向。为进一步解决云计算安全问题, 对云计算环境下的一些可信技术进行了研究, 并在此基础上提出了一种新的逆向云生成算法。该算法基于原一维逆向云算法, 使用主观信任云的期望和超熵对信任客体的可信度进行了评价, 为网上交易的信任决策提供了依据。对实验数据的分析表明, 与传统的算法相比, 此算法在信任度的可靠性和稳定性上存在比较明显的优势。     

浅谈云计算环境下的计算机网络安全技术

云计算是计算机网络产生的一种新兴技术,主要功能是处理数据,为数据的安全性提供保证。但云计算在保障数据安全性的同时,其自身还存在一定的安全隐患。因此,笔者针对云技术的安全现状,着重分析了云计算的安全隐患问题,技术问题以及环境问题,以此提高计算机网络云计算的安全性研究水平。     

影响云架构安全性的因素分析与证明

目前对于云计算架构安全性的研究大多集中在架构设计和专项技术的改进上,缺乏对架构所处环境和相关因素的整体性思考与定量分析。针对上述问题,抽象化云计算架构安全性的因素和方法,从概率的角度对影响云计算架构安全的共同因素进行分析和一般性的理论证明,并给出一种关联长度的分块方法。安全性分析结果表明,云架构的安全性与数据的分级分类有关,通过提高数据安全等级细化程度或采用切分数据增强恢复数据的难度可以提高云架构的安全性。     

面向云计算环境的访问控制模型

针对云计算[1]领域中基础设施服务在运行和管理中存在的安全问题,在传统访问控制模型的基础上综合考虑了云计算基础设施服务[2]的特点,设计了一套访问控制模型。分析了云计算中安全问题的特点及现有方案的不足之处,提出基础设施服务的安全是云计算安全的基础。根据四条设计原则在RBAC模型[3]和TE模型[4]的基础上加以改进形成了适用于云计算基础设施服务的CIRBAC模型和CITE模型,对模型中的各个模块进行了详细的设计。在基于Xen[5-6]虚拟化技术[7]的OpenStack[8]云计算环境中实现了这些访问控制模型。该模型很好地增强了云计算基础设施服务的安全性。     

A VMM-based intrusion prevention system in cloud computing environment

With the development of information technology, cloud computing becomes a new direction of grid computing. Cloud computing is user-centric, and provides end users with leasing service. Guaranteeing the security of user data needs careful consideration before cloud computing is widely applied in business. Virtualization provides a new approach to solve the traditional security problems and can be taken as the underlying infrastructure of cloud computing. In this paper, we propose an intrusion prevention system, VMFence, in a virtualization-based cloud computing environment, which is used to monitor network flow and file integrity in real time, and provide a network defense and file integrity protection as well. Due to the dynamicity of the virtual machine, the detection process varies with the state of the virtual machine. The state transition of the virtual machine is described via Definite Finite Automata (DFA). We have implemented VMFence on an open-source virtual machine monitor platform—Xen. The experimental results show our proposed method is effective and it brings acceptable overhead.     

Defense schemes for variants of distributed denial-of-service (DDoS) attacks in cloud computing: A survey

Cloud computing is a fast-growing and promising technology segment that aims to reduce maintenance and management costs by shifting high-quality computing infrastructure to the Internet. It is emerging as a dominant technology because it provides an on-demand, self-service, scalable, and pay-per-use business model. Despite its numerous benefits, it suffers from several security challenges. As a consequence of on-demand service, availability of computing resources is the crucial attribute of cloud computing among security necessities. In this work, a survey is presented on various issues related to the availability of resources in a cloud environment. Ensuring availability and security of computing/storage resources are still challenging tasks. The adversary class readily exploits the vulnerabilities in the cloud infrastructure for attack implementation. The article presents a study of various categories of distributed denial-of-service (DDoS) attacks in cloud computing and their defense mechanisms. It is believed that this is the first work which surveys all varieties of DDoS attacks in the cloud environment.     

Safeguarding Cloud Computing Infrastructure: A Security Analysis

Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.     

