Li Jian: Cloud Security Risk and Trusted Security Architecture

& nbsp; December 12, 2012 Cloud World Congress was held in the "cloud @ security" scene, Professor Li Jian from Beijing University of Technology from the University Point of view, sharing the insights on cloud security from the perspective of scholarly research.

The following is a live speech Record:

Good afternoon everyone, we are colleges and universities, colleges and universities are concerned about all the hot issues that are happening, but also concerned about the country's key issues in some very important areas of industry. Today I would like to share with you a few questions, one is the security risk of cloud computing, the other is the requirement of building cloud computing facilities in key departments, and the third is the security architecture of trusted cloud computing systems.

Cloud computing security risks

This picture is a synopsis that shows several different modes of the cloud. We see that the cloud should make a big visual change to services and computing, so with the management of services and with your own management, we can see the dynamic virtualization resources we provide that are delivered over the network Ways to service the form presented to the user. This is a very good thing. You do not need to know where things are and do not need to know the details of the existence of resources, this method is also very safe. But we run into a problem, management and service responsibilities of these things are transferred to the service side, this time your data migrate to your vision, which is more trouble. Many problems of safety are caused by this characteristic.

In the past, if there were some situations in many units, no matter what the issue was, as long as they did not know anybody else, no major leak occurred. But now that your thing is out of your sight, you do not have a concept that can trust your own people. So, this trust problem is more serious, you have to rely on certain rules, this is a big change.

Another point is resource virtualization. Resource virtualization is a very good thing, it can generate some virtual resources on demand, dynamically adjust some resources, you can achieve the migration of resources. This is a good feature, but at this point we will see something that is resource-based virtualization software that is very flexible. But there are two problems, from the name is very clear, virtualization, it does not have a physical boundary. At this point we can see that many of the security barriers formed by the physical boundaries were weakened, which caused many other problems. Virtualization brings many benefits, and the virtual security boundaries of virtual resources are weaker. This is also a big issue.

There are a lot of security risks about the cloud. We just talked about two points. One is that data has lost control over your field of vision. The other is the weakening of the border guard capability caused by virtualization. This is a problem that deserves our attention.

A brief list of sources of risk. Cloud dealers are unbelievably trustworthy to any one customer and this is a source of risk. We have to deal with the security of resources, privacy protection and so on. At present, these things are a factor that hinder the development of the cloud. There are many untrustworthy and unreliable voices that make us dare to develop the cloud in large numbers.

In addition, regulations are missing in this area. These tasks can only be made more difficult by serving only limited responsibilities on the part of the service providers and meeting them only with limited capacity. You may have to rely on a limited service capability to serve them, so the problem becomes more difficult.

Construction Requirements for Cloud Computing Facilities in Key Departments

In fact, we also see another point, according to statistics, it should be said that our country in the cloud of these key contexts tend to virtualize. There are many things that have been externalized and are no longer in your hands. At the time of actual implementation, these tools are not yet available to us. This is not autonomy. This phenomenon has become very serious. Therefore, in an important department, the management of information which principles we should follow, this is a very serious matter. Academician Shen Changxiang brought some proposals with other colleagues from Beigong University at the level of national requirements.

First, important departments, government departments, important industries that affect the operation of the country, and important industries that affect social life are all important departments. The construction of their cloud facilities must comply with certain requirements of our country. This is a mandatory provision. Because many of these data are related to confidential information or other information.

Second, when we complete the protection requirements, there are so few according to the existing standards. First, to construct a secure environment for the demand, and second, to have safe virtual boundaries. All of these elements should be run under the unified management of the Security Management Center. A high-level information system, its security design must be composed of these elements. When we believe it, we have to do is to build a protective environment, your hardware into a credible document. According to a national earlier standard, 17859 requirements, we have specific criteria in the construction of some standards, to build some specific details.

Trusted cloud computing system security architecture

Trusted assurance points, to establish a credible environment in the system, to monitor the behavior of the application system. Because in the cloud environment, many tenants in the same environment, what behavior we have to do dynamic monitoring. We emphasize that in the future not blind analysis of behavior, but will be based on some statement of behavior to analyze his behavior.

In fact, there is a real-time exploration of ideas, we are doing now but no mature experience. We must adhere to the correct line and proceed from reality. This is a basic requirement. How to manage the technology platform, how to implement the program, although maintaining the original system functions and structure. Something in front is not missing, what is being done now, what is behind is missing, and we have some norm of construction. We talk about the system requirements of the equipment, the system as a whole to make money later, more than 50% of the problems will be in management and service level. How to do these things? Now is in the exploration stage, there is no standard. So you have to be clear to the user's own requirements, not to say that you entrust the service after you have no responsibility, out of the question is you, in the end what the requirements must be clear, and can be enumerated, not general Tell me what are the requirements, and require that these requirements be verified by some means, so that you enumerate something that someone can give you protection, and it is best to prove that.

Service providers to understand the boundaries of your use of services can be done to what extent, to have the appropriate qualifications, these things have gradually established. For now, we have the product certification, but the overall assessment of qualification we are doing. I hope all enterprises should actively explore service standards and provide some practical experience for establishing such norms in the future.

The architecture will basically have a management center, a trusted computing environment, a trusted technology boundary, and a trusted network to connect to the environment outside. This is a natural match with our current cloud environment. This is a topic that we have in the cloud.

From a specific structure, it can be said that this is just a suggestion. We are still one such element, one is supported by the Security Management Center, a credible computing environment, a credible regional network, there are credible technical boundaries. First of all, in an independent computing environment, we hope to verify whether it has not been overridden by others since the start-up, and there is no risk at all. After this verification, the software is not rewritten, it can guide it. Then it will check whether the operating system has been destroyed, if not destroyed, so gradually establish a credible computing environment, the credible transmission, and finally to the service side. At work, the application service should first confirm that its computing environment is not the one I need because you are remotely on top of the cloud, you do not know who is going to access this thing, and if it is corrupted, you have to have method validation Destruction happened.

Through the trusted network to ensure that all devices in the security environment are of identity, we need to confirm the identity, through credible verification. Then there is a security policy that contains the general security and trustworthiness of the authorization issue. The first requirement is that we must meet the requirements of level protection. All major cloud constructions the country faces will assume some important tasks. They must go to the building and must pass this inspection. The specific implementation of the time, credible, controllable, manageable is the fundamental, if not at all, the basic inspection of all our facilities, although all the equipment are up to standard, but the entire system may be a problem. The basic system to follow T250 standards.

In doing so overall, an important issue is service and management, which needs to be developed. The principle is based on national conditions, active practice, and gradually improve, this is a gradual process. thank you all!

(Editor: Lu light)