The advent of cloud computing has made it possible for public clients to obtain Low-cost, high-performance, fast-deployment and sea-quantified computing services. But just as a new thing brings us benefits, as well as problems, cloud computing, while bringing us economies of scale and high application usability benefits, also determines its core technical features (virtualization, resource sharing, distribution, etc.) that have a natural hidden danger in its security. For example, when data and information are stored in a "cloud" of uncertainty in the physical location, how is service security, data security, and privacy security ensured? Are these problems threatening the information security of individuals, businesses and countries? How does the availability of the business in virtualized mode guarantee? Therefore, cloud security research has become one of the most important research topics in cloud computing application development, and has received more and more attention.
1 implication and research direction of cloud security
The so-called cloud security, mainly contains two aspects of the meaning. The first is the security of the cloud itself, also known as cloud computing safety, including cloud computing application system security, cloud computing application services security, cloud Computing user information security, Cloud computing security is the basis for the healthy and sustainable development of cloud computing technology; The second is to provide and deliver security in the form of cloud, which is the , also known as Secure cloud computing, is a security solution based on cloud computing that uses cloud computing technology to enhance the service effectiveness of security systems, such as the cloud-based anti-virus technology, horse-mounted detection technology, and so on.
For cloud security, there are three main research directions. The first is cloud computing security, the main research how to protect the cloud itself and its various applications of security, including cloud computing platform system security, user data security storage and isolation, user access authentication, information transmission security, network attack protection, compliance audit, etc. the second is the cloud of security infrastructure settings, This paper mainly studies how to use cloud computing technology to build new integrating security infrastructure resources and optimizing security protection mechanism, including constructing super large-scale security event and information collection and processing platform through cloud computing technology, realizing the collection of massive information, the correlation analysis, the promotion of the whole network security situation control and the risk controlling ability, etc. third, cloud security services, The main research is based on cloud computing platform to provide customers with security services, such as anti-virus services. This paper focuses on the research and discussion of cloud computing security.
Research progress of 2 cloud security
Currently, the most active organization for cloud security research is the Cloud Security Alliance (Csa:cloud). As the industry's more recognized cloud Security Research Forum, CSA released a security practice manual for cloud computing services on December 17, 2009 ——— The Cloud Computing Security Guide, which summarizes the mapping between cloud computing's technology architecture model, security control model, and related compliance models, as shown in Figure 1.
Fig. 1 The mapping of cloud model, security control and compliance model proposed by CSA
Based on the cloud security control model proposed by CSA, the security of the cloud depends first on the classification of the cloud services, followed by the security architecture deployed on the cloud, as well as the business, regulatory and other compliance requirements. The gap between the two parts of the analysis, you can output the entire "cloud" security status, and how to relate to the security requirements of assets.
The March 2010 Cloud Security Alliance also published its latest research in cloud security ——— The seven security threats to cloud computing, which were widely cited and recognized as follows:
• Cloud computing abuse, misuse, denial of service attacks
• Unsafe interfaces and APIs
• Malicious internal staff
• Issues arising from shared technology
• Data Disclosure
• Account and Service hijacking
• Unknown security scenario
According to the technical viewpoints proposed by CSA, some international organizations and institutions such as CAM (Common assurance Metric Beyond Cloud), Microsoft and the domestic NSFocus, etc. also carried on a series of exploration in cloud security field, such as cloud computing security technology Framework Research, Cloud Security technology Solutions research. With regard to the cloud computing security technology framework, the currently approved model is shown in Figure 2.
As you can see from Figure 2, for different cloud service patterns
Figure 2 Cloud computing Security Technology framework
(IaaS, PaaS, SaaS), security concerns are different. There are, of course, some of these three patterns that are common, such as data security, encryption and key management, identity and access control, security incident management, business continuity, and so on.
(1) IaaS Layer Security
IaaS covers all the infrastructure resource levels from the machine room to the hardware platform, it includes the ability to abstract resources and deliver a physical or logical network connection to these resources, the ultimate state being that the IaaS provider provides a set of APIs that allow users to manage infrastructure resources and other forms of interaction. IaaS Layer Security mainly includes physical security, host security, network security, virtualization security, interface security, as well as data security, encryption and key management, identity and access control, security incident management, business continuity and so on.
(2) PaaS Layer Security
PaaS, located above IaaS, adds a layer from IaaS to integrate with application development frameworks, middleware capabilities, and functions such as databases, messages, and queues. PAAs allows developers to develop applications on the platform, developing programming languages and tools provided by PAAs. The security of the PaaS layer mainly includes interface security, operation Security, data security, encryption and key management, identity and access control, security incident management, business continuity and so on.
(3) SaaS Layer Security
SaaS, located above the IaaS and PAAs, provides a separate running environment to deliver a complete user experience, including content, presentation, application, and management capabilities. The security of the SaaS layer is primarily application security, including data security, encryption and key management, identity and access control, security incident management, business continuity, and so on.