云计算层次服务关联机制及SaaS模式下数据安全取向的研究

本文首先介绍了云计算特征与分类、云服务模式,其次,由云计算的开放类型：公有云、私有云、混合云等展开叙述,分析了云计算体系结构与云服务模式融合、云计算层次结构与服务类型关联机制、SaaS#系结构与安全隐患,最后阐述了SaaS模式下数据的安全取向,具体分析了系统管理与物理安全、数据传输与网络安全、数据存储与冗余备份、强化软件效用提升云服务安全等。     

An overview of network virtualization and cloud network as a service

Cloud computing services delivery and consumption model is based on communication infrastructure (network). The network serves as a linkage between the end‐users consuming cloud services and the providers of data centers providing the cloud services. In addition, in large‐scale cloud data centers, tens of thousands of compute and storage nodes are connected by a data center network to deliver a single‐purpose cloud service. To this end, some questions could be raised, such as the following: How do network architectures affect cloud computing? How will network architecture evolve to support better cloud computing and cloud‐based service delivery? What is the network's role in reliability, performance, scalability, and security of cloud computing? Should the network be a dumb transport pipe or an intelligent stack that is cloud workload aware? This paper focuses on the networking aspect in cloud computing and shall provide insights to these questions. Researchers can use this paper to accelerate their research on devising mechanisms for the following: (i) provisioning cloud network as a service and (ii) engineering network of data centers. Copyright © 2014 John Wiley & Sons, Ltd.     

云计算安全对高校云服务的影响探讨

云计算的应用将数据存储、网络服务由用户桌面推向了Web,实现了高校各项事务的快速高效运行,也降低了硬件资源成本.但同时,随着云计算的拓展,其安全问题越来越受到关注.如用户信息在云端更易受到黑客攻击、蓄意窃取等非法利用.为此,基于云计算安全现状,探讨高校云计算安全性分析及参考模型,并从相关技术来提出解决云计算安全的对策和思路.     

Lightweight Feistel structure based hybrid-crypto model for multimedia data security over uncertain cloud environment

The exponential rise in software computing and internet technologies have broadened the horizon of cloud computing applications serving numerous purposes like business processes, healthcare, finance, socialization, etc. In the last few years the increase is security breaches and unauthorized data access has forced industry to achieve computationally efficient and robust security system. The increase in multimedia data communication over different cloud applications too demands an efficient security model, which is expected to have low computational complexity, negligible quality-compromise and higher security robustness. Major conventional security-systems like cryptography and steganography undergo high computational overhead, thus limiting their potential towards cloud-communication where each data input used to be of large size and a gigantic amount of multimedia data is shared across the network. To alleviate above stated problems and enable a potential solution, in this paper a highly robust Lightweight Feistel Structure based Substitution Permutation Crypto Model is developed for multimedia data security over uncertain cloud environment. Our proposed model applies substitution permutation crypto concept with Feistel structure which performs substitution-permutation over five rounds to achieve higher confusion and diffusion. To retain higher security with low computation, we applied merely 64-bit block cipher and equal key-size. MATLAB based simulation revealed that the proposed lightweight security model achieves better attack-resilience even maintaining low entropy, high-correlation, and satisfactory computation time for multimedia data encryption. Such robustness enables our proposed security model to be applied for real-world cloud data security.

     

基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上,揭示了SOS在节点被攻击时的退出机制存在的安全漏洞,根据云计算路由策略改进了一致性散列算法Chord,提出了适用于云计算路由平台三层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path）,在安全访问路径中引入了心跳机制,利用虚拟机技术实现弹性的虚拟节点,完成在云平台中被攻击节点之间的无缝切换,保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验,重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数,并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下,VHSAP具有较高的数据通过率,可以提高云计算平台的安全性。     

企业私有云平台安全技术研究

云计算作为一种新兴的计算机网络应用技术,近几年飞速发展,主要IT企业如Google,Microsoft,IBM,Amazon等纷纷推出其云计算解决方案,学术界也不断对云计算平台进行深入研究,取得了大量研究成果和实用技术,但是安全问题始终困扰着云计算的发展。这里主要讨论的是云安全的问题,借助企业私有云平台,开展云安全研究,重点在于研究如何结合企业现有的网络安全措施补充提高云平台安全性和可靠性,包括身份认证、访问控制、数据存储和入侵检测等方面的。提出了切合实际的云安全方案,形成满足企业安全需求的安全体系,实现安全和经济效益的双赢。     

云计算时代的数据中心建设与发展

数据中心是云计算的实现平台,本文首先介绍了数据中心基本情况,结合云计算时代对数据中心建设的需求,对网络架构设计、虚拟化技术、网络融合技术、安全技术及绿色节能技术等关键技术进行了分析和展望,并对当前业界的发展状况进行了总结,有助于未来充分发挥数据中心在云计算时代的重要作用.     

云计算安全中密码技术应用模型研究

首先简要分析了云计算的工作原理及可能带来的安全隐患,在此基础上探讨了云计算环境下的安全架构,并给出了密码技术的应用途径。其次,从云计算环境下的安全系统工作流程这个维度,结合密码学理论、云计算安全架构给出了在云计算安全中密码技术的应用模型。最后,归纳出基于该模型的云计算环境中密码应用技术及其发展趋势,为密码技术应用于云计算安全中提供可用的解决思路。     

MTBAC:云计算环境中一种基于互信任的访问控制模型（英文）

As a new computing mode,cloud computing can provide users with virtualized and scalable web services,which faced with serious security challenges,however.Access control is one of the most important measures to ensure the security of cloud computing.But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing.In cloud computing environment,only when the security and reliability of both interaction parties are ensured,data security can be effectively guaranteed during interactions between users and the Cloud.Therefore,building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment.Combining with Trust Management(TM),a mutual trust based access control(MTBAC) model is proposed in this paper.MTBAC model take both user's behavior trust and cloud services node's credibility into consideration.Trust relationships between users and cloud service nodes are established by mutual trust mechanism.Security problems of access control are solved by implementing MTBAC model into cloud computing environment.Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.     

