云安全研究进展综述

doi:10.3969/j.issn.0372-2112.2013.02.026

摘要/Abstract

摘要： 随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.

关键词: 云计算, 机密性, 数据完整性, 访问控制, 公开认证, 可信性, 虚拟机安全性

Abstract: With the development of cloud computing in the academia and industry,it is inevitable that many security problems arise.This paper summarizes the security requirements of cloud computing,which not only cover the traditional security requirements like confidentiality,data integrity,access control and identity authentication,but also introduce new security requirements in the credibility,configuration and virtual machinery.We make conclusions about the security situations on two typical cloud computing products:Amazon Web Services and Windows Azure and elaborate two attack mechanisms against cloud computing:Denial of service attack and Side channel attack.Based on the security requirements and attacks against cloud computing,we systematically summarize the current security protection mechanisms and further make a comparison among them.

Key words: cloud computing, confidentiality, data integrity, access control, public verifiability, credibility, security of virtual machine

中图分类号:

TP391.41

俞能海, 郝卓, 徐甲甲, 张卫明, 张驰. 云安全研究进展综述[J]. 电子学报, 2013, 41(2): 371-381.

YU Neng-hai, HAO Zhuo, XU Jia-jia, ZHANG Wei-ming, ZHANG Chi. Review of Cloud Computing Security[J]. Acta Electronica Sinica, 2013, 41(2): 371-381.

参考文献

[1] M Armbrust,A Fox,R Griffith,et al.A view of cloud computing[J].Commun ACM,2010,53(4):50-58.

[2] B Hayes.Cloud computing[J].Commun ACM,2008,51(7):9-11.

[3] 冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,22(1):71-83. Feng DG,Zhang M,Zhang Y,Xu Z.Study on cloud computing security[J].Journal of Software,2011,22(1):71-83.(in Chinese)

[4] L Popa,M Yu,et al.Cloud police:taking access control out of the network [A].Hotnets'10.ACM 2010[C].New York:ACM,2010.1-6.

[5] F Hao,TV Lakshman,S Mukherjee,and HY Song.Secure cloud computing with a virtualized network infrastructure[A].The 2nd USENIX Conference on Hot Topics in Cloud Computing[C].Boston,Massachusetts,2010.1-7.

[6] J Oberheide,E Cooke,F Jahanian.Cloudav:N-version antivirus in the network cloud[A].Proceedings of the 17th Conference on Security Symposium[C].Berkeley,CA,USA:USENIX Association,2008.91-106.

[7] J Oberheide,K Veeraraghavan,E Cooke,J Flinn,and F Jahanian.Virtualized in-cloud security services for mobiledevices .Proceedings of the First Workshop on Virtualization in Mobile Computing .New York,USA:ACM,2008.31-35.

[8] R Chow,M Jakobsson,R Masuoka,Jlina,Y Niu,E Shi,Z Song.Authentication in the clouds:a framework and its application to mobile users [A].Proceedings of the 2010 ACM Workshop on Cloud computing Security Workshop[C].New York,USA:ACM,2010.1-6.

[9] G Portokalidis,P Homburg,K Anagnostakis,H Bos Paranoid Android:versatile protection for smartphones [A].In Proceedings of the 26th Annual Computer Security Applications Conference [C].ACM,New York,NY,USA:ACM,2010.347-356.

[10] 吴吉义,傅建庆,平玲娣,谢琪.一种对等结构的云存储系统研究[J].电子学报,2011,38 (5):1100-1107. Wu Ji-yi,Fu Jian-qing,Ping Ling-di,Xie Qi.Study on the P2P cloud storage system[J].Acta Electronica Sinica,2011,38(5):1100-1107.(in Chinese)

[11] P Gilbert,B G Chun,L P Cox,and J Jung.Vision:Automated security validation of mobile apps at app markets [A].The second International Workshop on Mobile Cloud Computing and Services [C].ACM,2011.21-26.

[12] L Martignoni,R Paleari,D Bruschi.A Framework for behavior-based malware analysis in the cloud [A].Fifth International Conference on Information Systems Security [C].2009.178-192.

[13] C K Wang,P Zou,Z Liu,J M Wang.CS-DRM:A cloud-based SIM DRM scheme for mobile internet[J].EURASIP J Wirel Commun Netw,2011,14(1):22-30.

[14] P Zou,C K Wang,Z Liu,D L Bao.Phosphor:A cloud based DRM scheme with sim card .12th International Asia-Pacific .2010.459-463.

[15] Amazon Web Services. [EB/OL].http://aws.amazon.com/,2012-10-07.

[16] Windows Azure. [EB/OL].http://www.microsoft.com/windowsazure/,2012-10-07.