云计算中的数据安全存储和加密模型的设计

随着时代的快速发展,网络技术也正在进行着新的变革,现阶段最受到人们关注的热点无疑就是云计算,它已经成为计算机领域中最新兴的研究重点。然而,云计算中的安全问题已经成为制约云计算快速发展和推广的关键问题,如何快速、安全地存储和传输生成于云环境中的大量数据,也已成为新的研究重点。文中在分析云计算中数据不安全因素的基础上,通过对云端数据进行合理加密的技术手段,实现了一种有效的安全数据存储和加密的服务模型,达到了对云环境中的数据进行安全的数据存储和备份。     

云计算背景下的用户身份认证安全分析

作为计算机技术和互联网结合的重要产物内容,云计算已经开启了IT 界与信息领域的新一轮技术革命。然 而,云计算存在着许多风险问题,在目前的网络监管环境下依然还存在有许多漏洞性问题,对于网络用户的信息安全产生了巨 大的威胁,要想解决这一问题,开展云计算背景下的用户身份认证安全分析已经迫在眉睫,对此本文将就云计算的安全问题展 开具体的分析,并提出了一些具体的应对措施。     

IaaS云安全研究综述

目前,在新一代大规模互联网迅猛发展的背景下,产生的数据量也随之持续增长,这就导致用户的本地设备难以满足海量数据的存储和计算需求。与此同时,云计算作为一种经济高效且灵活的模式,具有易于使用、随用随付、不受时间和空间限制的优势,彻底改变了传统IT基础设施的提供和支付方式,可以有效解决无限增长的海量信息存储和计算问题。因此,在没有昂贵的存储成本和计算资源消耗的情况下,资源有限的用户可以采用云服务提供商（Cloud Service Provider,CSP）为用户提供所期望的服务。其中,基础设施即服务（Infrastructure as a Service,IaaS）作为云计算的三种服务类型之一,将虚拟化、分布式计算和网络存储等技术结合,可以在互联网上提供和租用计算基础设施资源服务（如计算、存储和网络）。故云计算依靠IaaS层提供的计算基础设施资源,使用户不再需要购买额外设备,从而大大降低使用成本,同时也为上层服务奠定基础。然而,随着云计算服务的不断发展,基于IaaS的安全问题引起人们的关注。为了系统了解IaaS的安全研究进展和现状,本文对IaaS的安全问题以及学术界和工业界的解决方案进行了详细调查。首先,本文介绍IaaS的相关理论基础并对分析不同类型的云安全威胁。然后,从学术界现有研究出发,分析IaaS提供的计算、存储和网络服务中存在的安全威胁,并调查现有的解决方案。此外,对工业界中云服务提供商的IaaS安全服务进行重点调查,包括数据安全、网络防护和其他安全服务等方面。最终,展望未来IaaS云安全在学术和工业环境中的发展趋势。     

基于云环境的信息系统风险评估模型应用研究

针对云计算环境下网络信息系统会面临更多安全风险问题,总结出8种威胁安全准则,并对应得到影响因素;结合云计算技术具有协作性、虚拟性等特点,采用层次分析法并引入相关系数对多决策目标进行分析,提出一种基于云环境下的信息安全风险评估模型;最后运用该模型建模得出云计算环境下的信息系统安全风险评估思路;实验结果表明文章提出的风险评估模型具有一定的实际应用价值。     

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.     

云计算安全问题研究综述

随着云计算的蓬勃发展,越来越多的企业和个人将他们的存储和计算需求付诸于云端.然而云计算的安全仍不容忽视,是当前的一个研究热点.对近年来云计算安全相关的研究成果进行总结,主要集中于数据安全,身份认证以及访问控制策略方面.也介绍了与可信计算技术相结合的云计算安全的相关研究框架和项目.根据这些研究成果,认为将可信计算与云计算思想相结合,建立"可信云计算"是未来云计算安全研究的一个重要方向.并且在最后提出了"可信云计算"发展的几个可能的研究主题.     

A survey on security challenges in cloud computing: issues,threats, and solutions

Cloud computing has gained huge attention over the past decades because of continuously increasing demands. There are several advantages to organizations moving toward cloud-based data storage solutions. These include simplified IT infrastructure and management, remote access from effectively anywhere in the world with a stable Internet connection and the cost efficiencies that cloud computing can bring. The associated security and privacy challenges in cloud require further exploration. Researchers from academia, industry, and standards organizations have provided potential solutions to these challenges in the previously published studies. The narrative review presented in this survey provides cloud security issues and requirements, identified threats, and known vulnerabilities. In fact, this work aims to analyze the different components of cloud computing as well as present security and privacy problems that these systems face. Moreover, this work presents new classification of recent security solutions that exist in this area. Additionally, this survey introduced various types of security threats which are threatening cloud computing services and also discussed open issues and propose future directions. This paper will focus and explore a detailed knowledge about the security challenges that are faced by cloud entities such as cloud service provider, the data owner, and cloud user.