基于小云审大云的云平台可信评测体系结构与技术研究

doi:10.11959/j.issn.2096-109x.2016.00102

网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (10): 36-47.doi: 10.11959/j.issn.2096-109x.2016.00102

基于小云审大云的云平台可信评测体系结构与技术研究

刘川意¹(),潘鹤中^1,²,梁露露³,王国峰^1,²,方滨兴^1,^2,⁴

¹ 哈尔滨工业大学（深圳）计算机科学与技术学院，广东深圳 518055
² 北京邮电大学计算机学院，北京 100876
³ 中国信息安全测评中心，北京 100085
⁴ 东莞电子科技大学电子信息工程研究院，广东东莞 523000

修回日期:2016-07-08 出版日期:2016-10-01 发布日期:2020-03-17
作者简介:刘川意（1982-），男，四川乐山人，博士，哈尔滨工业大学（深圳）副教授，主要研究方向为云计算与云安全、大规模存储系统、数据保护与数据安全。|潘鹤中（1991-），男，辽本本溪人，北京邮电大学博士生，主要研究方向为云安全、信息安全。|梁露露（1985-），男，湖北襄阳人，博士，中国信息安全测评中心副研究员，主要研究方向为云计算与大数据安全、无线网络安全。|王国峰（1988-），男，山东济宁人，北京邮电大学博士生，主要研究方向为云安全、信息安全、云安全技术、数据加密技术。|方滨兴（1960-），男，江西万年人，中国工程院院士，北京邮电大学教授、博士生导师，主要研究方向为大数据、计算机网络和信息安全。
基金资助:
国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016001);广东省产学研合作基金资助项目(2016B090921001);山东省自主创新及成果转化专项基金资助项目(2014ZZCX03411)

Cloud Trustworthiness Evaluation as a cloud service:architecture,key technologies and implementations

Chuan-yi LIU¹(),He-zhong PAN^1,²,Lu-lu LIANG³,Guo-feng WANG^1,²,Bin-xing FANG^1,^2,⁴

¹ School of Computer Science and Technology,Harbin Institute of Technology (Shenzhen),Shenzhen 518055,China
² School of Computer Science,Beijing University of Posts and Telecommunications,Beijing 100876,China
³ China Information Technology Security Evaluation Center,Beijing 100085,China
⁴ Dongguan University of Electronic Science and Technology Electronic and Information Engineering Institute,Dongguan 523000,China

Revised:2016-07-08 Online:2016-10-01 Published:2020-03-17
Supported by:
The National High Technology Research Program of China (863 Program)(2015AA016001);Produc-tion-Study-Research Cooperation Project in Guangdong Province(2016B090921001);Innovation Project in Shandong Province(2014ZZCX03411)

摘要/Abstract

摘要：

提出一种“小云审大云”的云平台可信评测架构，通过引入独立第三方对云平台的可信性进行动态、实时的远程可信数据收集、验证、审计和评价。采用数据流可视化、监控与脱敏技术保障租户数据权益，为租户提供选择可信云平台的依据，为云平台提供证明自身可信的凭据。并突破以下关键技术：1）基于独立第三方的数据采集、行为接入、API代理；2）持续、实时的远程数据收集和数据分析；3）非强侵入式证据收集。

关键词: 云计算, 可信评测, 权限管控, 数据脱敏

Abstract:

A ＂big clouds audited by a small cloud＂ scheme was proposed,by introducing an independent trusted third party (TTP) dealing with run-time data collection,verification,audit and evaluation remotely,in a continuous and data-driven model,compared with traditionally certification based audit.The TTP mainly adopts data flow visualization,data monitoring and encryption to protect the rights of users.It provides the basis for users to choose a trusted cloud platform and for cloud platform to prove own trusted credentials.In-depth study,the following key technologies were broken through:1) the introduction of an independent trusted third party as an intermediate layer between cloud platform and users as well as administrators; 2) continuous,real-time remote data collection and data analysis; 3) strong non-intrusive evidence gathering.

Key words: cloud computing, trusted reviews, permissions control, data encryption

中图分类号:

TP311

刘川意,潘鹤中,梁露露,王国峰,方滨兴. 基于小云审大云的云平台可信评测体系结构与技术研究[J]. 网络与信息安全学报, 2016, 2(10): 36-47.

Chuan-yi LIU,He-zhong PAN,Lu-lu LIANG,Guo-feng WANG,Bin-xing FANG. Cloud Trustworthiness Evaluation as a cloud service:architecture,key technologies and implementations[J]. Chinese Journal of Network and Information Security, 2016, 2(10): 36-47.