[17] A Hudic,S Islam,P Kieseberg,and E RWeippl.Data Confidentiality using fragmentation in cloud computing[J].Int J Communication Networks and Distributed Systems,2012,1(3/4):1-10.

[18] D Slamanig.Efficient schemes for anonymous yet authorized and bounded use of cloud resources[J].Lecture Notes in Computer Science,2012:73-91.

[19] M R Asghar,M Ion,G Russello,B Crispo.Securing data provenance in the cloud[J].Lecture Notes in Computer Science,2012:145-160.

[20] Gentry.Fully Homomorphic Encryption using ideal lattices [A].STOC '09 [C].New York,NY:ACM,2009.169-178.

[21] MV Dijk,C Gentry,S Halevi,V Vaikuntanathan.Fully Homomorphic encryption over the Integers [A].In EuroCrypt'10 [C].Springer 2010.24-43.

[22] C Gentry.A fully Homomorphic Encryption Scheme .Ph D Thesis,Stanford University,2009.

[23] SG Sutar,GA Patil.Privacy management in cloud by making use of Homomorphic functions[J].International Journal of Computer Applications,2012.37(2)13-16.

[24] D Song,D Wagner,A Perrig.Practical techniques for searches on encrypted data .In Proc of IEEE Symposium on Security and Privacy .2000.

[25] R Curtmola,J A Garay,S Kamara,R Ostrovsky.Searchable symmetric encryption:improved definitions and efficient constructions .In Proc of ACM CCS'06 .2006.

[26] D Boneh,G D Crescenzo,R Ostrovsky,G Persiano.Public key encryption with keyword search .In Proc of EUROCRYP'04 .2004.

[27] M Bellare,A Boldyreva,A O'Neill.Deterministic and efficiently searchable encryption[J].In Proceedings of Crypto of LNCS:Springer-Verlag,2007(4622).

[28] J Li ,Q Wang,C Wang,N Cao,K Ren,W Lou.Fuzzy keyword search over encrypted data in cloud computing .In IEEE INFOCOM'10,Mini-Conference .NJ:IEEE Press,Piscataway,2010.441-445.

[29] C Wang,N Cao,J Li,K Ren,W Lou.Secure ranked keyword search over encrypted cloud data .In ICDCS 2010 .Washington,DC:IEEE Computer Society,2010.253-262.

[30] N Cao,C Wang,M Li,K Ren,and W J Lou.Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data .31st International Conference on Distributed Computing Systems(ICDCS) .2011.393-402.

[31] Amazon.Amazon Simple Storage Service .http://aws.amazon.com/s3/,2012-10-07.

[32] Amazon.Amazon Elastic Block Storage .http://aws.amazon.com/ebs/,2012-10-07.

[33] Nirvanix Cloud.Why Nirvanix .http://www.nirvanix.com/company/why-nirvanix.aspx,2011-10-12/2012-10-09.

[34] Kleiminger M .Stream processing in the cloud .London:Imperial College,2010.

[35] Kleiminger M,Kalyvianaki E,et al.Balancing load in stream processing with the cloud .IEEE 27th International Conference on Data Engineering Workshops .Germany:IEEE Press,2011.16-21.

[36] Du J,Wei W,et al.RunTest:assuring integrity of dataflow processing in cloud computing infrastructures .In Proc 5th ACM Symposium on Information,Computer and Communications Security .New York:ACM Press,2010.293-304.

[37] Du J,Gu X,et al.On verifying stateful dataflow processing services in large-scale cloud systems .Proceedings of the 17th ACM Conference on Computer and Communications Security .New York:ACM Press,2010.672-674.

[38] Du J,Shah N et al.Adaptive data-driven service integrity attestation for multi-tenant cloud systems .IEEE 19th International Workshop on Quality of Service .New York:IEEE Press,2011.1-9.

[39] Ateniese G,Burns R,et al.Provable data possession at untrusted stores .Proceedings of the 14th ACM Conference on Computer and Communications Security .New York:ACM Press,2007.598-609.

[40] Wang C,Wang Q et al.Privacy-preserving public auditing for data storage security in cloud computing .InfoCom 2010 Proceeding .San Diego:IEEE Press,2010.1-9.

[41] Hao Z,Zhong S,Yu N Y.A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability[J].IEEE Transactions on Knowledge and Data Engineering,September 2011,23(9):1432-1437.

[42] Yu S C,Wang C,et al.Achieving secure,scalable,and fine-grained data access control in cloud computing .InfoCom 2010 Proceedings .San Diego:IEEE Press,2010.1-9.

[43] Wang G,Liu Q,et al.Hierarchical attribute-based encryption for fine-grained access control in cloud storage services .Proceedings of the 17th ACM Conference on Computer and Communications Security .New York:ACM Press,2010.735-737.

