Features of
cloud security
In view of the characteristics of cloud computing service models and resource pools, cloud security inherits the characteristics of traditional information security, and highlights the problems of traditional information security in data management, shared virtual security, and security management. At the same time, it changes the traditional information security service model. include:
1. Shared virtual security
In the cloud computing center, virtualization technology is the most basic and core technology for resource allocation and service provision. Through virtualization technology, different hardware, software, network and other resources are virtualized into a huge resource pool, and the required resources are dynamically provided according to the needs of users. Therefore, the security of virtualization technology is particularly important in the cloud. Virtual machine security In addition to the security issues and privacy leaks caused by traditional virtual machine monitoring programs and malware in virtual machines, the security issues of virtualization technology itself are also very important in the cloud, and many of them The problem did not get people's attention before cloud computing. In the cloud, a physical server usually runs multiple virtual machines and provides services for multiple users. These users share the same physical device, which provides an attacker with the possibility of launching an attack. In addition, the dynamic allocation of resources makes the migration of virtual machines in the cloud a common phenomenon, and migration attacks against virtual machine migration have also become a security issue that cannot be ignored in the cloud. Virtualization security needs to be considered from multiple levels and angles to ensure the virtualization security of cloud computing platforms.
2. The challenge of losing control of data
In cloud computing applications, users store data in remote cloud computing centers and lose physical control of the data. The security and privacy protection of data is completely provided by the cloud computing provider. This feature makes it impossible for cloud computing providers to persuade users to fully trust the cloud even if they declare the security they provide. Compared with the traditional client/server model, users are more dependent on the cloud, and all operations are performed in the cloud. Therefore, in cloud computing, we are faced with the problem of how to enable users to trust the cloud, or still store and calculate under a platform that cannot be fully trusted, and be able to verify whether the data is protected and whether the computing task is performed correctly. Cloud computing centers usually declare to users the security they provide, so that users can use the services they provide with confidence. However, how to verify whether they provide the declared security services is the key for users to trust the cloud. Therefore, through technical means, users can be sure that their data and calculations are safe and confidential, which is of great help in dispelling users' concerns about cloud computing security and privacy issues.
3. Security as a service model
As a new model, cloud computing has brought some new security threats, but it also provides a new way to solve traditional information security and privacy issues. Before cloud computing, a large number of sensitive data was scattered in the network, and many sites did not have good measures to ensure data security, which easily caused data leakage. Using the powerful computing and storage capabilities of cloud computing, security can be provided to users in the form of services (security as a service), enabling customers to use better and more secure services at any time. Security as a service can provide users with services in many aspects such as anti-virus, firewall, security detection and data security, and realize the professionalization and socialization of security services. The cloud security service center can centrally deal with information security related threats by building an information security service platform, and can provide users with good security protection in a timely manner.
The technical core of cloud security
There are six core technologies to realize
cloud security:
(1) Web reputation service. With the help of a full reputation database, Cloud Security can assign reputation scores based on factors such as website pages, historical location changes, and signs of suspicious activity discovered by malware behavior analysis to track the credibility of web pages. Then the technology will continue to scan the website and prevent users from accessing the infected website.
(2) File reputation service. File reputation service technology, it can check the reputation of each file located at the endpoint, server or gateway. The basis for checking includes a list of known benign files and a list of known malicious files.
(3) Behavioral correlation analysis technology. The “correlation technology” of behavior analysis can comprehensively link threat activities and determine whether they are malicious behaviors.
(4) Automatic feedback mechanism. Another important component of cloud security is the automatic feedback mechanism, which realizes uninterrupted communication between the threat research center and technicians in a two-way update stream. Identify various new threats by examining the routing reputation of individual customers.
(5) Threat information summary.
(6) White list technology is uncommon. As a core technology, there is not much difference between whitelist and blacklist (the virus signature technology actually uses the blacklist technical idea), the difference lies only in the scale. The current whitelist is mainly used to reduce the false alarm rate.
