计算机科学 ›› 2017, Vol. 44 ›› Issue (3): 3-9.doi: 10.11896/j.issn.1002-137X.2017.03.002
杨璐,叶晓俊
YANG Lu and YE Xiao-jun
摘要: 为了在云环境下安全地交互各种云数据服务,存储这些服务生成或处理的敏感性数据,云服务提供商应提供多种类型的安全加密机制。相比于传统IT环境,由于云用户和云服务供应商之间的所有权不同,各种云计算服务模式(基础设施即服务、平台即服务、软件即服务)在加密服务中产生了大量密钥,使得密钥的管理和使用变得更为复杂。明确了云环境中的密钥类型、可能的状态、基本的管理功能及通用安全要求,讨论了3种典型云服务模式中密钥管理安全功能的架构方案,并从密钥管理服务互操作性需求方面给出了密钥管理互操作相关应用系统的架构和功能设想。
[1] LIU F,TONG J,MAO J,et al.NIST Cloud Computing Reference Architecture:NIST SP 500-292[S].National Institute of Standards and Technology,2011. [2] THOTA K,BURGIN K.Key Management Interoperability Pro-tocol Specification v1.2[S].OASIS,2015. [3] 陈兴蜀,左晓栋,闵京华,等.信息安全技术云计算服务安全指南:GB/T 31167-2014[S].北京:中国标准出版社,2014. [4] CHANDRAMOULI R,IORGA M,CHOKHANI S.Secure CloudComputing [M].Springer New York,2014:1-30. [5] GLEESON S,ZIMMAN C.PKCS#11 Cryptographic Token Interface Base Specification v2.40[S].OASIS,2015. [6] BARKER E.Recommendation for Key Management-Part 1:General (Revision 4):SP800-57[S].National Institute of Standards and Technology,2015. [7] BALL M V,HIBBARD E.Standard for Key Management Infrastructure for Cryptographic Protection of Stored Data:IEEE P1619.3[S].2009. [8] Information technology-Security techniques-Key management-Part1:Framework:ISO/IEC11770[S].Tampa,Florida (USA):ISO/IEC JTC 1/SC 27,2010. [9] WONG M S.Current Data Security Issues of NoSQL Databases[DB/OL].[2014].https://www.fidelissecurity.com/files/NDFInsightsWhitePaper.pdf. [10] BARKER E,BRANSTAD D,CHOKHANI S,et al.Cryptog-raphic Key Management Workshop Summary[DB/OL].http://csrc.nist.gov/publications/nistir/ir7609/nistir-7609.pdf. [11] BARROSO J M D,AGUILAR L J, GUNDN P G,et al.Digital Enterprise and Information Systems[M].Springer Berlin Heidelberg,2011:691-702. [12] MELL P,GRANCE T.The NIST definition of cloud computing[J].Communications of the ACM,2011,3(6):50. [13] FERNADES D A B,SOARES L F B,GOMES J V,et al.Security issues in cloud environments:a survey[J].International Journal of Information Security,2014,13(2):113-170. [14] JANSEN W A.Cloud hooks:Security and privacy issues in cloud computing[C]∥2011 44th Hawaii International Conference on System Sciences (HICSS).IEEE,2011:1-10. [15] LEI S,DAI Z S,GUO J D.Research on key management infrastructure in cloud computing environment[C]∥2010 9th International Conference on Grid and Cooperative Computing (GCC).IEEE,2010:404-407. [16] RAMGOVIND,SUMANT,ELOFF M M,et al.The management of security in cloud computing[C]∥Information Security for South Africa (ISSA),2010.IEEE,2010:1-7. [17] SO,KUYORO.Cloud computing security issues and challenges[J].International Journal of Computer Networks,2011,3(5):247-255. [18] HASHIZUME K,ROSADO D G,FEMANDEZ E B,et al.An analysis of security issues for cloud computing[J].Journal of Internet Services and Applications,2013,4(1):1-13. [19] BHARDWAJ S,JAIN L,JAIN S.Cloud computing:A study of infrastructure as a service (IAAS)[J].International Journal of engineering and information Technology,2010,2(1):60-63. [20] BONIFACE M,NASSER B,PAPAY J,et al.Platform-as-a-service architecture for real-time quality of service management in clouds[C]∥2010 Fifth International Conference on Internet and Web Applications and Services (ICIW).IEEE,2010:155-160. [21] SOARES L F B,FERNANDES D A B,GOMES J V,et al.Cloud security:state of the art[M]∥Security,Privacy and Trust in Cloud Systems.Springer Berlin Heidelberg,2014:3-44. [22] VAQUERO,LUIS M,LUIS R M,et al.Locking the sky:a survey on IaaS cloud security[J].Computing,2011,91(1):93-118. [23] JANSEN,WAYNE,GRANCE T.Guidelines on security andprivacy in public cloud computing[J].NIST special publication,2011,0(144):10-11. [24] MELL,PETER,GRANCE T.Effectively and securely using the cloud computing paradigm[J].NIST,Information Technology Laboratory,2009:304-311. [25] BERNSTEIN,DAVID,VIDOVIC N,et al.Cloud PAAS for high scale,function,and velocity mobile applications-with reference application as the fully connected car[C]∥2010 Fifth International Conference on Systems and Networks Communications (ICSNC).IEEE,2010:117-123. [26] TAKABI,HASSAN,JOSHI J B D.Security and privacy challenges in cloud computing environments[J].IEEE Security & Privacy,2011,8(6):24-31. [27] KRUTZ,RONALD L,VINES R D.Cloud security:A comprehensive guide to secure cloud computing[M].Wiley Publishing,2010. [28] JU J,WANG Y,FU J,et al.Research on key technology in SaaS[C]∥2010 International Conference on Intelligent Computing and Cognitive Informatics.IEEE,2010:384-387. [29] DESHMOKH A P,QVRESHI R.Transparent Data Encryption-Solution for Security