[44] Hong C,Zhang M,et al.Achieving efficient dynamic cryptographic access control in cloud storage[J].Journal of China Institute of Communications,2011,32(7):125-132.

[45] Chow SSM,Chu C K,et al.Dynamic secure cloud storage with provenance[J].Lecture Notes in Computer Science,2012,6805:442-464.

[46] Tsai CS,Lee CC,et al.Password authentication schemes:Current status and key issues[J].International Journal of Network Security,2006,3(2):101-115.

[47] ISO/IEC 9594-8:2001,Information technology–Open Systems Interconnection–The Directory:Public-key and attribute certificate frameworks[S].

[48] Yan L,Rong C,et al.Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography[J].In Cloud Computing of Lecture Notes in Computer Science,2009,5931:167-177.

[49] Li H,Dai Y,et al.Identity-based authentication for cloud computing[J].In Cloud Computing of Lecture Notes in Computer Science,2009,5931:157-166.

[50] Bertino E,Paci F,et al.Privacy-preserving digital identity management for cloud computing .Bulletin of the IEEE Computer Society Technical Committee on Data Engineering .New York:IEEE Press,2009.21-27.

[51] Hao Z,Zhong S,Yu N H.A time-bound ticket-based mutual authentication scheme for cloud computing[J].International Journal of Computers,Communications & Control,2011,6(2):227-235.

[52] Li W J,Ping L D.Research on trust management strategies in cloud computing environment[J].Journal of Computational Information Systems,2012,8(4):1757-1763.

[53] Song H,Zhang B,et al.A credibility model of web service on internet[J].Advances in Intelligent and Soft Computing,2012,136:533-540.

[54] GroβS,Schill A.Towards user centric data governance and control in the cloud .Lecture Notes in Computer Science,2012,7039:132-144.

[55] Amazon.Amazon Elastic Compute Cloud .http://aws.amazon.com/ec2/,2012-03-15/2012-10-08.

[56] Bleikertz S,Schunter M,et al.Security audits of multi-tier virtual infrastructures in public infrastructure clouds .Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop .New York:ACM Press,2010.93-102.

[57] Laurikainen R.Improving the efficiency of deploying virtual machines in a cloud environment .Finland :Aalto University,Programme of Computer Science and Engineering,2012.

[58] Zhao HM.A study on architecture of private cloud based on virtual technology .Lecture Notes in Electrical Engineering,2012,vol.126:155-165.

[59] Deboosere L,Vankeirsbilck B,et al.Efficient resource management for virtual desktop cloud computing[J].The Journal of Supercomputing,2012,vol.62:741-767.

[60] Peng C Y,Kim M,et al.Virtual machine image distribution network for cloud data centers .IEEE International Conference on Computer Communications(INFOCOM 2012) .Orlando,IEEE Press,2012.181-189.

[61] Azab A M,Ning P,et al.HyperSentry:enabling stealthy in-context measurement of hypervisor integrity .Proceedings of the 17th ACM Conference on Computer and Communications Security .New York:ACM Press,2010.38-49.

[62] Wei J P,Zhang X L.Managing security of virtual machine images in a cloud environment .In Proceedings of the 2009 ACM Workshop on Cloud Computing Security .New York:ACM Press,2009.91-96.

[63] Bugiel S,Nürnberger S,et al.AmazonIA:when elasticity snaps back .In Proceedings of the 18th ACM Conference on Computer and Communications Security .New York:ACM Press,2011.389-400.

[64] Amazon SimpleDB .http://aws.amazon.com/simpledb/,2012-03-15/2012-10-08.

[65] Amazon Web Services:Overview of Security Processes.http://aws.amazon.com/,2008-09/2012-10-08.

[66] Liu H.A new form of DOS attack in a cloud and its avoidance mechanism .Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop .New York:ACM Press,2010.65-76.

[67] Ristenpart T,Tromer E,et al.Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds .Proceedings of the 16th ACM Conference on Computer and Communications Security .New York:ACM Press,2009.199-212.

[68] Okamura K,Oyama Y.Load-based covert channels between Xen virtual machines .In Proceedings of the 2010 ACM Symposium on Applied Computing .New York:ACM Press,2010.173-180.

[69] FIPS PUB 197:2001,Advanced Encryption Standard(AES)[S]

[70] Rivest R L,Shamir A.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of the ACM,1978,21(2):120-126.

[71] Cooney M.New technology performs calculations on encrypted data without decrypting it .http://www.computerworld.com/s/article/9134823/,2009-06-25.

[72] Li M,Yu SC,et al.Authorized private keyword search over encrypted data in cloud computing .In ICDCS,2011 .USA:IEEE Press,2011.383-392.

[73] Boldyreva A,Chenette N,et al.Order-preserving symmetric encryption[J].EUROCRYPT 2009(A.Joux,ed.)of Lecture Notes in Computer Science,2009,5479:224-241.

