Application analysis of security system for cloud computing concentration

Source: Internet
Author: User
Keywords Cloud

In the author's previous "Cloud computing let security issues become centralized and controllable, related to national competitiveness," Alibaba Group chief technology Officer Dr. Jian and we share the "more secure cloud computing", "cloud computing can help improve national information security level protection" and other views, Next we continue to delve into how cloud computing focuses on security issues and its application in public security video-structured technology.

Security advantages of Centralized management

The PC era is decentralized management, user data is stored on their own computer, the security of user data to a large extent rely on the user's own security awareness and technical level, and most users are very lack of self-protection awareness, so fishing, Trojan rampage, the user's security is a great threat. Cloud era is centralized management, through the calculation of the concentration and optimization of resources, so that multiple applications more efficient sharing of server CPU, memory, storage and network bandwidth, the user's data stored in a cloud environment with professional security personnel protection, hackers commonly used traditional user terminal attacks to lose the threat. In the game with hackers, centralized management makes security more controllable, and security is higher than PC era.

The traditional IDC server hosting only provides a centralized storage place for multiple servers, external attacks can be directed at any one of the servers, security protection is easy to be broken; cloud computing uses cluster technology to connect thousands of servers into a whole, and cloud security protection has overall and group's defense effectiveness. In the case of DDoS attack, the bandwidth and computing resources of a single server can be fixed in the traditional IDC service hosting, and DDoS attacks are easier to succeed when bandwidth, CPU and storage are low. In the vast network bandwidth environment of cloud computing, multiple users dynamically share scalable resources, and DDoS attacks are not easy to implement successfully.

The security challenge and solution of cloud computing

Centralized management brings convenience and brings a series of new security challenges to cloud service providers and users. The core of the research is the security of virtualization technology generated by cloud computing technology and the problem of data protection in multi-tenant environment.

First, take the data isolation requirements of the cloud as an example, cloud computing services support Network is often able to accommodate a large number of the same network segment address of the "sophomore layer" network technology, which makes the cloud service providers not only in the security technology risk to prevent malicious users in the cloud to use this feature to forge a huge amount of intranet traffic caused by network congestion or interruption, And in the risk of security management through the wind control rules to identify cloud malicious users, blocking malicious behavior; Secondly, the cloud data destruction as an example, the hard disk failure in the environment of the data center to account for 80% of the total number of failures. One reason is that the hard disk is the largest number of components, such as a 3000-node cluster has more than 30,000 hard drives, even if the hard disk itself has an average of no fault working time (MTBF) to 1,000,000 hours, 30000 hard drives means that the average of every 33 hours a hard disk failure occurred. As a result, in order to prevent malicious personnel from stealing hard disk to read data, the test of the replacement of the residual data on the disk is completely eliminated and become a daily safe operation of the important link.

Faced with the above cloud typical data isolation and the threat of data destruction, for the former, Aliyun first in the production of cloud server by its production system in accordance with orders automatically to each user's cloud server tag, different users through the data Link layer and Network Layer access control technology composed of security groups to isolate. Second, for the cloud environment malicious users through the production of a large number of ARP traffic to cause the network to face the risk of blocking or interruption, using the above cloud server tag and arptables combined to prevent. Finally, in order to prevent cloud server from being invaded and become an external attack source, an Ethernet firewall (ebtables) is used to isolate the unauthorized access of cloud server to external public network. For the latter, Aliyun not only uses the advanced Qing 0 means to remove data or equipment from the user's request to remove all its data before disposal or resale.

For the cloud computing environment due to a large number of hard disk repair or server scrap may result in data theft risk, the data center fully implement the replacement disk must be eliminated, degaussing record per disk can be checked, degaussing video daily traceability standard operating procedures, enhanced disk degaussing operation video surveillance strategy, Focus on the monitoring operation of the non-repudiation and video monitoring record preservation integrity.

Cloud computing will promote the application of public security video structure technology

Dr Jian that cloud computing is vital to the development of the whole society and that cloud computing will be the most important driving force in traditional industries and emerging industries embracing the Internet, and that cloud security has greatly improved the level of competency in national information security protection. Today, we use cloud computing to illustrate the application of video structure technology in public security system.

Cloud Computing provides a flexible computing capability for real-time analysis and processing of massive public security information generated daily, which makes it possible to extract useful clues from massive amounts of information and to make timely early warning, which is the value of public security data. Talking about the video structure technology in the police science and technology, Dr. Wang thinks the technology is very forward-looking and conforms to the idea of large data. Video is a very important information resource in public Security service. Because of the unstructured characteristics of video data, it is very difficult to manage and utilize the huge amount of video resources. Only by extracting useful structured information from video in real time can the function of video resources be really played.

With the capture problem of a set of cars, it is very difficult to solve the problem of the identification and statistics of the nationwide license sets under the condition of limited computational ability and video recognition ability. The country so many intersections and vehicles, if every day to all the video analysis of the need for huge computational resources, not to mention in addition to vehicles and people, objects, scenes and other needs to be extracted and analyzed. After the incident, temporary transfer machine to build a video analysis center is also very difficult, often need to mobilize a large number of police rely on manual inspection of the way from a huge amount of video resources to find clues, time-consuming consumption is likely to delay the timing of the detection. If there is enough computing resources can be periodically to produce all the video to conduct timely analysis and judgment, to the case before the early warning, the incident quickly after the investigation. Video analysis technology is committed to extract as much accurate information from a single picture, while cloud computing allows the video analysis algorithm to get rid of the pressure of efficiency, can quickly analyze a number of consecutive frames of pictures to obtain more information, so as to make up for the existing video analysis technology deficiencies.

"Video analysis technology is like training a smart police, cloud computing technology can mobilize thousands of police work hard, smart add hard work will be effective." ”

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.