Discussion on cloud security under the technology of virtualization

In recent years, cloud computing is a very popular research field, in fact, it is not a new technology, but a lot of technology integration, including distributed computing, dynamic and expansion of a variety of technology algorithms, and virtualization is the most important technology in cloud computing.

Cloud security is a key and challenging problem that cloud computing technology has been further developed and widely used, through the network of a large number of clients to the Internet software behavior anomaly monitoring to get the latest information of Trojan Horse, malicious program, pushed to the cloud server side for automatic analysis and processing, Then the virus and Trojan solution distributed to each client. It uses the cloud computing processing mechanism, can calculate the network threat location on the Internet, before the network threat to the network to block, real-time detection and timely protection.

Virtualization technology is the introduction of virtual layer between software and hardware, for the application to provide an independent operating environment, shielding hardware platform dynamic, distribution, diversity, and so on, supporting the sharing of hardware resources and reuse, and for each user to provide a separate, isolated computer environment, while facilitating the entire system of software and hardware resources efficient, dynamic management and maintenance.

The application of virtualization technology to cloud security, this approach to some extent, reduce the "cloud security" enterprise hardware costs and management costs, to some extent, improve the "cloud security" technology security.

At present, some operators, powerful enterprises and large government information centers, after several years of construction has been preliminarily built the infrastructure that is the service (IaaS) cloud, many units have gradually transferred non-core business to the cloud platform, The shift in core business is slow due to concerns about data leaks or disruption of data centers and cloud platforms. Because of the introduction of virtualization technology, the traditional method of dividing the network boundary is broken, which makes the traditional security technology can't achieve effective security protection. If the hypervisor is hijacked, security vulnerabilities can lead to a threat to the platform, and, more seriously, to install on a host-based operating system partition or virtual machine management program, the traditional security tools fail to identify the threat in time, and if the threat occurs on those large-scale virtualization platforms, the consequences of the danger can be imagined. Cloud or infrastructure based services, or software-based services, and so on, are mostly virtualized to achieve, often through virtualization to form the cloud.

Gartner's assessment analysis data also shows that the most common security risks in data center virtualization projects are:

1. Information security measures are not introduced at the initial stage of the virtualization project;

2, the risk of virtualization will lead to all of its upper system risk;

3, the virtualization layer of data leakage can lead to all managed applications data leakage;

4. Lack of adequate control over administrative access to management procedures/vmm and management tools;

5, Network and security control of the responsibility to share potential loss.

Therefore, the security and confidentiality of remote data, the risk of access, and privacy and reliability are the problems that users use in cloud computing for government and enterprise users who build IT environments based on virtualized cloud platform architecture, Users need a complete set of security solutions to provide continuous protection for both virtual and physical environments and to meet their compliance checks. And as the cloud computing market continues to grow, more hardware and software manufacturers to invest more research efforts, a healthy, green cloud computing system is maturing.

Strategies and methods for "cloud security" based on virtualization technology:

1, the realization of virtualization technology system architecture

Blue Shield Bdcss (cloudsec-station) cloud computing Security Platform network connectivity is based on distributed Virtual Switch technology, supporting open source technology Openvswitch. In the Xen virtualization platform, traditionally, its internal network is mainly composed of virtual network card and Virtual bridge, which provides the mechanism to communicate between virtual machine bridging entity network and virtual machine, and the introduction of Virtual Switch technology can bring more hypervisor function to control the whole virtual network structure.

2. Systematic Security Solutions

Provides a systematic security solution for virtualized cloud data centers, including firewalls, intrusion detection, auditing, and vulnerability scanning, BDCSS, etc. to ensure the security of the server's applications and data in physical, virtual, and cloud environments. BDCSS has advanced features, based on the Blue Shield Smart Security framework "Dynamic Cube", can provide the cloud and virtualized environment active defense, automatic security, and multi-layer linkage response, in a low-cost, high return, the traditional data center security policy to extend to the cloud platform.

3. Virtualization approach to servers to improve resource utilization

Server consolidation is merging the original stand-alone server application through VMM (Virtual Machine Manager) onto the same physical server. After the server takes virtualization technology, the service process can be transparently migrated between multiple physical machines, can make full use of the idle resources in the server, improve the flexibility of the service through dynamic resource allocation, enhance the resource utilization of the server, and enhance the computing ability of the server. Be able to pass the heat, Reduce the cost of space and power consumption, reduce the management cost of the server, simplify the operation and maintenance of the server, be able to update the system in time and not interrupt the user, and protect the quality and security of the business.

4. Virtual machine mirroring management and VS vulnerability scanner to remove certain security risks

Because the virtualization software itself has a simple backup restore function, can be used in the system under normal circumstances, through simple operation to quickly restore the system to any previous normal state. However, because of the potential security vulnerabilities of previous backups, the administrator may inadvertently forget to patch or upgrade the system, thereby being threatened by malware.

If we were to deploy virtualization or make a virtual migration, during or after taking full account of these virtualization technology factors, the vulnerability scanning of virtual devices to the internal external client VM Vulnerability Scanning, web vulnerability scanning, weak password scanning and other vulnerability detection, it is possible to successfully implement virtual infrastructure migration, Advance security management planning to ensure the security of virtualization management.

5. Re-standardize administrator permissions to prevent virtualization files from being stolen

stored in the remote cloud in the heart of the data, the user can not through physical control, logic control, and other ways to control the access to data, there may be such a risk, cloud computing platform provider's Superuser user rights users may be the enterprise's data to view and modify. And while many virtual machines are running on physical servers, these virtual server administrators tend to take over the management of virtualized network environments, which means that administrators have an increased level of authority and need to redesign and clarify their responsibilities. In addition to clarifying the responsibilities of the administrator, using the VM Service console and virtual management console to authenticate the identity of users, achieve user access rights and access records management security features, can significantly reduce the illegal identity of users access to virtualized files.

6, data encryption, communication encryption, firewall technology, the formation of a virtual platform to protect the depth

If an attacker were able to break a client virtual machine, other clients running on the same physical host could also be compromised because they shared the same operating environment. Therefore, it is necessary to ensure the security of the data in the cloud system by means of dynamic encryption, that is, encrypt the data itself. At the same time, through the cloud Platform system communication transmission encryption, establishes the secure VPN transmission channel, and unifies the traditional firewall technology external security isolation, avoids the hacker attack, realizes the data encryption, guarantees the transmission security privacy and so on, strengthens the physical server and the virtual Host security. In case of one of the virtualization layer or network level problems, because the data is stored in encrypted, it can provide more security for data.

In short, the cloud computing industry has huge market prospects, the development of cloud security provides more possibilities for the security of Internet in the network era, it will be the trend of market development in the future, we need to take advantage of it and evade its disadvantage, combine virtualization technology with cloud security technology, realize cloud security in full sense, Only security is guaranteed to break user concerns, to make cloud computing faster and deeper, and to make every user a contributor to identifying security threats while enjoying the convenience of cloud computing.