云计算在电力行业的应用方面的研讨

电网具有规模大、模型复杂、多级、多层次等显著特点,在电力行业建立云计算,可以整合系统内部的数据资源和储存资源等,还可提高交互能力和电网数据处理速度。本文首先介绍了云计算的概念和特征,然后分析了云计算在电力系统的应用,包括云计算在电力系统的应用原理、层次结构和分级管理。最后,在电力行业中对云计算在网络安全和广阔前景进行了探讨。     

云安全研究进展综述

 随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.     

Authenticated key agreement scheme for fog-driven IoT healthcare system

The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

     

智慧油气田与智慧云数据中心

下一代数字油气田是智慧油气田,下一代数据中心是智慧云数据中心.数字油气田架构核心是数据中心.传统数据中心是由简单的客户—服务器模型发展而来的,其应用系统一般采用静态部署和点对点集成.云计算数据中心支持以按需方式通过网络方便访问可配置资源共享池,具备海量扩展、虚拟化、弹性计算、低成本、分布式、面向服务、安全等优势.智慧云数据中心建设是智慧油气田建设的关键环节.文中讨论了智慧数据管理、事件驱动服务、远程可视化、自主计算,以及模块化数据中心等关键技术趋向.     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

一种云计算环境下的安全模型

本文针对当前流行的云计算技术,分析了其所面临的安全问题。以中国墙模型(简称BN模型)为基础提出了保护云端服务器私有云中敏感数据完整性和保密性的CCBN(cloud computing BN)模型,并给出了该模型的基本原理和在云环境中应用该模型的配置方案。     

A Security Differential Game Model for Sensor Networks in Context of the Internet of Things

A particular challenging problem in designing Internet of Things is that how to detect and prevent internal attacks, because all nodes try their best to save their limited network resource. So it is difficult to achieve optimal objectives simultaneously, game theory provides an appropriate tool. In this paper, we propose a non-cooperative differential game model, which allows all nodes to choose the optimal amount of network resource to invest in information security contingent upon the state of game. In our model, we specifically consider how the vulnerability of information and the potential loss from such vulnerability affects the optimal amount of resources that should be devoted to securing that information. In the paper, the optimal strategies of selfish nodes and malicious nodes are obtained respectively. The simulation results show that our game model has a good performance in stability of the probability that the selfish nodes discover the malicious nodes under the optimal strategies of the selfish and the malicious nodes.     

Continuous leakage–resilient IBE in cloud computing

Cloud computing is an efficient tool in which cloud storage shares plenty of encrypted data with other data owners. In existing cloud computing scenarios, it may suffer from some new attacks like side channel attacks. Therefore, we are eager to introduce a new cryptographic scheme that can resist these new attacks. In this work, we exploit a new technique to build leakage‐resilient identity‐based encryption and use the stronger existing partial leakage model, such as continual leakage model. More specifically, our proposal is based on the underlying decisional bilinear Diffie‐Hellman assumption, but proven adaptively secure against adaptive chosen ciphertext attack in the standard model. Above all, a continuous leakage–resilient IBE scheme with adaptive security meets cloud computing with stronger security.     

Dynamic game and reliable recommendation based transferring reputation mechanism for mobile cloud computing

The booming development of the mobile internet and cloud computing leads to the emerging of many mobile cloud platforms based services.However,since mobile users store lots of data and privacy information in the cloud when they are using the mobile cloud services,they are facing multiple increasingly serious security threats such as data leaks and privacy exposures.The data security and privacy protection was investigated in mobile cloud computing,aiming at the internal bad mouthing attacks and mobile attacks.A dynamic game and reliable recommendation based transferring reputation mechanism was proposed.First,a dynamic game based recommendation incentive mechanism was proposed.Secondly,a reliable recommendation reputation evaluation model was established based on the incentive mechanism.Last,a novel transferring reputation mechanism was proposed that combined the above mentioned incentive mechanism and reputation evaluation model.Simulation results demonstrate the proposed transferring reputation mechanism can defend against the internal bad mouthing attacks and mobile attacks effectively,enhance the credibility of mobile terminals and improve the data security and privacy protection of mobile cloud services.     

云操作系统安全加固技术探讨

在云计算的部署过程中,对于安全问题的担忧已经成为用户选择云计算服务时的重要考量。基于此,将重点关注云计算安全的核心问题,通过对云操作系统安全体系结构、API安全管理、虚拟网络安全加固技术进行具体阐述,探讨了云操作系统的安全加固技术,从而保障了云计算基础环境的安全可靠。     

基于攻防博弈模型的网络安全测评和最优主动防御

文中对攻防博弈模型中的相关内容展开了分析,讨论了攻防博弈模型的网络安全测评要点,包括信息安全测评分析、主动防御系统分析、脆弱性测评分析、防御代价定量分析等,并对攻防博弈模型的最优主动防御要点进行了整理,旨在提高对攻防博弈模型应用价值的认知水平,提升网络安全测评与防御的效果。