Key technologies of
cloud security
Reputation-based security technology supplements the shortcomings of traditional security technology. By collecting samples of anonymous users' usage, it can distinguish whether URI/WEB/mail/files are safe or not. The core of the technology is how to identify whether the URI/WEB/mail/file is safe or not based on the partial usage information of the specified URI/WEB/mail/file. Reputation-based security technology makes full use of multi-party data resources, including anonymous data provided by agents on hundreds of millions of users' computers, data provided by software publishers, and data obtained in data collection projects initiated for large enterprise users. These data will be continuously updated to the reputation engine to determine the security reputation level of each URI/WEB/mail/file. There is no need to scan the URI/WEB/mail/file. From the perspective of technical realization, the globalized information collection and analysis mode of "cloud security" enables the adoption of new defense modes and technologies, which are mainly summarized as follows:
(1) Two-way automatic feedback mechanism. "Cloud computing" anti-malware technology no longer requires the client to retain the characteristics of the malware library, and all information will be stored on the Internet. When terminal users in any corner of the world connect to the Internet, they maintain real-time contact with the "cloud" server. When abnormal behavior or malware and other risks are found, they will be automatically submitted to the "cloud" server group, and the "cloud computing" Technology for centralized analysis and processing. After that, the "cloud computing" technology will generate an opinion on how to deal with risks, and at the same time will uniformly distribute it to clients all over the world. The client can automatically perform operations such as blocking, intercepting, checking and killing. Placing the malware signature database in the "cloud" can not only save the software and hardware resources caused by the continuous proliferation of malware, but also obtain more efficient malware prevention capabilities.
(2) Determine the degree of risk based on the URL address of the resource. "Cloud Security" can collect source information from the entire Internet to determine whether the user's Internet search, access, and application are malicious information. This mode is different from the comparison of virus codes, which are identified by signature codes. Traditional virus code analysis relies on a lot of manual labor, while "cloud security" uses statistical analysis based on historical user feedback to continuously judge the Internet. As long as 1% of users worldwide submit their requirements to the "cloud" server, the global "cloud security" library will implement policy control on the URL access behavior after 15 minutes.
(3) Web reputation service. With the help of the global domain reputation database, the Web reputation service assigns reputation scores based on factors such as website pages, historical location changes, and signs of suspicious activity discovered by malware behavior analysis to track the credibility of web pages. Then the technology will continue to scan the website and prevent users from accessing the infected website. In order to improve accuracy and reduce the rate of false positives, Web reputation services assign reputation scores to specific pages or links on the website, rather than classifying or blocking the entire website, because usually only a part of legitimate websites are attacked. And credibility can change over time. Through the comparison of reputation scores, you can know the potential risk level of a certain website. When a user visits a website with potential risks, he can get system reminders or block in time, thereby helping users quickly confirm the security of the target website. Through the Web reputation service, the source of malicious programs can be prevented. Since the prevention of "zero-day attacks" is based on the credibility of the website rather than the real content, it can effectively prevent the initial download of malicious software, and users can gain protection before entering the network.
(4) Email reputation service. The email reputation service checks IP addresses against a reputation database of known sources of spam, and uses a dynamic service that can assess the reputation of email senders in real time to verify IP addresses. The reputation score is refined through continuous analysis of the counterpart address's behavior, scope of activity, and previous history. According to the sender’s IP address, malicious emails are blocked in the “cloud”, thus preventing web threats such as bots or botnets from reaching the network or the user’s computer.
(5) File reputation service. File reputation service technology can check the reputation of each file located at the endpoint, server or gateway. The basis for inspection includes a list of known benign files and a list of known malicious files, which are now the so-called antivirus signatures. The high-performance content distribution network and local cache server will ensure that the delay time is minimized during the inspection process. Since malicious information is stored in the "cloud", it can reach all users in the network immediately. In addition, this method reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy endpoint space.
(6) Behavioral correlation analysis technology. Use the correlation technology of behavior analysis to comprehensively link the threat activities to determine whether they are malicious behaviors. According to the heuristic point of view, to judge whether a single activity of Web threats is actually a threat, you can check the relationship between different components of potential threats. Research from all over the world will supplement client feedback content, all-weather threat monitoring and attack defense to detect, prevent and eliminate attacks, comprehensively apply various technologies and data collection methods-including honeypots, web crawlers, feedback, and internal research Obtain all kinds of intelligence on the latest threats.