图/表 5

参考文献 29

[1]	BOUCHé J , KAPPES M , . Attacking the cloud from an insider perspective[C]// Internet Technologies and Applications (ITA). 2015: 175-180.
[2]	ROCHA F , CORREIA M . Lucy in the sky without diamonds:Stealing confidential data in the cloud[C]// 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W). 2011: 129-134.
[3]	[EB/OL]..
[4]	[EB/OL]..
[5]	[EB/OL]..
[6]	[EB/OL]..
[7]	[EB/OL]..
[8]	[EB/OL]..
[9]	BHATT S , MANADHATA P K , ZOMLOT L . The operational role of security information and event management systems[J]. IEEE Security & Privacy, 2014,12(5): 35-41.
[10]	YEN T F , OPREA A , ONARLIOGLU K ,et al. Beehive:large-scale log analysis for detecting suspicious activity in enterprise networks[C]// The 29th Annual Computer Security Applications Conference. 2013: 199-208.
[11]	ZOMLOT L , SUNDARAMURTHY S C , LUO K ,et al. Prioritizing intrusion analysis using dempster-shafer theory[C]// The 4th ACM Workshop on Security and Artificial Intelligence. 2011: 59-70.
[12]	ZHAI Y , NING P , IYER P ,et al. Reasoning about complementary intrusion evidence[C]// The 20th Computer Security Applications. 2004: 39-48.
[13]	[EB/OL]..
[14]	[EB/OL]..
[15]	[EB/OL]..
[16]	[EB/OL]..
[17]	[EB/OL]..
[18]	[EB/OL]..
[19]	BUTT S,LAGAR-CAVILLA H A , SRIVASTAVA A , et al . Self-service cloud computing[C]// The 2012 ACM Conference on Computer and Communications Security. 2012: 253-264.
[20]	ZHANG F , CHEN J , CHEN H ,et al. CloudVisor:retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[C]// The 23rd ACM Symposium on Operating Systems Principles. 2011: 203-216.
[21]	CHEN X , GARFINKEL T , LEWIS E C ,et al. Overshadow:a virtualization-based approach to retrofitting protection in commodity operating systems[C]// ACM Sigarch Computer Architecture News. 2008,36(1): 2-13.
[22]	HOFMANN O S , KIM S , DUNN A M ,et al. Inktag:secure applications on an untrusted operating system[C]// ACM Sigarch Computer Architecture News. 2013,41(1): 265-278.
[23]	HE W , AKHAWE D , JAIN S ,et al. Shadowcrypt:encrypted web applications for everyone[C]// The 2014 ACM Sigsac Conference on Computer and Communications Security. 2014: 1028-1039.
[24]	LAU B , CHUNG S , SONG C ,et al. Mimesis aegis:a mimicry privacy shield——a system’s approach to data privacy on public cloud[C]// The 23rd USENIX Security Symposium (USENIX Security 14). 2014: 33-48.
[25]	POPA R A , STARK E , VALDEZ S ,et al. Building Web applications on top of encrypted data using Mylar[C]// The 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). 2014: 157-172.
[26]	[EB/OL]..
[27]	POPA R A , REDFIELD C , ZELDOVICH N ,et al. CryptDB:protecting confidentiality with encrypted query processing[C]// The 12rd ACM Symposium on Operating Systems Principles. 2011: 85-100.
[28]	[EB/OL]..
[29]	[EB/OL]..

基于小云审大云的云平台可信评测体系结构与技术研究

Cloud Trustworthiness Evaluation as a cloud service:architecture,key technologies and implementations

在线阅读

pdf下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	李凌书, 邬江兴, 曾威, 刘文彦. 容器云中基于信号博弈的容器迁移与蜜罐部署策略[J]. 网络与信息安全学报, 2022, 8(3): 87-96.
[2]	刘尚, 郭银章. 云计算多授权中心CP-ABE代理重加密方案[J]. 网络与信息安全学报, 2022, 8(3): 176-188.
[3]	张艺, 田立勤, 毋泽南, 武文星. 基于FANP的云用户行为信任评估优化机制[J]. 网络与信息安全学报, 2022, 8(2): 175-182.
[4]	张煜,吕锡香,邹宇聪,李一戈. 基于生成对抗网络的文本序列数据集脱敏[J]. 网络与信息安全学报, 2020, 6(4): 109-119.
[5]	吴颖,李璇,金彪,金榕榕. 隐私保护的图像内容检索技术研究综述[J]. 网络与信息安全学报, 2019, 5(4): 14-28.
[6]	李颖, 马春光. 可搜索加密研究进展综述[J]. 网络与信息安全学报, 2018, 4(7): 13-21.
[7]	于孟洋,林晖,田有亮. 移动云计算中一种新的跨层信誉机制[J]. 网络与信息安全学报, 2018, 4(3): 51-58.
[8]	王元昊,李宏博,崔钰钊,郭庆文,黄琼. 具有密文等值测试功能的公钥加密技术综述[J]. 网络与信息安全学报, 2018, 4(11): 13-22.
[9]	张建标,朱元曦,胡俊,王晓. 面向云环境的虚拟机可信迁移方案[J]. 网络与信息安全学报, 2018, 4(1): 6-14.
[10]	李维奉,羌卫中,李伟明,邹德清. 云环境隐私侵犯取证研究[J]. 网络与信息安全学报, 2018, 4(1): 26-35.
[11]	高元照,李学娟,李炳龙,吴熙曦. 云计算取证模型[J]. 网络与信息安全学报, 2017, 3(9): 13-23.
[12]	袁得嵛,王小娟,万建超. “互联网+”对网络空间安全影响及未来发展趋势[J]. 网络与信息安全学报, 2017, 3(5): 1-9.
[13]	施江勇,杨岳湘,李文华,王森. 基于SDN的云安全应用研究综述[J]. 网络与信息安全学报, 2017, 3(5): 10-25.
[14]	陈飞,毕小红,王晶晶,刘渊. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报, 2017, 3(10): 16-24.
[15]	孙光,樊晓平,蒋望东,周航军,刘胜宗,龚春红,朱静. 云计算环境约束下的软件水印方案[J]. 网络与信息安全学报, 2016, 2(9): 12-21.