基于等级保护的云计算安全评估模型

计算机科学 ›› 2013, Vol. 40 ›› Issue (8): 151-156.

基于等级保护的云计算安全评估模型

姜政伟,赵文瑞,刘宇,刘宝旭

中国科学院研究生院北京100049;中国科学院研究生院北京100049;中国科学院研究生院北京100049;中国科学院高能物理研究所计算中心北京100049

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家科技支撑计划项目(2012BAH14B02),国家发改委信息安全专项项目(发改办高技[2012]1424号)资助

Model for Cloud Computing Security Assessment Based on Classified Protection

JIANG Zheng-wei,ZHAO Wen-rui,LIU Yu and LIU Bao-xu

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 云计算应用与发展中最受关注的问题之一是安全。针对云计算服务安全水平量化的需求,以我国等级保护测评要求为基础,借鉴欧美相关机构的云计算风险控制与安全评估框架,通过德尔菲法构建云计算安全评估指标体系,使用层次化分析法计算出各指标项的权重。根据设计的指标体系,将模糊综合评判引入对云计算实例的分析。实际应用表明模型能为云平台安全提供有效的量化和与评估。

关键词: 云计算,安全评估,等级保护,层次分析法,模糊综合评价

Abstract: The security topic in application and development of cloud computing is one of the greatest concerns．Aiming at the requirement of security level quantification in cloud computing service,based on classified protection in our country and learned from the cloud computing risk control and security assessment frameworks designed by European and American institutions,a cloud computing security assessment indexes system was built up through Delphi method,and the weight of each index was calculated with analytic hierarchy process．According to this indexes system,fuzzy comprehensive analysis method was introduced to the evaluation of a cloud computing instance．The case study shows that this model can effectively quantify and assess the security level of cloud platform.

Key words: Cloud computing,Security assessment,Classified protection,Analytic hierarchy process,Fuzzy comprehensive evaluation

姜政伟,赵文瑞,刘宇,刘宝旭. 基于等级保护的云计算安全评估模型[J]. 计算机科学, 2013, 40(8): 151-156. https://doi.org/

JIANG Zheng-wei,ZHAO Wen-rui,LIU Yu and LIU Bao-xu. Model for Cloud Computing Security Assessment Based on Classified Protection[J]. Computer Science, 2013, 40(8): 151-156. https://doi.org/

参考文献

[1] 冯登国,张敏,张妍,等．云计算安全研究[J].软件学报,2011,22(1):71-83
[2] GB/T 22239-2008信息安全等级保护基本要求[S]．2008
[3] 李杨,聂晓伟,杨鼎才．一个基于等级保护的有效风险评估方法[J].计算机应用研究,2005,22(7):39-41
[4] 周元德,董凤翔,胡波.基于等级保护的信息安全风险评估方法[J].铁道工程学报,2006,99(9):89-92
[5] 王升保．信息安全等级保护体系研究及应用[D].合肥:合肥工业大学,2009
[6] 李鑫,李京春,郑雪峰,等．一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7):58-63
[7] 邓平,范科峰,张素兵,等．一种安全操作系统风险评估模型[J].计算机工程,2011,37(9):57-58
[8] 周焕盛,江建慧．一个多维信息安全指标体系及等级保护量化模型[J].中国科学技术大学学报,2012,42(1):67-76
[9] ENISA.Cloud Computing Information Assurance Framework[R].2009
[10] Coucil U S C．Proposed Security Assessment and Authorization for Cloud Computing[R].2010
[11] CSA.CloudControlMatrix[EB/OL].https://cloudsecurityalli-ance.org/research/ccm/
[12] CSA.CloudConsensusAssessmentInitiative[EB/OL].https://cloudsecurityalliance.org/research/cai/
[13] Saripalli P,Walters B.A Quantitative Impact and Risk Assessment Framework for Cloud Security[C]∥Proceedings of IEEE 3rd International Conference on Cloud Computing．2010:280-288
[14] Djemame K,Armstrong D J,Kiran M,et al．A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems[C]∥Proceedings of 2nd International Conference on Cloud Computing,GRIDs,and Virtualization．2011:119-126
[15] Kiran M,Jiang Ming,Armstorng D J,et al．Towards a Service Life-cycle based Methodology for Risk Assessment in Cloud Computing[C]∥Proceedings of 9th International Conference on Dependable,Autonomic and Secure Computing．2011:449-456
[16] 陈晓剑,梁梁．系统评价方法及应用[M].合肥:中国科学技术大学出版社,1993:24-25
[17] 公安部．信息安全等级保护管理办法(试行)．2006
[18] 沈昌祥．云计算安全与等级保护[J].信息安全与通信保密,2012(1):16-17
[19] Linstone H A．The Delphi Method:Techniques and Applications[M].Addison-Wesley,1975:25-30
[20] Brodkin.Gartner:seven cloud-computing security risks[DB/OL].http://www.networkworld.com/news/2008/070208-cloud.html,2008-07-02
[21] ENISA.Cloud computing-benefits risks and recommendationsfor information security[R]．2009
[22] ENISA.Top Threats to Cloud Computing [R]．2009
[23] ENISA.A guide to monitoring of security service levels in cloud contracts[R]．2012
[24] Saaty T L.How to make a decision:The Analytic HierarchyProcess[J].European Journal of Operational Research,1990(48):9-26
[25] Zimmermann H-J．Fuzzy Set Theory and its Applications [M]．Springer,1996:47-91
[26] 程耀东,刘宝旭,孙功星,等．高能物理与云计算[J].核电子学与探测技术,2011,31(11):1189-1194

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed