摘要: |
目前,在新一代大规模互联网迅猛发展的背景下,产生的数据量也随之持续增长,这就导致用户的本地设备难以满足海量数据的存储和计算需求。与此同时,云计算作为一种经济高效且灵活的模式,具有易于使用、随用随付、不受时间和空间限制的优势,彻底改变了传统IT基础设施的提供和支付方式,可以有效解决无限增长的海量信息存储和计算问题。因此,在没有昂贵的存储成本和计算资源消耗的情况下,资源有限的用户可以采用云服务提供商(Cloud Service Provider,CSP)为用户提供所期望的服务。其中,基础设施即服务(Infrastructure as a Service,IaaS)作为云计算的三种服务类型之一,将虚拟化、分布式计算和网络存储等技术结合,可以在互联网上提供和租用计算基础设施资源服务(如计算、存储和网络)。故云计算依靠IaaS层提供的计算基础设施资源,使用户不再需要购买额外设备,从而大大降低使用成本,同时也为上层服务奠定基础。然而,随着云计算服务的不断发展,基于IaaS的安全问题引起人们的关注。为了系统了解IaaS的安全研究进展和现状,本文对IaaS的安全问题以及学术界和工业界的解决方案进行了详细调查。首先,本文介绍IaaS的相关理论基础并对分析不同类型的云安全威胁。然后,从学术界现有研究出发,分析IaaS提供的计算、存储和网络服务中存在的安全威胁,并调查现有的解决方案。此外,对工业界中云服务提供商的IaaS安全服务进行重点调查,包括数据安全、网络防护和其他安全服务等方面。最终,展望未来IaaS云安全在学术和工业环境中的发展趋势。 |
关键词: 云计算 云安全 虚拟化安全 计算机系统安全 数据安全 |
DOI:10.19363/J.cnki.cn10-1380/tn.2022.09.04 |
投稿时间:2021-09-13修订日期:2021-12-16 |
基金项目:本课题得到国家重点研发计划(No.2021YFB2501100);国家自然科学基金资助项目(No.41571426);武汉市应用基础研究计划项目(No.2017010201010114)资助。 |
|
Survey on IaaS Cloud Security |
OUYANG Xue, XU Yanyan
|
(State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing, Wuhan University, Wuhan 430079, China) |
Abstract: |
At present, a new generation of large-scale Internet is emerging at breakneck speed. The amount of data generated continues to expand, making it difficult for local storage devices of users to keep up with the need for vast data storage and computing. In the meantime, cloud computing offers the advantages of being easy to use, pay-as-you-go, and free from time and space constraints. It has fundamentally changed the way traditional IT infrastructure is provisioned and paid for, and it is capable of effectively resolving the problem of infinite growth in massive data storage and computing. As a result, users with limited resources can employ cloud service providers (CSPs) to provide cloud computing services without incurring high storage costs or computational resource consumption. In particular, Infrastructure as a Service (IaaS), one of three cloud computing service models, enables the provision and rental of computing infrastructure resource services (such as compute, storage, and network) over the Internet by combining technologies such as virtualization, distributed computing, and network storage. Thus, IaaS is dependent on the computing infrastructure resources given by the IaaS layer to eliminate the need for users to purchase additional equipment, significantly reducing the cost of use, while also serving as the basis for higher-layer services. However, as cloud computing services continue to grow, IaaS-based security issues are causing concern. To systematically study the present state of security research in IaaS, this paper provides a detailed survey of security challenges in IaaS and solutions in academia and industry. Firstly, this paper introduces the theoretical foundations of IaaS and analyzes various types of cloud security threats. Then, the current research from academics is then utilized to analyze the security risks in the compute, storage, and network services provided by IaaS and to study the existing solutions. In addition, the IaaS security surveys of cloud service providers in the industry are explored, and finally, the direction of future research is discussed. |
Key words: cloud computing cloud security Infrastructure as a Service virtualization security data security |