计算机科学 ›› 2016, Vol. 43 ›› Issue (7): 19-27.doi: 10.11896/j.issn.1002-137X.2016.07.003
程宏兵,赵紫星,叶长河
CHENG Hong-bing, ZHAO Zi-xing and YE Chang-he
摘要: 云计算凭借其高效、可靠、廉价等优势,正引导着信息技术的又一次重大变革。考虑到云计算技术独有的特性和架构,安全问题一直是其发展和普及的瓶颈。针对云计算安全问题的研究也一直是该领域的重点和热点问题。将云计算体系划分为物理资源层、资源抽象层和服务提供层,并分层定义了体系中数据安全、虚拟机安全、多租户隔离、应用部署安全、数据处理技术、身份控制技术以及审计技术,介绍了相关标准,阐述了近年来的研究进展,指出了云计算体系架构安全领域的挑战与发展契机。
[1] Phaphoom N,Wang Xiao-feng,Samuel S,et al.A survey study on major technical barriers affecting the decision to adopt cloud services[J].The Journal of Systems and Software,2015,3:167-181 [2] Lai Yeu-pong,Wu Wei-feng.The defense in-depth approach to the protection for browsing users against drive-by cache attacks[J].Security and Communication Networks,2015,8(7):1422-1430 [3] Feng Deng-guo,Zhang Min,Zhang Yan,et al.Study on CloudComputing Security[J].Journal of Software,2011,2(1):71-83(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,2(1):71-83 [4] Xiao Zhi-feng,Xiao Y.Security and Privacy in Cloud Computing[J].IEEE Communications Surveys and Tutorials,2012,5(2):843-859 [5] Ali M,Khan S U,Vasilakos A V.Security in Cloud Computing:Opportunities and Challenges[J].Information Sciences,2015,5:357-383 [6] Fernandes D A B,Soares L F B,Gomes J V,et al.Security Issues in Cloud Environments:a Survey[J].International Journal of Information Security,2014,3(2):113-170 [7] Albakri S H,Shanmugam B,Samy G N,et al.Security Risk Assessment Framework for Cloud Computing environments[J].Security and Communication Networks,2014,7(11):2114-2124 [8] Spillner J,Müller J,Schill A.Creating optimal cloud storage systems[J].Future Generation Computer Systems,2013,9(4):1062-1072 [9] Youssef A E,Alageel M.A Framework for Secure Cloud Computing[J].International Journal of Computer Science Issues,2012,9(3):487-500 [10] Roy A,Sarkar S,Ganesan R,et al.Secure the Cloud:From the Perspective of a Service-Oriented Organization[J].ACM Computing Surveys,2015,7(3):326-328 [11] Chen Lan-xiang,Xu Li.Research on Provable Data Possession and Recovery Technology in Cloud Storage[J].Journal of Computer Research and Development,2012,9(z1):19-25(in Chinese) 陈兰香,许力.云存储服务中可证明数据持有及恢复技术研究[J].计算机研究与发展,2012,9(z1):19-25 [12] Dimakis A G,Godfrey P B,Wainwright M J,et al.NetworkCoding for Distributed Storage Systems[J].IEEE Transactions on Information Theory,2010,6(9):4539-4551 [13] Wu Y.A Construction of Systematic MDS Codes With Minimum Repair Bandwidth[J].IEEE Transactions on Informatio Theory,2011,7(6):3738-3741 [14] Bian Gen-qing,Gao Song,Shao Bi-lin.Security Structure ofCloud Storage based on Dispersal[J].Journal of Xian Jiaotong University,2011,5(4):41-45(in Chinese) 边根庆,高松,邵必林.面向分散式存储的云存储安全框架[J].西安交通大学学报,2011,5(4):41-45 [15] Xiang F,Liu C Y,Fang B X,et al.Novel “Rich Cloud” Based Data Disaster Recovery Strategy[J].Journal on Communications,2013(6):92-101(in Chinese) 项菲,刘川意,方滨兴,等.新的基于云计算环境的数据容灾策略[J].通信学报,2013(6):92-101 [16] Fabian B,Ermakova T,Junghanns P.Collaborative and Secure Sharing of Healthcare Data in Multi-clouds[J].Information Systems,2015,8:132-150 [17] Li Hui,Sun Wen-hai,Li Feng-hua,et al.Secure and Privacy-Preserving Data Storage Service in Public Cloud[J].Journal of Computer Research and Development,2014,1(7):1397-1409(in Chinese) 李晖,孙文海,李凤华,等.公共云存储服务数据安全及隐私保护技术综述[J].