微信服务号

微信订阅号

2025年6月16日 20:28 星期一
首页 > 过刊浏览>2011年第22卷第1期 >71-83. DOI:10.3724/SP.J.1001.2011.03958
PDF HTML阅读 XML下载 导出引用 引用提醒
云计算安全研究
作者:
基金项目:

国家高技术研究发展计划(863)(2007AA120404); 中国科学院知识创新工程项目(YYYJ-1013)


Study on Cloud Computing Security
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [46]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    云计算代表IT 领域向集约化、规模化与专业化道路发展的趋势,是IT 领域正在发生的深刻变革.但它在提高使用效率的同时,为实现用户信息资产安全与隐私保护带来极大的冲击与挑战.当前,安全成为云计算领域亟待突破的重要问题,其重要性与紧迫性已不容忽视.分析了云计算对信息安全领域中技术、标准、监管等各方面带来的挑战;提出云计算安全参考框架及该框架下的主要研究内容;指出云计算的普及与应用是近年来信息安全领域的重大挑战与发展契机,将引发信息安全领域又一次重要的技术变革.

    Abstract:

    Cloud Computing is the fundamental change happening in the field of Information Technology. It is a representation of a movement towards the intensive, large scale specialization. On the other hand, it brings about not only convenience and efficiency problems, but also great challenges in the field of data security and privacy protection. Currently, security has been regarded as one of the greatest problems in the development of Cloud Computing. This paper describes the great requirements in Cloud Computing, security key technology, standard and regulation etc., and provides a Cloud Computing security framework. This paper argues that the changes in the above aspects will result in a technical revolution in the field of information security.

