Security issues see the fragility of cloud computing?

Cloud computing is a hot topic, and for a new concept, a lot of software products and solutions follow. Some enterprises in the assessment of the benefits of cloud, some enterprises in the development of their own characteristics of the cloud, and even some companies have begun to taste the taste of crabs. But from a practitioner's perspective of years of research in the field of security, the current cloud is full of risks and uniquely vulnerable to the entire architecture.

So, what is the cloud in my eyes? With the development of science and technology, the improvement of computer performance and the popularization of the network, the physical computer itself and the logic between each other has become very dynamic, whether the VM (virtual machine) technology or cloud technology are the physical devices to the logic of a form of expression. But the VM (virtual machine) is to narrow the extension, the cloud is to enlarge the extension, we can think of the cloud as a logically independent mainframe computer. A friend with security experience may have the understanding that when debugging a virus we need to be in the VM (virtual machine) so that it does not affect the entire system. This means that when the extension is narrowed, security can be guaranteed. But what is the security of an extended, enlarged cloud? The current cloud does not have a standard security interface specification, and each provider is its own defined connection interface. This situation in fact brings a very large security risks, but also for the future interaction between cloud and cloud caused inconvenience. The

does not have a standardized interface definition that leads to the disorderly development of the existing cloud industry. Just as a single-celled organism evolves into multicellular organisms, there is a complex process of evolution and a large number of discarded branches. I believe most of the problem is that the initial security definition is not strong enough to make the subsequent code framework impossible to modify, or the cost of modification is too great to start over again. We look at the vulnerability of the cloud in real terms:

1, terminal security issues

The end of the cloud is distributed to customers and is the easiest to analyze. To antivirus cloud as an example, if the attacker through the analysis of virus samples submitted by the interactive interface, direct use of the program in multiple computers at the same time to submit a large number of sample files, then the antivirus cloud will not die? Even if the server is strong enough to withstand attacks, what about massive virus samples?

2, security issues between cloud nodes

Most of the cloud nodes are based on a simple trust mechanism. In the case of a network transaction provider, because of the full trust relationship between each node, it is equivalent to completely controlling the entire cloud if one of the nodes is breached. The attack scheme can be used to detect the communication between the nodes and forge the new node to achieve the control purpose. There are many ways to attack, this is only to be seen, the security of the nodes between the serious challenges.

3, security issues between cloud and cloud

There is a problem with a range of connected security protocols and specifications within the group, such as the connectivity of cloud and storage cloud, private cloud and private cloud, private cloud and public cloud connection, instant Service cloud and Computing cloud connection, and so on. After intrusion application cloud, simulate application cloud to the storage cloud replay some packets will not store confusion, private cloud and private cloud how to trust, private cloud and public cloud connection how to guarantee security and so on.

Some of the attack configurations aboveThe interface definition of cloud security is imminent.

There is a lack of security concepts throughout the software industry. In my opinion, to do any software application development, first in the application analysis based on the establishment of a security framework, and then in this security framework for development, rather than just to complete the customer's functional requirements, simply for the function and code. This concerns the infrastructure of the software industry as a whole, and there is no more to repeat. Let's go back to the question of cloud security. First, analyze the underlying elements of cloud security. The core components of the cloud can be divided into cloud nodes, the access side of the cloud, the boundary points of the cloud (inner boundary, outer boundary); The cloud is divided into instant application cloud (front-end service cloud, middle service cloud, storage cloud), computing cloud, and there may be a cloud of primary cloud, cloud, center cloud, Auxiliary cloud, boundary cloud and so on in the future.

Then let's take a look at the simplest security access problem, which is end-to-end security. First access to the?? Authentication allows access to ensure credibility, non-repudiation, and uniqueness. Data transmission to encrypt the channel, decoding the necessary length check and special character filtering. When malicious or malicious attacks can be positioned and blocked, an interactive protocol can be used to establish a similar VPN tunneling process. Communication between nodes of cloud nodes in addition to the security of the above end is available, to increase the necessary level of trust to define (full trust, service trust, application trust, etc.), communication built-in trusted identity (certificate or hardware) receiver definition can be used to identify the type of protocol. Make sure that the qualified content is emitted at the qualified node, while the untrusted or maliciously constructed packets are filtered. The security interface of the cloud boundary can synthesize the security scheme mentioned above, but be careful to make the interaction definition clear and distinguish the security level definitions between the inner and outer bounds. Special attention is given to the fact that, because the application cloud and the computing cloud are different in real time and trust, the computational cloud can use more sophisticated algorithms and security authentication techniques, such as rsa2048 's 5-fold handshake, to ensure that the channel is safe and secure from interception tampering.

When the implementation of a large scale cloud network is completed, it is as if multicellular to functional differentiation of ordinary organisms finally to humans, the beginning of functional specialization development. Finally composed of central core intelligent cloud deployment of a variety of special functions of the exclusive Scatterers resources, of course, this involves the Cloud trust, Cloud management, cloud collaboration and so on a series of issues, left to the expert group to improve and discuss it. Here I look ahead, but also for the cloud security in advance to knock the alarm. Hope that the software industry after the concept of something out of the first to establish a security framework and then industrialization, sincerely hope that Chinese enterprises to jointly set up the first cloud of security interface standards, we together to "first-class enterprise to do the standard" this sentence to encourage each other.