计算机研究与发展,2014,1(7):1397-1409 [18] Ai Hao-jun,Gong Su-wen,Yuan Yuan-ming.Research of Cloud Computing Virtual Machine Allocated Strategy on Multi-object Evolutionary Algorithm[J].Computer Science,2014,1(6):48-53(in Chinese) 艾浩军,龚素文,袁远明.基于多目标演化算法的云计算虚拟机分配策略研究[J].计算机科学,2014,1(6):48-53 [19] Wen Yu,Meng Dan,Zhan Jian-Feng.Adaptive Virtualized Resource Management for Application’s SLO Guarantees[J].Journal of Software,2013(2):358-377(in Chinese) 文雨,孟丹,詹剑锋.面向应用服务级目标的虚拟化资源管理[J].软件学报,2013(2):358-377 [20] Li Qiang,Hao Qin-fen,Xiao Li-ming,et al.Adaptive Management and Multi-Objective Optimization for Virtual Machine Placement in Cloud Computing[J].Chinese Journal of Compu-ters,2011,4(12):2253-2264(in Chinese) 李强,郝沁汾,肖利民,等.云计算中虚拟机放置的自适应管理与多目标优化[J].计算机学报,2011,4(12):2253-2264 [21] Ristenpart T,Tromer E,Shacham H,et al.Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.New York:ACM Press,2009:199-212 [22] Arshad J,Townend P,Xu J.A novel intrusion severity analysis approach for Clouds[J].Future Gen Computer Systems,2013,9(1):416-428 [23] Lai Ying-xu,Hu Shao-long,Yang Zhen.Research of Securitytechnology based on Virtualization[J].Journal of University of Science and Technology of China,2011,1(10):907-914(in Chinese) 赖英旭,胡少龙,杨震.基于虚拟机的安全技术研究[J].中国科学技术大学学报,2011,1(10):907-914 [24] Liu Chuan-yi,Lin Jie,Tang Bo.Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment[J].Journal of Software,2014,5(3):662-914(in Chinese) 刘川意,林杰,唐博.面向云计算模式运行环境可信性动态验证机制[J].软件学报,2014,5(3):662-674 [25] Yan Fei,Shi Xiang,Li Zhi-hua,et al.VirtinSpector:A UEFIBased Dynamic Secure Measurement Framework for Virtual Machine[J].Journal of Sichuang University(Engineering Science Edition),2014,6(1):22-28(in Chinese) 严飞,石翔,李志华,等.VirtinSpector:一种基于UEFI的虚拟机动态安全度量框架设计与实现[J].四川大学学报(工程科学版),2014,6(1):22-28 [26] Bari M F,Boutaba R,Esteves R,et al.Data Center NetworkVirtualization:A Survey[J].Communications Surveys & Tutorials,IEEE,2013,5(2):909-928 [27] Luo Jun-zhou,Jin Jia-hui,Song Ai-bo,et al.Cloud Computing:Architecture and Key Technologies[J].Journal on Communications,2011,2(7):3-21(in Chinese) 罗军舟,金嘉晖,宋爱波,等.云计算:体系架构与关键技术[J].通信学报,2011,2(7):3-21 [28] Habib S M,Ries S,Mühlhuser M,et al.Towards a trust mana-gement system for cloud computing marketplaces:using CAIQ as a trust information source[J].Security Comm.Networks,2014,7(11):2185-2200 [29] Wang Pei-xue,Zhou Hua-qiang.Research on Cloud SecurityModel Based on Trusted Third Party on Multi-tenant Environment[J].Computer Science,2014,1(6A):363-365,382(in Chinese) 王佩雪,周华强.多租户环境下基于可信第三方的云安全模型研究[J].计算机科学,2014,1(6A):363-365,382 [30] Feng Chao-sheng,Qin Zhi-guang,Yuan Ding,et al.Key Techniques of Access Control for Cloud Computing[J].Acta Electronica Sinica,2015,3(2):312-319(in Chinese) 冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术[J].电子学报,2015,3(2):312-319 [31] Liu M,Dou W,Yu S,et al.A Decentralized Cloud Firewall Fra-mework with Resources Provisioning Cost Optimization[J].IEEE Transactions on Parallel and Distributed Systems,2015,6(3):621-631 [32] Liu Guo-ping,Liu Jian-feng,Tan Guo-quan.Research on Security Technology of Multi-Tenanted SaaS Service[J].Telecommunications Science,2011(S1):11-15(in Chinese) 刘国萍,刘建峰,谭国权.多租户SaaS服务安全技术研究[J].电信科学,2011(S1):11-15 [33] Ju Jie-hui,Wu Ji-yi,Zhang Jian-lin,et al.Study on Multi-Tenancy and Security Technology in SaaS Applications[J].Telecommunications Science,2010,6(10):41-46(in Chinese) 琚洁慧,吴吉义,章剑林,等.SaaS应用中的多租户与安全技术研究[J].