    参考文献
    [1] IBM Blue Cloud Solution (in Chinese). http://www-900.ibm.com/ibm/ideasfromibm/cn/cloud/solutions/index.shtml
    [2] Sun Cloud Architecture Introduction White Paper (in Chinese). http://developers.sun.com.cn/blog/functionalca/resource/sun_ 353cloudcomputing_chinese.pdf
    [3] Barroso LA, Dean J, Holzle U. Web search for a planet: The Google cluster architecture. IEEE Micro, 2003,23(2):22-28 .
    [4] International Telegraph Union (ITU) (in Chinese). http://www.itu.int/en/pages/default.aspx
    [5] Organization for the Advancement of Structured Information Standards (OASIS) (in Chinese). http://www.oasis-open.org/
    [6] Distributed Management Task Force (DMTF) (in Chinese). http://www.dmtf.org/home
    [7] Cloud Security Alliance (in Chinese). http://www.cloudsecurityalliance.org
    [8] Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop—CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7 .
    [9] Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int’l Information Security Conf. Sandton: Springer-Verlag, 2007. 385-396 .
    [10] Goyal V, Pandey A, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Juels A, Wright RN, Vimercati SDC, eds. Proc. of the 13th ACM Conf. on Computer and Communications Security, CCS 2006. Alexandria: ACM Press, 2006. 89-98 .
    [11] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334 . [doi: 10.1109/SP.2007.11]
    [12] Chang YC, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Ioannidis J, Keromytis AD, Yung M, eds. LNCS 3531. New York: Springer-Verlag, 2005. 442-455 .
    [13] Malek B, Miri A. Combining attribute-based and access systems. In: Muzio JC, Brent RP, eds. Proc. IEEE CSE 2009, 12th IEEE Int’l Conf. on Computational Science and Engineering. IEEE Computer Society, 2009. 305-312 .
    [14] Ostrovsky R, Sahai A, Waters B. Attribute-Based encryption with non-monotonic access structures. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 195-203 .
    [15] Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int’l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyu1/file/SecureComm09_AFKP_ABE.pdf
    [16] Hong C, Zhang M, Feng DG. AB-ACCS: A cryptographic access control scheme for cloud storage. Journal of Computer Research and Development, 2010,47(Supplementary issue I):259-265 (in Chinese with English abstract).
    [17] Boneh D, Franklin M. Identity-Based encryption from the Weil pairing. SIAM Journal on Computing, 2003,32(3):586-615 .
    [18] Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
    [19] Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.
    [20] Goh EJ. Secure indexes. Technical Report, Stanford University, 2003. http://eprint.iacr.org/2003/216/
    [21] Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 85-90 . [doi: 10.1145/1655008.1655020]
    [22] Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Titsworth FM, ed. Proc. of the IEEE Computer Society Symp. on Research in Security and Privacy. Piscataway: IEEE, 2000. 44-55 .
    [23] Boneh D, Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. In: Cachin C, Camenisch J, eds. LNCS 3027. Heidelberg: Springer-Verlag, 2004. 506-522 .
    [24] Gentry C. Fully homomorphic encryption using ideal lattices. In: Mitzenmacher M, ed. Proc. of the 2009 ACM Int’l Symp. on Theory of Computing. New York: Association for Computing Machinery, 2009. 169-178 .
    [25] Juels A, Kaliski B. Pors: Proofs of retrievability for large files. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 584-597 .
    [26] Ateniese G, Burns R, Curtmola R. Provable data possession at untrusted stores. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 598-609 .
    [27] Di Pietro R, Mancini LV, Ateniese G. Scalable and efficient provable data possession. In: Levi A, ed. Proc. of the 4th Int’l Conf. on Security and Privacy in Communication Netowrks. Turkey: ACM DL, 2008. http://eprint.iacr.org/2008/114.pdf [doi: 10.1145/ 1460877.1460889]
    [28] Zeng K. Publicly verifiable remote data integrity. In: Chen LQ, Ryan MD, Wang GL, eds. LNCS 5308. Birmingham: Springer-Verlag, 2008. 419-434 .
    [29] Yun A, Shi C, Kim Y. On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 67-76 .
    [30] Schwarz T, Ethan SJ, Miller L. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In: Proc. of the 26th IEEE Int’l Conf. on Distributed Computing Systems. IEEE Press, 2006. 12-12 . [doi: 10.1109/ICDCS.2006.80]
    [31] Wang Q, Wang C, Li J, Ren K, Lou W. Enabling public verifiability and data dynamics for storage security in cloud computing. In: Backes M, Ning P, eds. LNCS 5789. Heidelberg: Springer-Verlag, 2009. 355-370 .
    [32] Roy I, Ramadan HE, Setty STV, Kilzer A, Shmatikov V, Witchel E. Airavat: Security and privacy for MapReduce. In: Castro M, eds. Proc. of the 7th Usenix Symp. on Networked Systems Design and Implementation. San Jose: USENIX Association, 2010. 297-312 .
    [33] Bowers KD, Juels A, Oprea A. Proofs of retrievability: Theory and implementation. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 43-54 . [doi: 10.1145/1655008.1655015]
    [34] Muntés-Mulero V, Nin J. Privacy and anonymization for very large datasets. In: Chen P, ed. Proc of the ACM 18th Int’l Conf. on Information and Knowledge Management, CIKM 2009. New York: Association for Computing Machinery, 2009. 2117-2118 . [doi: 10.1145/1645953.1646333]
    [35] Raykova M, Vo B, Bellovin SM, Malkin T. Secure anonymous database search. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 115-126 . [doi: 10.1145/1655008.1655025]
    [36] Elangop S, Dusseauaetal A. Deploying virtual machines as sandboxes for the grid. In: Karp B, ed. USENIX Association Proc. of the 2nd Workshop on Real, Large Distributed Systems. San Francisco, 2005. 7-12 .
    [37] Raj H, Nathuji R, Singh A, England P. Resource management for isolation enhanced cloud services. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 77-84 . [doi: 10.1145/1655008.1655019]
    [38] Wei J, Zhang X, Ammons G, Bala V, Ning P. Managing security of virtual machine images in a cloud environment. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 91-96 . [doi: 10.1145/ 1655008.1655021]
    [39] Gong L, Qian XL. The complexity and composability of secure interoperation. In: Proc. of the ’94 IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 1994. 190-200 .
    [40] Gong L, Qian XL. Computational issues in secure interoperation. IEEE Trans. on Software and Engineering, 1996,22(1):43-52 . [doi: 10.1109/32.481533]
    [41] Bonatti P, Vimercati SC, Samarati P. An algebra for composing access control policies. ACM Trans. on Information and System Security, 2002,5(1):1-35 . [doi: 10.1145/504909.504910]
    [42] Wijesekera D, Jajodia S. A propositional policy algebra for access control. ACM Trans. on Information and System Security, 2003, 6(2):286-325 . [doi: 10.1145/762476.762481]
    [43] Agarwal S, Sprick B. Access control for semantic Web services. In: Proc. of the IEEE Int’l Conf. on Web Services. 2004. 770-773 .
    [44] Shafiq B, Joshi JBD, Bertino E, GhafoorA. Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. on Knowledge and Data Engineering, 2005,17(11):1557-1577 . [doi: 10.1109/TKDE.2005.185]
    [45] Santos N, Gummadi KP, Rodrigues R. Towards trusted cloud computing. In: Sahu S, ed, USENIX Association Proc. of the Workshop on Hot Topics in Cloud Computing 2009. San Diego, 2009. http://www.usenix.org/events/hotcloud09/tech/full_papers/ santos.pdf
    [46] Sadeghi AR, Schneider T, Winandy M. Token-Based cloud computing: Secure outsourcing of data and arbitrary computations with lower latency. In: Proc. of the 3rd Int’l Conf. on Trust and Trustworthy Computing. Berlin: Springer-Verlag, 2010. 417-429 .
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

冯登国,张敏,张妍,徐震.云计算安全研究.软件学报,2011,22(1):71-83

复制
分享
文章指标
  • 点击次数:30488
  • 下载次数: 61291
  • HTML阅读次数: 0
  • 引用次数: 0
历史
  • 收稿日期:2010-08-26
  • 最后修改日期:2010-11-03
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第20062070位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号