计算机科学 ›› 2016, Vol. 43 ›› Issue (7): 19-27.doi: 10.11896/j.issn.1002-137X.2016.07.003

• 目次 • 上一篇    下一篇

基于体系架构的云计算安全研究进展

程宏兵,赵紫星,叶长河   

  1. 浙江工业大学计算机科学与技术学院 杭州310023,浙江工业大学计算机科学与技术学院 杭州310023,浙江工业大学计算机科学与技术学院 杭州310023
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金项目(61402413),浙江省自然科学基金(LY14F020019),中国博士后基金(2012M511732),江苏省六大人才高峰(11-JY-009),南京大学软件新技术重点实验室开放课题(KFKT2015B22)资助

Survey of Cloud Computing Security Based on Infrastructure

CHENG Hong-bing, ZHAO Zi-xing and YE Chang-he   

  • Online:2018-12-01 Published:2018-12-01

摘要: 云计算凭借其高效、可靠、廉价等优势,正引导着信息技术的又一次重大变革。考虑到云计算技术独有的特性和架构,安全问题一直是其发展和普及的瓶颈。针对云计算安全问题的研究也一直是该领域的重点和热点问题。将云计算体系划分为物理资源层、资源抽象层和服务提供层,并分层定义了体系中数据安全、虚拟机安全、多租户隔离、应用部署安全、数据处理技术、身份控制技术以及审计技术,介绍了相关标准,阐述了近年来的研究进展,指出了云计算体系架构安全领域的挑战与发展契机。

关键词: 云安全,体系架构,研究进展

Abstract: Cloud computing is leading an information technology revolution with its advantages such as efficient,reliable,and low-cost.However,the security issue is always the obstruction which limits the development and popularization of cloud computing.Therefore,it is undisputed that the security research is a hot issue in the field of cloud computing.In this paper,we divided the cloud computing into resource layer,resource abstraction layer and service layer,and defined data security,virtual machine security,multi-tenant isolation,application deployment,data processing,identity control and audition.The paper reviewed the recent progresses in this area based on architecture division of cloud computing and provided references for further research in cloud computing.

