计算机科学 ›› 2017, Vol. 44 ›› Issue (7): 16-20.doi: 10.11896/j.issn.1002-137X.2017.07.003
王文娟,杜学绘,王娜,单棣斌
WANG Wen-juan, DU Xue-hui, WANG Na and SHAN Di-bin
摘要: 目前安全问题已经成为阻碍云计算推广和发展的巨大障碍,云计算环境特有的数据和服务外包、虚拟化、多租户和跨域共享等特点使得其面临的安全威胁相比传统IT环境更复杂多样,对安全审计技术也提出了更高的要求。首先分析了云计算环境下安全审计面临的主要挑战,提出云环境下的安全审计参考框架,从用户维、业务维、数据维、设施维等4个维度上对云环境进行全方位的“体检”。然后针对不同维度,围绕日志审计、存储审计、配置审计3个方面的研究进行了评述,以期为我国未来云计算安全审计的发展研究提供有益的参考。
| [1] MELL P,GRANCE T.NIST Definition of Cloud Computing,Sp.Publication 800-145.2011.http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf. [2] The Notorious Nine:Cloud Computing Top Threats in 2013[EB/OL].http://www.cloudsecurityalliance.org/group/top-threats. [3] LibVMI.http://github.com/libvmi/ libvmi. [4] LUO J Z,JIN J H,SONG A B,et al.Cloud computing:architecture and key technologies[J].Journal on Communications,2011,32(7):3-21.(in Chinese) 罗军舟,金嘉晖,宋爱波,等.云计算:体系架构与关键技术[J].通信学报,2011,32(7):3-21. [5] FENG C S,QIN Z G,YUAN D.Techniques of Secure Storage for Cloud Data[J].Chinese Juounal of Computer,2015,38(1):150-163.(in Chinese) 冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,38(1):150-163. [6] CHEN Y R.Research on User Behavior Authentication and Security Control in Cloud Computing[D].Beijing:University of Science and Technology Beijing,2012.(in Chinese) 陈亚睿.云计算环境下用户行为认证与安全控制研究[D].北京:北京科技大学,2012. [7] FENG D G,ZHANG M,ZHANG Y,et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83.(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,2(1):71-83. [8] LUNA G J,LANGENBERG R,SURI N.Benchmarking cloudsecurity level agreements using quantitative policy trees [C]∥ACM Workshop on Cloud Computing Security Workshop.2012:103-112. [9] SHETTY S.Auditing and Analysis of Network Traffic in Cloud Environment[C]∥IEEE Ninth World Congress on Services.2013:235-258. [10] BIRNBAUM Z,LIU B,DOLGIKH A,et al.Cloud Security Auditing Based on Behavioral Modeling[J].International Journal of Business Process Integration & Management,2013,7(2):268-273. [11] GANJALI A,LIE D.Auditing Cloud Administrators Using Information Flow Tracking[C]∥Proceedings of the 7th ACM Workshop on Scalable Trusted Computing.2012:79-84. [12] WANG X,ZHANG J,WANG M,et al.CDCAS:A Novel Cloud Data Center Security Auditing System[C]∥IEEE International Conference on Services Computing.IEEE,2014:605-612. [13] BIRK D,WEGENER C.Technical Issues of Forensic Investigations in Cloud Computing Environments[C]∥IEEE Sixth International Workshop on Systematic Approaches To Digital Forensic Engineering.IEEE,2011:1-10. [14] ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores[C]∥ACM Conference on Computer and Communications Security.ACM,2007:598-609. [15] ATENIESE G,PIETRO R D,MANCINI L V,et al.Scalable and Efficient Provable Data Possession[C]∥Proceedings of the 4th International Conference on Security and Privacy in Communication Networks.ACM,2008:1-10. [16] JUELS A,KALISKI B S.Pors:proofs of retrievability for large files[C]∥ACM Conference on Computer and Communications Security.ACM,2007:584-597. [17] WANG C,CHOW S S M,WANG Q,et al.Privacy-PreservingPublic Auditing for Secure Cloud Storage[J].IEEE Transactions on Computers,2013,2009(2):362-375. [18] WANG Q,WANG C,LI J,et al.Enabling Public Verifiabilityand Data Dynamics for Storage Security in Cloud Computing[C]∥European Conference on Research in Computer Security.Sprin-ger-Verlag,2009:355-370. [19] ZHU Y,WANG H,HU Z,et al.Dynamic audit services for integrity verification of outsourced storages in clouds[C]∥Proc.of the 2011 ACM Symposium on Applied Computing(SAC).2011:1550-1557. [20] KAI H,CHUANHE H,JINHAI W,et al.An Efficient PublicBatch Auditing Protocol for Data Security in Multi-cloud Sto-rage[C]∥Chinagrid Conference.IEEE Computer Society,2013:51-56. [21] YANG K,JIA X.An Efficient and Secure Dynamic AuditingProtocol for Data Storage in Cloud Computing[J].IEEE Transa-ctions on Parallel & Distributed Systems,2013,24(9):1717-1726. [22] HE K,HUANG C H,WANG X M,et al.Aggregated privacy-preserving auditing for cloud data integrity[J].Journal on Communications,2015,6(10):119-132.(in Chinese) 何凯,黄传河,王小毛,等.云存储中数据完整性的聚合盲审计方法[J].通信学报,2015,6(10):119-132. [23] BLEIKERTZ S,SCHUNTER M.Security audits of multi-tiervirtual infrastructures in public infrastructure clouds[C]∥Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop.New York:ACM Press,2010:93-102. [24] BLEIKERTZ S.Automated Security Analysis of Infrastructure Clouds[J].Institutt for Telematikk,2010,18:113-122. [25] DOELITZSCHER F,FISHER C,MOSKAL D,et al.Validating Cloud Infrastructure Changes by Cloud Audits[C]∥Services.2012:377-384. [26] DOELITZSCHER F,REICH C,KNAHL M,et al.An agentbased business aware incident detection system for cloud environments[J].Journal of Cloud Computing,2012,1(1):1-19. [27] MADI T,MAJUMDAR S,WANG Y,et al.Auditing Security Compliance of the Virtualized Infrastructure in the Cloud:Application to OpenStack[C]∥ACM Conference on Data and Application Security and Privacy.ACM,2016:195-206. |
| No related articles found! |
|
||
首页