共查询到20条相似文献,搜索用时 15 毫秒
1.
With the development of Internet technology and human computing, the computing environment has changed dramatically over the last three decades. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtualized resources are provided as services. With virtualization technology, cloud computing offers diverse services (such as virtual computing, virtual storage, virtual bandwidth, etc.) for the public by means of multi-tenancy mode. Although users are enjoying the capabilities of super-computing and mass storage supplied by cloud computing, cloud security still remains as a hot spot problem, which is in essence the trust management between data owners and storage service providers. In this paper, we propose a data coloring method based on cloud watermarking to recognize and ensure mutual reputations. The experimental results show that the robustness of reverse cloud generator can guarantee users embedded social reputation identifications. Hence, our work provides a reference solution to the critical problem of cloud security. 相似文献
2.
目前,在新一代大规模互联网迅猛发展的背景下,产生的数据量也随之持续增长,这就导致用户的本地设备难以满足海量数据的存储和计算需求。与此同时,云计算作为一种经济高效且灵活的模式,具有易于使用、随用随付、不受时间和空间限制的优势,彻底改变了传统IT基础设施的提供和支付方式,可以有效解决无限增长的海量信息存储和计算问题。因此,在没有昂贵的存储成本和计算资源消耗的情况下,资源有限的用户可以采用云服务提供商(CloudServiceProvider,CSP)为用户提供所期望的服务。其中,基础设施即服务(Infrastructure as a Service, IaaS)作为云计算的三种服务类型之一,将虚拟化、分布式计算和网络存储等技术结合,可以在互联网上提供和租用计算基础设施资源服务(如计算、存储和网络)。故云计算依靠Iaa S层提供的计算基础设施资源,使用户不再需要购买额外设备,从而大大降低使用成本,同时也为上层服务奠定基础。然而,随着云计算服务的不断发展,基于IaaS的安全问题引起人们的关注。为了系统了解Iaa S的安全研究进展和现状,本文对IaaS的安全问题以及学术界和工业界的解决方案进行了... 相似文献
3.
4.
Security and trust are particularly relevant in modern softwarised infrastructures, such as cloud environments, as applications are deployed on platforms owned by third parties, are publicly accessible on the Internet and can share the hardware with other tenants. Traditionally, operating systems and applications have leveraged hardware tamper-proof chips, such as the Trusted Platform Modules (TPMs) to implement security workflows, such as remote attestation, and to protect sensitive data against software attacks. This approach does not easily translate to the cloud environment, wherein the isolation provided by the hypervisor makes it impractical to leverage the hardware root of trust in the virtual domains. Moreover, the scalability needs of the cloud often collide with the scarce hardware resources and inherent limitations of TPMs. For this reason, existing implementations of virtual TPMs (vTPMs) are based on TPM emulators. Although more flexible and scalable, this approach is less secure. In fact, each vTPM is vulnerable to software attacks both at the virtualised and hypervisor levels. In this work, we propose a novel design for vTPMs that provides a binding to an underlying physical TPM; the new design, akin to a virtualisation extension for TPMs, extends the latest TPM 2.0 specification. We minimise the number of required additions to the TPM data structures and commands so that they do not require a new, non-backwards compatible version of the specification. Moreover, we support migration of vTPMs among TPM-equipped hosts, as this is considered a key feature in a highly virtualised environment. Finally, we propose a flexible approach to vTPM object creation that protects vTPM secrets either in hardware or software, depending on the required level of assurance. 相似文献
5.
Cloud computing is one of the most popular information processing concepts of today's IT world. The security of the cloud computing is complicated because each service model uses different infrastructure elements. Current security risk assessment models generally cannot be applied to cloud computing systems that change their states very rapidly. In this work, a scalable security risk assessment model has been proposed for cloud computing as a solution of this problem using game theory. Using this method, we can evaluate whether the risk in the system should be fixed by cloud provider or tenant of the system. 相似文献
6.