Key words: Cloud security,Infrastructure,Research progress

[1] Phaphoom N,Wang Xiao-feng,Samuel S,et al.A survey study on major technical barriers affecting the decision to adopt cloud services[J].The Journal of Systems and Software,2015,3:167-181
[2] Lai Yeu-pong,Wu Wei-feng.The defense in-depth approach to the protection for browsing users against drive-by cache attacks[J].Security and Communication Networks,2015,8(7):1422-1430
[3] Feng Deng-guo,Zhang Min,Zhang Yan,et al.Study on CloudComputing Security[J].Journal of Software,2011,2(1):71-83(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,2(1):71-83
[4] Xiao Zhi-feng,Xiao Y.Security and Privacy in Cloud Computing[J].IEEE Communications Surveys and Tutorials,2012,5(2):843-859
[5] Ali M,Khan S U,Vasilakos A V.Security in Cloud Computing:Opportunities and Challenges[J].Information Sciences,2015,5:357-383
[6] Fernandes D A B,Soares L F B,Gomes J V,et al.Security Issues in Cloud Environments:a Survey[J].International Journal of Information Security,2014,3(2):113-170
[7] Albakri S H,Shanmugam B,Samy G N,et al.Security Risk Assessment Framework for Cloud Computing environments[J].Security and Communication Networks,2014,7(11):2114-2124
[8] Spillner J,Müller J,Schill A.Creating optimal cloud storage systems[J].Future Generation Computer Systems,2013,9(4):1062-1072
[9] Youssef A E,Alageel M.A Framework for Secure Cloud Computing[J].International Journal of Computer Science Issues,2012,9(3):487-500
[10] Roy A,Sarkar S,Ganesan R,et al.Secure the Cloud:From the Perspective of a Service-Oriented Organization[J].ACM Computing Surveys,2015,7(3):326-328
[11] Chen Lan-xiang,Xu Li.Research on Provable Data Possession and Recovery Technology in Cloud Storage[J].Journal of Computer Research and Development,2012,9(z1):19-25(in Chinese) 陈兰香,许力.云存储服务中可证明数据持有及恢复技术研究[J].计算机研究与发展,2012,9(z1):19-25
[12] Dimakis A G,Godfrey P B,Wainwright M J,et al.NetworkCoding for Distributed Storage Systems[J].IEEE Transactions on Information Theory,2010,6(9):4539-4551
[13] Wu Y.A Construction of Systematic MDS Codes With Minimum Repair Bandwidth[J].IEEE Transactions on Informatio Theory,2011,7(6):3738-3741
[14] Bian Gen-qing,Gao Song,Shao Bi-lin.Security Structure ofCloud Storage based on Dispersal[J].Journal of Xian Jiaotong University,2011,5(4):41-45(in Chinese) 边根庆,高松,邵必林.面向分散式存储的云存储安全框架[J].西安交通大学学报,2011,5(4):41-45
[15] Xiang F,Liu C Y,Fang B X,et al.Novel “Rich Cloud” Based Data Disaster Recovery Strategy[J].Journal on Communications,2013(6):92-101(in Chinese) 项菲,刘川意,方滨兴,等.新的基于云计算环境的数据容灾策略[J].通信学报,2013(6):92-101
[16] Fabian B,Ermakova T,Junghanns P.Collaborative and Secure Sharing of Healthcare Data in Multi-clouds[J].Information Systems,2015,8:132-150
[17] Li Hui,Sun Wen-hai,Li Feng-hua,et al.Secure and Privacy-Preserving Data Storage Service in Public Cloud[J].Journal of Computer Research and Development,2014,1(7):1397-1409(in Chinese) 李晖,孙文海,李凤华,等.公共云存储服务数据安全及隐私保护技术综述[J].计算机研究与发展,2014,1(7):1397-1409
[18] Ai Hao-jun,Gong Su-wen,Yuan Yuan-ming.Research of Cloud Computing Virtual Machine Allocated Strategy on Multi-object Evolutionary Algorithm[J].Computer Science,2014,1(6):48-53(in Chinese) 艾浩军,龚素文,袁远明.基于多目标演化算法的云计算虚拟机分配策略研究[J].计算机科学,2014,1(6):48-53
