Information security experts: Trusted technology is an important way to realize cloud security

The cloud era needs to match the security solution. Single-point, passive traditional security solutions can not meet the cloud computing virtual, dynamic, heterogeneous environment. It is based on such considerations, the tide in the 2014 "Inspur World" wave technology and Application Summit announced the launch of cloud Host Security product solutions, based on a trusted server, through the construction of trusted servers, virtualization security, operating system consolidation to the application of container security integrity of the "chain of trust" to achieve complete, Proactive security.

"Kind" doesn't solve new problems.

The current situation of China's security protection is still inclined to kind, firewall, intrusion detection, anti-virus. "National informatization Advisory Committee member, Chinese Academy of Engineering academician Shen in the Tide Inspur World Assembly Cloud data Center security Sub-Forum said that the development of cloud security lags far behind cloud computing and large data development."

Member of national informatization Expert Advisory Committee, academician of Chinese Academy of Engineering Shen

There is a new security risk in the cloud data center compared to traditional data centers. These risks include new technologies and application patterns. For example, rootkit attacks on virtualization, once breached will ripple across the business system, not only a single server exposure to the risk, the implementation of virtualized data and resources will have a joint risk.

In addition, traditional security threats are magnified in the cloud era, and cloud computing platforms are a common platform for running a wide variety of network applications, which can also pose different security threats. The most dangerous and covert advanced persistent threat attacks (APT) have also targeted cloud data centers, using cloud hosts with a large number of critical business data, through the link layer, network layer, system layer, Application layer (WEB, database, etc.).

So what kind of security is needed in the cloud era?

Building a "trust chain" based on trusted computing

"Trusted computing has changed the traditional ' blocking kill ' and other ' passive response ' protection mode, forming ' active defense ' ability to meet the security needs of cloud data center. "Shen has pointed out the direction for cloud security, and from the application effect," has proved that trusted computing is a feasible and effective network security technology and management measure for many kinds of domestic computer equipment and operating system. ”

Trusted computing is the calculation of the security at the same time, the calculation of the whole can be measured controllable, not disturbed. It has the functions of identity identification, state measurement and confidential storage. The core idea is to build a complete chain of trust by establishing the parallel structure of compute resource node and trusted protection node in hardware, starting from platform power-adding, to application execution.

A complete chain of trust is one of the most important links in trusted computing. Professor Shundeqing of the Computer Institute of Huazhong University of Science and Engineering points out: "In cloud system security construction, we need to analyze the dynamic complexity characteristics of cloud system, and study the trust model, trust base, trust metrics and judgment for the complex trust relationship of massive entities." "To achieve the overall credibility of the architecture, operational behavior, resource allocation, data storage, and policy management."

Professor Shundeqing, Huazhong University of Computer Science

The advantage of building a trust chain is that, in terms of security technology, it extends the trusted computing from stand-alone to virtualization and distributed settlement, which ensures the controllability of various behaviors in the cloud data center, moreover, the integrity, confidentiality and usability of cloud host system in data processing and business operation can also be fully ensured. And from management measures, The Cloud Host security system uses the white list mechanism, has established the strict admittance system, and in runs the first level measurement level, the level trust level, thus realizes the cloud computing management controllable and the security.

Building a complete trust chain based on trusted computing is the only way to solve the security of the cloud era. Wave Cloud Host Security product solutions are the timing of the timing of the coming. Cai, deputy general manager of the Information Security division of the Wave group, said: "The wave cloud Host Security product solution is based on a trusted server, building link firmware, virtual host, virtual operating system and the soft and hard integration of upper application" Trust chain ', its bottom is autonomous controllable, the middle is credible, the upper level is flexible security services, and the establishment of normal security management mechanism. "Trusted computing, the scheme also incorporates security technologies such as operating system hardening, virtualization hardening, virtual network control, and other new risks such as the traditional attacks on cloud hosts and the ' Guest os mirroring ', ' tenant attacks ' and ' virtual machine tampering '.

Dr. Cai, deputy general manager of Information Security Division, Wave Group

China needs independent and controllable cloud security

Cloud security is more important to China. Because the security risk not only comes from the cloud computing itself, but also comes from our country lacks the independent control right in the Cloud Data center key system and the equipment, lacks the credible, the controllable safe operation environment. Shen explains, "This result is vulnerable to ' heart bleed ' vulnerabilities, system paralysis and even targeted attacks, such as security threats." It can be imagined that once carrying the important information about the livelihood of the system by external forces malicious attacks, and even become the target of cyber warfare, its consequences will be disastrous. ”

In the Cloud security field, the wave-represented company has effectively promoted the application of trusted computing technology, has achieved the international TPM2.0 standard version, as well as the Chinese commercial password standard algorithm SM2,SM3 and SM4 in the cloud computing practical application, drives the entire cloud data center security industry chain development process.