Hai Jin Guofu Xiang Deqing Zou Song Wu Feng Zhao Min Li Weide Zheng 《The Journal of supercomputing》2013,66(3):1133-1151
With the development of information technology, cloud computing becomes a new direction of grid computing. Cloud computing is user-centric, and provides end users with leasing service. Guaranteeing the security of user data needs careful consideration before cloud computing is widely applied in business. Virtualization provides a new approach to solve the traditional security problems and can be taken as the underlying infrastructure of cloud computing. In this paper, we propose an intrusion prevention system, VMFence, in a virtualization-based cloud computing environment, which is used to monitor network flow and file integrity in real time, and provide a network defense and file integrity protection as well. Due to the dynamicity of the virtual machine, the detection process varies with the state of the virtual machine. The state transition of the virtual machine is described via Definite Finite Automata (DFA). We have implemented VMFence on an open-source virtual machine monitor platform—Xen. The experimental results show our proposed method is effective and it brings acceptable overhead. 相似文献
7.
8.
Shahrzad A. Zargari Anthony Smith 《Information Security Journal: A Global Perspective》2014,23(4-6):148-158
ABSTRACTSecurity and privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for end users. However, the existing security and privacy issues in the cloud still present a strong barrier for users to adopt cloud computing solutions. This paper investigates the security and privacy challenges in cloud computing in order to explore methods that improve the users’ trust in the adaptation of the cloud. Policing as a Service can be offered by the cloud providers with the intention of empowering users to monitor and guard their assets in the cloud. This service is beneficial both to the cloud providers and the users. However, at first, the cloud providers may only be able to offer basic auditing services due to undeveloped tools and applications. Similar to other services delivered in the cloud, users can purchase this service to gain some control over their data. The subservices of the proposed service can be Privacy as a Service and Forensics as a Service. These services give users a sense of transparency and control over their data in the cloud while better security and privacy safeguards are sought. 相似文献
9.
云计算以其按需索取、按需付费、无需预先投资的优势给用户带来极大的便利,然而静态、单一的云计算环境容易成为网络攻击的目标,给用户带来较大的安全风险。动态的虚拟机部署策略和异构的云基础设施在提升云计算环境安全性的同时会降低资源利用率。提出一种针对虚拟机轮换时的资源分配算法,将不同类型的资源抽象成维度不同的向量,并通过求解装箱问题实现资源分配中的负载平衡,同时为每个虚拟机设定驻留时间,对当前服务器的负载状态进行轮换以提升虚拟机的安全性。实验结果表明,资源动态分配算法在提高虚拟机安全性能的同时,能够减小轮换带来的负载波动。 相似文献
10.
基于云计算的高校机房管理方法 总被引:2,自引:0,他引:2
黄健 《电脑编程技巧与维护》2012,(14):141-142,144
通过互联网网连接到云计算中心的方式,并利用云计算技术的自身优势,包括软件服务Saas、平台服务PAAS、基础设施服务IAAS、虚拟化资源和物理资源池几大平台,探讨了一种云计算技术在高校机房管理的应用模式。基于云计算的高校机房管理方法,可为机房管理人员提供方便快捷的管理方法,降低学校在机房管理方面的投资,并为高校所有用户提供更为智能化的优质服务。 相似文献
11.
云环境中如何证明虚拟平台的可信,是值得研究的问题.由于云环境中虚拟平台包括运行于物理平台上的虚拟机管理器和虚拟机,它们是不同的逻辑运行实体,具有层次性和动态性,因此,现有的可信终端远程证明方案,包括隐私CA (privacy certification authority,简称PCA)方案和直接匿名证明(direct anonymous attestation,简称DAA)方案,都并不能直接用于可信虚拟平台.而TCG发布的Virtualized Trusted Platform Architecture Specification 1.0版中,可信虚拟平台的远程证明方案仅仅是个框架,并没有具体实施方案.为此,提出了一种自顶向下的可信虚拟平台远程证明实施方案——TVP-PCA.该方案是在虚拟机中设置一个认证代理,在虚拟机管理器中新增一个认证服务,挑战方首先通过顶层的认证代理证明虚拟机环境可信,然后通过底层的认证服务证明运行于物理平台上的虚拟机管理器可信,顶层和底层证明合起来确保了整个虚拟平台的可信,有效解决了顶层证明和底层证明的同一性问题.实验结果表明,该方案不仅能够证明虚拟机的可信,而且还能证明虚拟机管理器和物理平台的可信,因而证明了云环境中的虚拟平台是真正可信的. 相似文献
12.
