面向云服务信息安全评估的度量模型研究

doi:10.11959/j.issn.2096-109x.2016.00075

Abstract

Abstract:

Due to the lack of metric standards and the metric imprecise problems of cloud service information secu-rity,the research status of the relevant standards at home and abroad were introduced.As for the demand for infor-mation security measurement requirements of the trusted cloud,the advantages and disadvantages of metric models based on the trusted root were analyzed.At last,the future research direction which was to study a scalable com-bined,real-time,privacy protected,easy to transplant and less cost metrics model was pointed out.

Key words: trusted cloud services, information security assessment, metrics model, evaluation criteria

CLC Number:

TP393

Yue-ming LU,Zhi-hui ZHANG. Research on metrics models for cloud services information security evaluation[J]. Chinese Journal of Network and Information Security, 2016, 2(7): 18-25.

Figures/Tables 7

References 16

[1]	陈康，郑纬民 . 云计算：系统实例与研究现状[J]. 软件学报， 2009,20(5): 1337-1348.
	CHEN K , ZHENG WM . Cloud computing:system instances and current research[J]. Journal of Software, 2009,20(5): 1337-1348.
[2]	Common criteria for information technology security evaluation part 2:security functional requirement,version 2.2[S]. 2004.
[3]	Common criteria for information technology security evaluation part 3:security assurance requirements; version 2.2[S]. 2004.
[4]	NIELSEN F . Approaches to security metrics[C]//CSSPAB Work-shop on Approaches to Measuring Security. IEEE Security ＆ Privacy, c2000.
[5]	Cloud Security Alliance(CSA). Security guidance for critical areas of focus in cloud computing V3.0[EB/OL]. .
[6]	AVI?IENIS A , LAPRIE J C , RANDELL B , et al. Basic concepts and taxonomy of dependable and secure computing[J]. IEEE Transactions on Dependable ＆ Secure Computing, 2004,1(1): 11-33.
[7]	TCG Group. TCG specification architecture overview[J]. TCG Specification Revision, 2007,1: 1-24.
[8]	SAILER R , ZHANG X , JAEGER T , et al. Design and implementa-tion of a TCG-based integrity measurement architecture[C]//Usenix Security Symposium. IEEE Security ＆ Privacy, c2004:16-16.
[9]	JAEGER T , SAILER R , SHANKAR U . PRIMA:policy-reduced integrity measurement architecture[C]//The 11th ACM Symposium on Access Control Models and Technologies. c2006:19-28.
[10]	LOSCOCCO P A , WILSON P W , PENDERGRASS J A , et al. Linux kernel integrity measurement using contextual inspection[C]//ACM Workshop on Scalable Trusted Computing. c2007:21-29.
[11]	AZAB A M , NING P , SEZER E C , et al. HIMA:a hypervisor-based integrity measurement agent[C]// IEEE Computer Security Appli-cations Conference. c2009:461-470.
[12]	AZAB A M , NING P , WANG Z , et al. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity[C]//ACM Conference on Computer and Communications Security(CCS). c2010:38-49.
[13]	刘孜文，冯登国 . 基于可信计算的动态完整性度量架构[J]. 电子与信息学报， 2010,32(4): 875-879.
	LIU Z W , FENG D G . TPM-based dynamic integrity measurement architecture[J]. Journal of Electronics and Information Technology, 2010,32(4): 875-879.
[14]	冯登国，秦宇，汪丹，等. 可信计算技术研究[J]. 计算机研究与发展， 2011,48(8): 1332-1349.
	FENG D G , QIN Y , WANG D , et al. Research on trusted computing technology[J]. Journal of Computer Research and Development, 2011,48(8): 1332-1349.
[15]	林闯，苏文博，孟坤，等. 云计算安全：架构、机制与模型评价[J]. 计算机学报， 2013,36(9): 1765-1784.
	LIN C , SU W B , MENG K , et al. Cloud computing security:archi-tecture,mechanism and modeling[J]. Chinese Journal of Computers, 2013,36(9): 1765-1784.
[16]	周振吉，吴礼发，洪征，等. 云计算环境下的虚拟机可信度量模型[J]. 南大学学报(自然科学版)， 2014(1): 45-50.
	ZHOU Z J , WU L F , HONG Z , et al. Trustworthiness measurement model of virtual machine for cloud computing[J]. Journal of Southeast University(Natural Science Edition), 2014(1): 45-50.

Metrics

Recommended 0

No Suggested Reading articles found!

Research on metrics models for cloud services information security evaluation

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27.
[2]	Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.
[3]	Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59.
[4]	Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89.
[5]	Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101.
[6]	Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122.
[7]	Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134.
[8]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[9]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[10]	Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93.
[11]	Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131.
[12]	Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.
[13]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[14]	Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163.
[15]	Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183.