摘要: |
数据所有权和控制权的分离对云中的程序和数据构成了严重的安全威胁,因此,云计算的可信性是决定其推广和普及程度的关键。本文认为,云计算资源管理机制对云计算可信性具有关键的影响作用;在此认识基础上,本文首先从资源安全管理机制本身及其实现的脆弱性两大方面分析了国内外的相关研究现状;然后,经分析得出,与普通网络环境相比,"共享与隔离"及"安全和性能"这两个矛盾在云计算环境中更为突出,且这两者的完美解决更加依赖于计算体系结构和计算模式的创新;最后,为有效提升云计算可信性,提出了云计算资源安全管理机制应优先着重关注的五个方面问题,并给出了相应思考。 |
关键词: 可信云 资源管理 脆弱性 计算体系结构 计算模式 |
DOI:10.19363/j.cnki.cn10-1380/tn.2018.03.06 |
投稿时间:2017-09-19修订日期:2018-01-13 |
基金项目:本课题得到国家自然科学青年基金(NO.61702552)、国家重点研发计划(NO.YFB0801300)、国家自然科学青年基金(NO.61402464)、国家高技术研究发展计划863项目"面向可信第三方的云平台可信评测技术及系统"(NO.2015AA016001)资助。 |
|
Research On the Resource Security Management Mechanism for Trusted Cloud Computing |
LI Baohui,LI Bin,REN Wang,YANG Guang,WANG Yongtao,DU Yuge,ZHANG Peng |
Chinese Information Technology Securiry Evaluation Center, Department of System Evaluation, Beijing 100085, China;National Engineering Laboratory Of Information Security Technologies, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China |
Abstract: |
The separation of data ownership and control constitutes a serious security threat to programs and data in cloud. Therefore, the credibility of cloud computing determines its spread and popularity. For the major impact on the trustworthiness of cloud computing influenced by resource management mechanisms, this paper firstly analyses the research status at home and abroad from the from the two aspects of the resource management mechanism itself and its realization vulnerabilities. Then, we come to conclusion that the two contradictions, "sharing and isloating" and "security and performance", are more prominent in cloud computing environment, comparing with common network environment. And, the perfect solution for the contradictions depends more on the innovation of the computing architecture and computing model. Finally, in order to effectively enhance the credibility of cloud computing, we proposed that five aspects of virtualization resource security management mechanism should be paid more attention to. |
Key words: trusted cloud computing resource management mechanism vulnerability computing architecture computing model |