基于等级保护的云计算安全评估模型

Abstract

Abstract: The security topic in application and development of cloud computing is one of the greatest concerns．Aiming at the requirement of security level quantification in cloud computing service,based on classified protection in our country and learned from the cloud computing risk control and security assessment frameworks designed by European and American institutions,a cloud computing security assessment indexes system was built up through Delphi method,and the weight of each index was calculated with analytic hierarchy process．According to this indexes system,fuzzy comprehensive analysis method was introduced to the evaluation of a cloud computing instance．The case study shows that this model can effectively quantify and assess the security level of cloud platform.

Key words: Cloud computing,Security assessment,Classified protection,Analytic hierarchy process,Fuzzy comprehensive evaluation

JIANG Zheng-wei,ZHAO Wen-rui,LIU Yu and LIU Bao-xu. Model for Cloud Computing Security Assessment Based on Classified Protection[J].Computer Science, 2013, 40(8): 151-156.

References

[1] 冯登国,张敏,张妍,等．云计算安全研究[J].软件学报,2011,22(1):71-83
[2] GB/T 22239-2008信息安全等级保护基本要求[S]．2008
[3] 李杨,聂晓伟,杨鼎才．一个基于等级保护的有效风险评估方法[J].计算机应用研究,2005,22(7):39-41
[4] 周元德,董凤翔,胡波.基于等级保护的信息安全风险评估方法[J].铁道工程学报,2006,99(9):89-92
[5] 王升保．信息安全等级保护体系研究及应用[D].合肥:合肥工业大学,2009
[6] 李鑫,李京春,郑雪峰,等．一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7):58-63
[7] 邓平,范科峰,张素兵,等．一种安全操作系统风险评估模型[J].计算机工程,2011,37(9):57-58
[8] 周焕盛,江建慧．一个多维信息安全指标体系及等级保护量化模型[J].中国科学技术大学学报,2012,42(1):67-76
[9] ENISA.Cloud Computing Information Assurance Framework[R].2009
[10] Coucil U S C．Proposed Security Assessment and Authorization for Cloud Computing[R].2010
[11] CSA.CloudControlMatrix[EB/OL].https://cloudsecurityalli-ance.org/research/ccm/
[12] CSA.CloudConsensusAssessmentInitiative[EB/OL].https://cloudsecurityalliance.org/research/cai/
[13] Saripalli P,Walters B.A Quantitative Impact and Risk Assessment Framework for Cloud Security[C]∥Proceedings of IEEE 3rd International Conference on Cloud Computing．2010:280-288
[14] Djemame K,Armstrong D J,Kiran M,et al．A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems[C]∥Proceedings of 2nd International Conference on Cloud Computing,GRIDs,and Virtualization．2011:119-126
[15] Kiran M,Jiang Ming,Armstorng D J,et al．Towards a Service Life-cycle based Methodology for Risk Assessment in Cloud Computing[C]∥Proceedings of 9th International Conference on Dependable,Autonomic and Secure Computing．2011:449-456
[16] 陈晓剑,梁梁．系统评价方法及应用[M].合肥:中国科学技术大学出版社,1993:24-25
[17] 公安部．信息安全等级保护管理办法(试行)．2006
[18] 沈昌祥．云计算安全与等级保护[J].信息安全与通信保密,2012(1):16-17
[19] Linstone H A．The Delphi Method:Techniques and Applications[M].Addison-Wesley,1975:25-30
[20] Brodkin.Gartner:seven cloud-computing security risks[DB/OL].http://www.networkworld.com/news/2008/070208-cloud.html,2008-07-02
[21] ENISA.Cloud computing-benefits risks and recommendationsfor information security[R]．2009
[22] ENISA.Top Threats to Cloud Computing [R]．2009
[23] ENISA.A guide to monitoring of security service levels in cloud contracts[R]．2012
[24] Saaty T L.How to make a decision:The Analytic HierarchyProcess[J].European Journal of Operational Research,1990(48):9-26
[25] Zimmermann H-J．Fuzzy Set Theory and its Applications [M]．Springer,1996:47-91
[26] 程耀东,刘宝旭,孙功星,等．高能物理与云计算[J].核电子学与探测技术,2011,31(11):1189-1194

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Model for Cloud Computing Security Assessment Based on Classified Protection

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 0

Metrics

Comments

Recommended 0