Cloud computing adoption: an empirical study of customer preferences among start-up companies 总被引:1,自引:0,他引:1
Cloud computing represents a paradigm shift to utmost scalable and flexible IT services. However, research related to preferences of certain customers concerning cloud services is scarce. Especially start-up companies with their limited capacities to implement and operate IT infrastructure and their great demand for scalable and affordable IT resources are predestined as customers of cloud based services. In this study, we apply a multi-method approach to investigate customer preferences among start-up companies. Based on a literature review and a market analysis of cloud service models, we propose a set of cloud provider characteristics. These properties were examined among 108 start-up companies and analyzed in three steps using factor analysis to define customer preferences, cluster analysis to identify customer segments and discriminant analysis to validate the identified clusters. The results show that start-ups can be basically divided in five clusters each with certain requirements on cloud provider characteristics. 相似文献
13.
《Information Security Journal: A Global Perspective》2013,22(6):299-309
ABSTRACT Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing. This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market. 相似文献
14.
IaaS(Infrastructure as a Service)基础设施即服务是进行云服务的基础工作部分,通过这种基础服务设施可以对多种数据资源进行资源池优化,真正做到最低成本同时又能够满足各种外部资源服务。首先对IaaS云计算的相关概念进行了阐述,并与传统VPS业务进行了对比,在此基础上对基于IaaS云计算的高效服务器管理相关问题进行了探讨。 相似文献
15.
16.
针对云计算环境下的安全防护问题,文中提出了一种云计算中心虚拟主机安全防护系统。系统以“安全即服务冶为出发点,以虚拟机为核心,针对虚拟化计算无边界的特点,以虚拟机群为单位,提供统一的安全防护。为云平台下的不同应用、租户、虚拟主机提供定制化的安全服务,以安全防护模板的形式对不同的安全性需求进行量身定制,将安全防护措施软件化、安全功能组件化、部署方式动态化、配置管理自动化,使安全处置手段不断更新,从而建立起了集各种安全措施为一体的自适应云平台安全防护体系。 相似文献
17.
Mamdouh Alenezi 《计算机系统科学与工程》2021,37(2):159-167
Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services. 相似文献
18.
AbstractCloud computing, the recently emerged revolution in IT industry, is empowered by virtualisation technology. In this paradigm, the user’s applications run over some virtual machines (VMs). The process of selecting proper physical machines to host these virtual machines is called virtual machine placement. It plays an important role on resource utilisation and power efficiency of cloud computing environment. In this paper, we propose an imperialist competitive-based algorithm for the virtual machine placement problem called ICA-VMPLC. The base optimisation algorithm is chosen to be ICA because of its ease in neighbourhood movement, good convergence rate and suitable terminology. The proposed algorithm investigates search space in a unique manner to efficiently obtain optimal placement solution that simultaneously minimises power consumption and total resource wastage. Its final solution performance is compared with several existing methods such as grouping genetic and ant colony-based algorithms as well as bin packing heuristic. The simulation results show that the proposed method is superior to other tested algorithms in terms of power consumption, resource wastage, CPU usage efficiency and memory usage efficiency. 相似文献
19.
云计算的兴起是IT领域的一场前所未有的关于集约化、规模化和专业化的深刻变革,是“网络就是计算机”的发展趋势的体现.云计算的飞速发展的瓶颈之一便是其安全问题,安全问题的顺利解决与否会在很大程度上决定云计算未来的发展方向.本文阐述了云计算安全问题的内涵和发展历程,介绍了云计算的服务体系,在此基础之上分析了云计算所面临的安全问题,最后给出了应对这些安全问题的相关解决措施. 相似文献
20.
云计算的发展使得越来越多的软件应用选择云平台作为部署平台。为了应对动态变化的工作负载、应用场景和服务质量目标,应用提供商希望能以一种可伸缩的方式对云计算资源进行动态调整。基于虚拟机的资源管理较为重载,难以实现细粒度的资源动态调整与混合云中跨平台的服务快速迁移。容器技术在一定程度上弥补了虚拟机的不足,然而传统的资源管理方法在诸多方面并不十分适用于容器技术。针对这一问题,提出了基于容器技术的云计算资源自适应管理方法,设计了更适用于容器的资源架构方案与资源之间的调度方式。与传统的线性建模方法不同,所提方法使用非线性函数对云计算资源进行更加精确的建模,同时用遗传算法进行参数调优,使得自适应调整响应更快、总体性能更好。所提方法还针对不同容器多维度的异构性,合理分配容器部署位置,提高物理资源利用率。此外,所提方法结合了容器技术多方面的底层特性,在分配负载等方面进行适应性调整。最后通过实验分析初步确认了所提方法的有效性。 相似文献