[19] Wen Yu,Meng Dan,Zhan Jian-Feng.Adaptive Virtualized Resource Management for Application’s SLO Guarantees[J].Journal of Software,2013(2):358-377(in Chinese) 文雨,孟丹,詹剑锋.面向应用服务级目标的虚拟化资源管理[J].软件学报,2013(2):358-377
[20] Li Qiang,Hao Qin-fen,Xiao Li-ming,et al.Adaptive Management and Multi-Objective Optimization for Virtual Machine Placement in Cloud Computing[J].Chinese Journal of Compu-ters,2011,4(12):2253-2264(in Chinese) 李强,郝沁汾,肖利民,等.云计算中虚拟机放置的自适应管理与多目标优化[J].计算机学报,2011,4(12):2253-2264
[21] Ristenpart T,Tromer E,Shacham H,et al.Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.New York:ACM Press,2009:199-212
[22] Arshad J,Townend P,Xu J.A novel intrusion severity analysis approach for Clouds[J].Future Gen Computer Systems,2013,9(1):416-428
[23] Lai Ying-xu,Hu Shao-long,Yang Zhen.Research of Securitytechnology based on Virtualization[J].Journal of University of Science and Technology of China,2011,1(10):907-914(in Chinese) 赖英旭,胡少龙,杨震.基于虚拟机的安全技术研究[J].中国科学技术大学学报,2011,1(10):907-914
[24] Liu Chuan-yi,Lin Jie,Tang Bo.Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment[J].Journal of Software,2014,5(3):662-914(in Chinese) 刘川意,林杰,唐博.面向云计算模式运行环境可信性动态验证机制[J].软件学报,2014,5(3):662-674
[25] Yan Fei,Shi Xiang,Li Zhi-hua,et al.VirtinSpector:A UEFIBased Dynamic Secure Measurement Framework for Virtual Machine[J].Journal of Sichuang University(Engineering Science Edition),2014,6(1):22-28(in Chinese) 严飞,石翔,李志华,等.VirtinSpector:一种基于UEFI的虚拟机动态安全度量框架设计与实现[J].四川大学学报(工程科学版),2014,6(1):22-28
[26] Bari M F,Boutaba R,Esteves R,et al.Data Center NetworkVirtualization:A Survey[J].Communications Surveys & Tutorials,IEEE,2013,5(2):909-928
[27] Luo Jun-zhou,Jin Jia-hui,Song Ai-bo,et al.Cloud Computing:Architecture and Key Technologies[J].Journal on Communications,2011,2(7):3-21(in Chinese) 罗军舟,金嘉晖,宋爱波,等.云计算:体系架构与关键技术[J].通信学报,2011,2(7):3-21
[28] Habib S M,Ries S,Mühlhuser M,et al.Towards a trust mana-gement system for cloud computing marketplaces:using CAIQ as a trust information source[J].Security Comm.Networks,2014,7(11):2185-2200
[29] Wang Pei-xue,Zhou Hua-qiang.Research on Cloud SecurityModel Based on Trusted Third Party on Multi-tenant Environment[J].Computer Science,2014,1(6A):363-365,382(in Chinese) 王佩雪,周华强.多租户环境下基于可信第三方的云安全模型研究[J].计算机科学,2014,1(6A):363-365,382
[30] Feng Chao-sheng,Qin Zhi-guang,Yuan Ding,et al.Key Techniques of Access Control for Cloud Computing[J].Acta Electronica Sinica,2015,3(2):312-319(in Chinese) 冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术[J].电子学报,2015,3(2):312-319
[31] Liu M,Dou W,Yu S,et al.A Decentralized Cloud Firewall Fra-mework with Resources Provisioning Cost Optimization[J].IEEE Transactions on Parallel and Distributed Systems,2015,6(3):621-631
[32] Liu Guo-ping,Liu Jian-feng,Tan Guo-quan.Research on Security Technology of Multi-Tenanted SaaS Service[J].Telecommunications Science,2011(S1):11-15(in Chinese) 刘国萍,刘建峰,谭国权.多租户SaaS服务安全技术研究[J].电信科学,2011(S1):11-15
[33] Ju Jie-hui,Wu Ji-yi,Zhang Jian-lin,et al.Study on Multi-Tenancy and Security Technology in SaaS Applications[J].Telecommunications Science,2010,6(10):41-46(in Chinese) 琚洁慧,吴吉义,章剑林,等.SaaS应用中的多租户与安全技术研究[J].电信科学,2010,6(10):41-46
[34] Zou Hang,Chen Zhuang,Li Xue-ping.Design and Implementation of Security Cloud Active Defence System Against Malicious Code[J].Journal of Chongqing University of Technology(Natural Science),2014,8(5):84-92(in Chinese) 邹航,陈庄,李雪平.恶意代码云主动防御系统设计与实现[J].重庆理工大学学报(自然科学),2014,8(5):84-92