电信科学,2010,6(10):41-46 [34] Zou Hang,Chen Zhuang,Li Xue-ping.Design and Implementation of Security Cloud Active Defence System Against Malicious Code[J].Journal of Chongqing University of Technology(Natural Science),2014,8(5):84-92(in Chinese) 邹航,陈庄,李雪平.恶意代码云主动防御系统设计与实现[J].重庆理工大学学报(自然科学),2014,8(5):84-92 [35] Dan B,Shacham H.Fast Variants of RSA[J].CryptoBytes,2002,5:1-9 [36] Li Yun-fei,Liu Qing,Li Tong,et al.Cryptanalysis against an Im-proved RSA Algorithm[J].Journal of Applied Science,2013,1(6):655-660(in Chinese) 李云飞,柳青,李彤,等.对一种改进RSA算法的密码分析[J].应用科学学报,2013,1(6):655-660 [37] Mukundan R,Madria S,Linderman M.Efficient integrity verification of replicated data in cloud using homomorphic encryption[J].Distributed and Parallel Databases,2014,2(4):507-534 [38] Huang Ru-wei,Gui Xiao-lin,Yu Si,et al.Privacy-PreservingComputable Encryption Scheme of Cloud Computing[J].Chinese Journal of Computers,2011,4(12):2391-2402(in Chinese) 黄汝维,桂小林,余思,等.云环境中支持隐私保护的可计算加密方法[J].计算机学报,2011,4(12):2391-2402 [39] Samanthula B K,Elmehdwi Y,Wei Jiang.k-Nearest Neighbor Classification over Semantically Secure Encrypted Relational Data[J].IEEE Transactions on Knowledge And Data Enginee-ring,2015,7(5):1261-1273 [40] Yu Jia-di,Lu P,Zhu Y,et al.Toward Secure Multikey wordTop- k Retrieval over Encrypted Cloud Data[J].Dependable and Secure Computing,2013,0(4):239-250 [41] Song D X,Wagner D,Perrig A.Practical Techniques for Searches on Encrypted Data[C]∥IEEE Sym on Security and Privacy.2000:44-55 [42] Li J,Wang Q,Wang C.Fuzzy keyword search over encrypteddata in cloud computing[J].Infocom,2009(2):1-5 [43] Feng Chao-sheng,Qin Zhi-guang,Yuan Ding.Techniques of Secure Storage for Cloud Data[J].Chinese Journal of Computers,2015,8(1):150-163(in Chinese) 冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,8(1):150-163 [44] Wang Jian-feng,Ma H,Tang Q,et al.Efficient Verifiable Fuzzy Keyword Search over Encrypted Data in Cloud Computing[J].Computer Science and Information Systems,2013,0(2):499-505 [45] Seo S H,Nabeel M,Ding Xiao-yu,et al.An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds[J].IEEE Transactions on Knowledge and Data Engineering,2014,6(9):2107-2119 [46] Hudic A,Islam S,Kieseberg P,et al.Data Confidentiality using Fragmentation in Cloud Computing[J].International Journal of Pervasive Computing & Communications,2013,9(1):37-51 [47] Sun Xin-wei,Zhang Wei,Xu Tao.High-performance Data Privacy Protection for Cloud[J].Computer Science,2014,1(5):137-142(in Chinese) 孙辛未,张伟,徐涛.面向云存储的高性能数据隐私保护方法[J].计算机科学,2014,1(5):137-142 [48] Yang Liu,Tang Zhuo,Li Ren-fa,et al.Roles query algorithm in cloud computing environment based on user require[J].Journal on Communications,2011,2(7):169-175(in Chinese) 杨柳,唐卓,李仁发,等.云计算环境中基于用户访问需求的角色查找算法[J].通信学报,2011,2(7):169-175 [49] Almutairi A,Sarfraz M,Basalamah S,et al.A Distributed Access Control Architecture for Cloud Computing[J].IEEE Software,2012,9(2):36-44 [50] Antonio M,Javie G,Antonio M.A Performance-Oriented Monitoring System for Security Properties in Cloud Computing Applications[J].Computer Journal,2012,5(8):979-994 [51] Lin Guo-yuan,He Shan,Huang Hao,et al.Access control securi-ty model based on behavior in cloud computing environment[J].Journal on Communications,2012(3):59-66(in Chinese) 林果园,贺珊,黄皓,等.基于行为的云计算访问控制安全模型[J].通信学报,2012(3):59-66 [52] Liu Wu,Duan Hai-xin,Zhang Hong,et al.TRBAC:Trust Based Access Control Model[J].Journal of Computer Research and Development,2011,48(8):1414-1420(in Chinese) 刘武,段海新,张洪,等.TRBAC:基于信任的访问控制模型[J].