of Database Contents[J].International Journal of Advanced Computer Science & Applications,2011,2(3). [30] LUO J Z,JIN J H,SONG A B,et al.Cloud computing:architecture and key technologies[J].Journal of China Institute of Communications,2011,32(7):3-21. [31] HU J,KLEIN A.A benchmark of transparent data encryption for migration of Web applications in the cloud[C]∥Eighth IEEE International Conference on Dependable,Autonomic and Secure Computing,2009(DASC’09).IEEE,2009:735-740. [32] BRENDER,NATHALIE,MARKOV I.Risk perception and risk management in cloud computing:Results from a case study of Swiss companies[J].International Journal of Information Management,2013,33(5):726-733. [33] ASHKTORAB,VAHID,TAGHIZADEH S R.Security threats and countermeasures in cloud computing[J].International Journal of Application or Innovation in Engineering & Management (IJAIEM),2012,1(2):234-245. [34] ADAMSON,GRAN,WANG L H,et al.The state of the art of cloud manufacturing and future trends[C]∥ASME 2013 international manufacturing science and engineering conference collocated with the 41st North American manufacturing research conference.American Society of Mechanical Engineers,2013:V002T02A004-V002T02A004. [35] LUO W J,X M.Attribute-based encryption and re-encryption key management in cloud computing[J].Journal of Computer Applications,2013,33(10):2832-2834.(in Chinese) 罗文俊,徐敏.云环境下的基于属性和重加密的密钥管理[J].计算机应用,2013,33(10):2832-2834. [36] KULKARNI,GAURAV,et al.A security aspects in cloud computing[C]∥2012 IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS).IEEE,2012:547-550. [37] BAMIAH,MERVAT,et al.Cloud implementation security cha-llenges[C]∥2012 International Conference on Cloud Computing Technologies,Applications and Management (ICCCTAM).IEEE,2012:174-178. [38] VAQUERO,LUIS M,LUIS R M,et al.Locking the sky:a survey on IaaS cloud security[J].Computing,2011,91(1):93-118. [39] IBRAHIM,AMANI S,HAMLYN-HARRIS J H,et al.Emer-ging security challenges of cloud virtual infrastructure[C]∥APSEC 2010 Cloud Workshop.Sydney,Australia,2010. [40] COSTANZO,ALEXANDRE D,et al.Harnessing cloud techno-logies for a virtualized distributed computing infrastructure[J].Internet Computing,IEEE,2009,13(5):24-33. [41] DOMINIK B,WEGENER C.Technical issues of forensic investigations in cloud computing environments[C]∥2011 IEEE Sixth International Workshop on Systematic Approaches to Di-gital Forensic Engineering (SADFE).IEEE,2011:1-10. [42] JAYASINGHE,DEEPAL,et al.Expertus:A generator approachto automate performance testing in IaaS clouds[C]∥2012 IEEE 5th International Conference on Cloud Computing (CLOUD).IEEE,2012:115-122. [43] ASTROVA,IRINA,KOSCHEL A,et al.IaaS Platforms:How Se-cure are They[C]∥2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).IEEE,2016:843-848. [44] BHATNAGAR,YATHARTH,SARWESH S,et al.DBMS as a Cloud Service[J].(IJCSIT) International Journal of Computer Science and Information Technologies,2014,5(3):3052-3054. [45] KONSTANTINOU,IOANNIS,et al.On the elasticity of nosql databases over cloud management platforms[C]∥Proceedings of the 20th ACM International Conference on Information and Knowledge Management.ACM,2011:2385-2388. [46] GIESSMANN A,STANOEVSKA-SLABEVA K.Business mo-dels of platform as a service (PaaS) providers:current state and future directions[J].JITTA:Journal of Information Technology Theory and Application,2012,13(4). [47] RODERO-MERINO L,VAQUERO L M,CARON E,et al.Building safe PaaS clouds:A survey on security in multitenant software platforms[J].Computers & Security,2012,31(1):96-108. [48] VAQUERO,LUSI M,LUIS R M,et al.Dynamically scaling applications in the cloud[J].ACM SIGCOMM Computer Communication Review,2011,41(1):45-52. [49] LIU Z H,WANG Y H,LIN R H.A novel development andanalysis solution to PaaS log by using CouchDB[C]∥2012 3rd IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC).IEEE,2012:251-255. [50] AHMED M.Trust enhanced security in SaaS cloud computing[R].Deakin University,2013. [51] ZHONG C,ZHANG J,XIA Y,et al.Construction of a trusted SaaS platform[C]∥2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE).IEEE,2010:244-251. [52] FABIO B,CORRADI A,FOSCHINI L.Database security ma-nagement for healthcare SaaS in the Amazon AWS Cloud[C]∥2012 IEEE Symposium on Computers and Communications (ISCC).IEEE,2012:000812-000819. [53] PARK N.Secure data access control scheme using type-based re-encryption in cloud environment[M]∥Semantic Methods for Knowledge Management and Communication.Springer Berlin Heidelberg,2011:319-327. |
No related articles found! |
|