[35] Dan B,Shacham H.Fast Variants of RSA[J].CryptoBytes,2002,5:1-9
[36] Li Yun-fei,Liu Qing,Li Tong,et al.Cryptanalysis against an Im-proved RSA Algorithm[J].Journal of Applied Science,2013,1(6):655-660(in Chinese) 李云飞,柳青,李彤,等.对一种改进RSA算法的密码分析[J].应用科学学报,2013,1(6):655-660
[37] Mukundan R,Madria S,Linderman M.Efficient integrity verification of replicated data in cloud using homomorphic encryption[J].Distributed and Parallel Databases,2014,2(4):507-534
[38] Huang Ru-wei,Gui Xiao-lin,Yu Si,et al.Privacy-PreservingComputable Encryption Scheme of Cloud Computing[J].Chinese Journal of Computers,2011,4(12):2391-2402(in Chinese) 黄汝维,桂小林,余思,等.云环境中支持隐私保护的可计算加密方法[J].计算机学报,2011,4(12):2391-2402
[39] Samanthula B K,Elmehdwi Y,Wei Jiang.k-Nearest Neighbor Classification over Semantically Secure Encrypted Relational Data[J].IEEE Transactions on Knowledge And Data Enginee-ring,2015,7(5):1261-1273
[40] Yu Jia-di,Lu P,Zhu Y,et al.Toward Secure Multikey wordTop- k Retrieval over Encrypted Cloud Data[J].Dependable and Secure Computing,2013,0(4):239-250
[41] Song D X,Wagner D,Perrig A.Practical Techniques for Searches on Encrypted Data[C]∥IEEE Sym on Security and Privacy.2000:44-55
[42] Li J,Wang Q,Wang C.Fuzzy keyword search over encrypteddata in cloud computing[J].Infocom,2009(2):1-5
[43] Feng Chao-sheng,Qin Zhi-guang,Yuan Ding.Techniques of Secure Storage for Cloud Data[J].Chinese Journal of Computers,2015,8(1):150-163(in Chinese) 冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,8(1):150-163
[44] Wang Jian-feng,Ma H,Tang Q,et al.Efficient Verifiable Fuzzy Keyword Search over Encrypted Data in Cloud Computing[J].Computer Science and Information Systems,2013,0(2):499-505
[45] Seo S H,Nabeel M,Ding Xiao-yu,et al.An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds[J].IEEE Transactions on Knowledge and Data Engineering,2014,6(9):2107-2119
[46] Hudic A,Islam S,Kieseberg P,et al.Data Confidentiality using Fragmentation in Cloud Computing[J].International Journal of Pervasive Computing & Communications,2013,9(1):37-51
[47] Sun Xin-wei,Zhang Wei,Xu Tao.High-performance Data Privacy Protection for Cloud[J].Computer Science,2014,1(5):137-142(in Chinese) 孙辛未,张伟,徐涛.面向云存储的高性能数据隐私保护方法[J].计算机科学,2014,1(5):137-142
[48] Yang Liu,Tang Zhuo,Li Ren-fa,et al.Roles query algorithm in cloud computing environment based on user require[J].Journal on Communications,2011,2(7):169-175(in Chinese) 杨柳,唐卓,李仁发,等.云计算环境中基于用户访问需求的角色查找算法[J].通信学报,2011,2(7):169-175
[49] Almutairi A,Sarfraz M,Basalamah S,et al.A Distributed Access Control Architecture for Cloud Computing[J].IEEE Software,2012,9(2):36-44
[50] Antonio M,Javie G,Antonio M.A Performance-Oriented Monitoring System for Security Properties in Cloud Computing Applications[J].Computer Journal,2012,5(8):979-994
[51] Lin Guo-yuan,He Shan,Huang Hao,et al.Access control securi-ty model based on behavior in cloud computing environment[J].Journal on Communications,2012(3):59-66(in Chinese) 林果园,贺珊,黄皓,等.基于行为的云计算访问控制安全模型[J].通信学报,2012(3):59-66
[52] Liu Wu,Duan Hai-xin,Zhang Hong,et al.TRBAC:Trust Based Access Control Model[J].Journal of Computer Research and Development,2011,48(8):1414-1420(in Chinese) 刘武,段海新,张洪,等.TRBAC:基于信任的访问控制模型[J].计算机研究与发展,2011,48(8):1414-1420
[53] Xiong Jin-bo,Yao Zhi-qiang,Ma Jian-feng,et al.Action Based Multilevel Access Control for Structure Document[J].Journal of Computer Research and Development,2013,0(7):1399-1408(in Chinese) 熊金波,姚志强,马建峰,等.基于行为的结构化文档多级访问控制[J].计算机研究与发展,2013,0(7):1399-1408
[54] Hur J.Improving Security and Efficiency in Attribute-Based Data Sharing[J].IEEE Transactions on Knowledge and Data Engineering,2013,5(10):2271-2282
[55] Li M,Yu Shu-cheng,Zheng Y,et al.Scalable and Secure Sharingof Personal Health Records in Cloud Computing Using Attri-bute-Based Encryption[J].IEEE Transactions on Parallel and Distributed Systems,2013,4(1):131-143
[56] Liu Xi-meng,Ma Jian-feng,Xiong Jin-bo,et al.Attribute BasedSanitizable Signature Scheme in Cloud Computing[J].Journal of Electronics & Information Technology,2014,6(7):1749-1754(in Chinese) 刘西蒙,马建峰,熊金波,等.云计算环境下基于属性的可净化签名方案[J].电子与信息学报,2014,6(7):1749-1754
[57] Chen Yan-li,Song Ling-ling,Yang Geng.Efficient Access Control Scheme Combining CP-ABE and SD in Cloud Computing[J].Computer Science,2014,1(9):152-157,168(in Chinese) 陈燕俐,宋玲玲,杨庚.基于CP-ABE和SD的高效云计算访问控制方案[J].计算机科学,2014,1(9):152-157,168
[58] Liu Xue-feng,Zhang Yu-qing,Wang Bo-yang,et al.Mona:Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud[J].IEEE Transactions on Parallel and Distributed Systems,2013,4(6):1182-1191
[59] Dong X,Yu J D,Zhu Y M,et al.SECO:Secure and Scalable Data Collaboration Services in Cloud Computing[J].Computers and Security,2015,0:91-105
[60] Tan Shuang,Jia Yan,Han Wei-hong.Research and Development of Provable Data Integrity in Cloud Storage[J].Chinese Journal of Computers,2015,8(1):164-177(in Chinese) 谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机学报,2015,8(1):164-177
[61] Chang Chin-chen,Sun Chin-yu,Cheng Ting-fang.A Dependable Storage Service System in Cloud Environment [J].Security and Communication Networks,2015,8(4):574-588
[62] Lei X Y,Liao X F,Huang T W,et al.Achieving Security,Robust Cheating Resistance,and High-efficiency for Outsourcing Large Matrix Multiplication Computation to a Malicious Cloud[J].Information Science,2014,0:205-217
[63] Wang B Y,Li H,Liu X F,et al.Efficient Public Verification on the Integrity of Multi-Owner Data in the Cloud[J].Journal of Communications and Networks,2014,6(6):592-599
[64] An Bao-yu,Gong Zhe,Xiao Da,et al.Data possession audit with an implicit trusted third-party for cloud storage[J].Journal of Harbin Engineering University,2012,3(8):1039-1045(in Chinese) 安宝宇,宫哲,肖达,等.具有隐式可信第三方的云存储数据持有性审计[J].哈尔滨工程大学学报,2012,3(8):1039-1045
[65] Yang K,Jia X H.An Efficient and Secure Dynamic AuditingProtocol for Data Storage in Cloud Computing[J].IEEE Transa-ctions on Parallel and Distributed,2013,4(9):1717-1726
[66] Wang Q,Wang C,Li J,et al.Enabling Public Verifiability and Data Dynamics for Storage Security.[J].Lecture Notes in Computer Science,2009,2(5):355-370
[67] Milan R M.Researchers find a new way to attack the cloud[EB/OL].(2011).http://www.computerworld.com/article/2528070/cloud-computing/researchers-find-a-new-way-to-attack-the-cloud.html
[68] Zhang Yong-zheng,Xiao Jun,Yun Xiao-chun,et al.DDoS At-tacks Detection and Control Mechanisms[J].Journal of Software,2012,3(8):2058-2072(in Chinese) 张永铮,肖军,云晓春,等.DDoS攻击检测和控制方法[J].软件学报,2012,3(8):2058-2072

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!