计算机研究与发展,2011,48(8):1414-1420 [53] Xiong Jin-bo,Yao Zhi-qiang,Ma Jian-feng,et al.Action Based Multilevel Access Control for Structure Document[J].Journal of Computer Research and Development,2013,0(7):1399-1408(in Chinese) 熊金波,姚志强,马建峰,等.基于行为的结构化文档多级访问控制[J].计算机研究与发展,2013,0(7):1399-1408 [54] Hur J.Improving Security and Efficiency in Attribute-Based Data Sharing[J].IEEE Transactions on Knowledge and Data Engineering,2013,5(10):2271-2282 [55] Li M,Yu Shu-cheng,Zheng Y,et al.Scalable and Secure Sharingof Personal Health Records in Cloud Computing Using Attri-bute-Based Encryption[J].IEEE Transactions on Parallel and Distributed Systems,2013,4(1):131-143 [56] Liu Xi-meng,Ma Jian-feng,Xiong Jin-bo,et al.Attribute BasedSanitizable Signature Scheme in Cloud Computing[J].Journal of Electronics & Information Technology,2014,6(7):1749-1754(in Chinese) 刘西蒙,马建峰,熊金波,等.云计算环境下基于属性的可净化签名方案[J].电子与信息学报,2014,6(7):1749-1754 [57] Chen Yan-li,Song Ling-ling,Yang Geng.Efficient Access Control Scheme Combining CP-ABE and SD in Cloud Computing[J].Computer Science,2014,1(9):152-157,168(in Chinese) 陈燕俐,宋玲玲,杨庚.基于CP-ABE和SD的高效云计算访问控制方案[J].计算机科学,2014,1(9):152-157,168 [58] Liu Xue-feng,Zhang Yu-qing,Wang Bo-yang,et al.Mona:Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud[J].IEEE Transactions on Parallel and Distributed Systems,2013,4(6):1182-1191 [59] Dong X,Yu J D,Zhu Y M,et al.SECO:Secure and Scalable Data Collaboration Services in Cloud Computing[J].Computers and Security,2015,0:91-105 [60] Tan Shuang,Jia Yan,Han Wei-hong.Research and Development of Provable Data Integrity in Cloud Storage[J].Chinese Journal of Computers,2015,8(1):164-177(in Chinese) 谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机学报,2015,8(1):164-177 [61] Chang Chin-chen,Sun Chin-yu,Cheng Ting-fang.A Dependable Storage Service System in Cloud Environment [J].Security and Communication Networks,2015,8(4):574-588 [62] Lei X Y,Liao X F,Huang T W,et al.Achieving Security,Robust Cheating Resistance,and High-efficiency for Outsourcing Large Matrix Multiplication Computation to a Malicious Cloud[J].Information Science,2014,0:205-217 [63] Wang B Y,Li H,Liu X F,et al.Efficient Public Verification on the Integrity of Multi-Owner Data in the Cloud[J].Journal of Communications and Networks,2014,6(6):592-599 [64] An Bao-yu,Gong Zhe,Xiao Da,et al.Data possession audit with an implicit trusted third-party for cloud storage[J].Journal of Harbin Engineering University,2012,3(8):1039-1045(in Chinese) 安宝宇,宫哲,肖达,等.具有隐式可信第三方的云存储数据持有性审计[J].哈尔滨工程大学学报,2012,3(8):1039-1045 [65] Yang K,Jia X H.An Efficient and Secure Dynamic AuditingProtocol for Data Storage in Cloud Computing[J].IEEE Transa-ctions on Parallel and Distributed,2013,4(9):1717-1726 [66] Wang Q,Wang C,Li J,et al.Enabling Public Verifiability and Data Dynamics for Storage Security.[J].Lecture Notes in Computer Science,2009,2(5):355-370 [67] Milan R M.Researchers find a new way to attack the cloud[EB/OL].(2011).http://www.computerworld.com/article/2528070/cloud-computing/researchers-find-a-new-way-to-attack-the-cloud.html [68] Zhang Yong-zheng,Xiao Jun,Yun Xiao-chun,et al.DDoS At-tacks Detection and Control Mechanisms[J].Journal of Software,2012,3(8):2058-2072(in Chinese) 张永铮,肖军,云晓春,等.DDoS攻击检测和控制方法[J].软件学报,2012,3(8):2058-2072 |
No related articles found! |
|