[74] Wong WK,Cheung DW,et al.Secure KNN computation on encrypted databases .In Proc of SIGMOD .SIGMOD Press,2009.139-152.

[75] Goldreich O.Foundations of cryptography[M].Cambridge Univ.Press,2004.1-320.

[76] Okamoto Takashima K.Hierarchical predictate encryption for inner-products[J].In Advances in Cryptology-ASIACRYPT of LNCS ,2009,5912:214-231.

[77] Deswarte Y,Quisquater J J.Remote integrity checking .In Sixth Working Conference on Integrity and Internal Control in Information Systems .Kluwer Academic Publishers,2004.1-11.

[78] Filho DLG ,Barreto PSLM.Demonstrating data possession and uncheatable data transfer[J].Cryptology ePrint Archive,2006,Report 2006/150:1-9.

[79] Sebe F,Domingo-Ferrer J,et al.Quisquater.efficient remote data possession checking in critical information infrastructures[J].IEEE Trans on Knowledge and Data Engineering,2008,20:1034-1038.

[80] Curtmola R,Khan O,et al.MR-PDP:Multiple-replica provable data possession .ICDCS'08 .USA:IEEE Press,2008.411-420.

[81] Wang Q,Wang C,et al.Enabling public verifiability and data dynamics for storage security in cloud computing[J].14th European Symposium on Research in Computer Security, 2009,5789:355-370.

[82] Zhu Y,Wang H,et al.Efficientprovable data possession for hybrid clouds[J].Cryptology ePrint Archive,Report 2010/234:1-3.

[83] Hao Z,Yu NH.A multiple-replica remote data possession checking protocol with public verifiability .The Second International Symposium on Data,Privacy,& E-Commerce(ISDPE),2010 Second International Symposium .USA:IEEE Press,2010.84-89.

[84] Chang E C ,Xu J.Remote integrity check with dishonest storage server[J].13th ESORICS,2008,5283:223-237.

[85] Chen B,Curtmola R,et al.Remote data checking for network coding-based distributed storage systems .In CCSW '10:Proceedings of the 2010 ACM workshop on Cloud computing security workshop .New York:ACM Press,2010.31-42.

[86] Curtmola R,Khan O,et al.Robust remote data checking .In StorageSS'08:Proceedings of the 4th ACM international workshop on Storage security and survivability .New York:ACM Press,2008.63-68.

[87] Wang C,Wang Q,et al.Ensuring data storage security in cloud computing .In Quality of Service,2009.IWQoS.17th International Workshop .Chicago:IEEE Press,2009.1-9.

[88] Diffie W ,Hellman ME.New directions in cryptography[J].IEEE Transactions in Information Theory,1976,22(6):644-654.

[89] Goodrich M.T.,Tamassia R,et al.Implementation of an authenticated dictionary with skip lists and commutative hashing .DARPA Information Survivability Conference and Exposition II .USA:DARPA Information Survivability Conference Press,2001.68-82.

[90] Papamanthou C,Tamassia R,et al.Authenticated hash tables .Proceedings of the 15th ACM conference on Computer and communications security .New York:ACM Press,2008.437-448.

[91] C.Merkle R.Protocols for public key cryptosystems[J].Proc.1980 Symposium and Privacy,1980,122-134.

[92] Boneh D,Lynn B,et al.Short signatures from the weil pairing[J].ADVANCES IN CRYPTOLOGY—ASIACRYPT 2001,2001,2248:514-532.

[93] D.Bowers K,Juels A,et al.HAIL:a high-availability and integrity layer for cloud storage .In CCS'09:Proceedings of the 16th ACM Conference on Computer and Communication Security .New York:ACM Press,2009.187-198.

[94] Sandhu R S,Coyne E J,et al.Role-based access control models[J].Computer,1996,29(2):38-47.

[95] F.Ferraiolo,D, Sandhu R,et al.Proposed NIST standard for role-based access control[J].ACM Trans Inf Syst Secur,2001,4(3):224-274.

[96] Goyal V,Pandey O,et al.Attribute-based encryption for fine-grained access control of encrypted data .Proceedings of the 13th ACM conference on Computerand communications security .New York:ACM Press,2006.89-98.

[97] Blaze M,Bleumer G,et al.Divertible protocols and atomic proxy cryptography[J].Lecture Notes in Computer Science,1998,1043:127-144.

[98] Kallahalla M,Riedel E,et al.Plutus:Scalable secure file sharing on untrusted storage .In Proceedings of the 2nd USENIX Conference on File and Storage Technologies .Berkeley:USENIX Association Press,2003.29-42.

[99] Green M,Hohenberger S,et al.Outsourcing the decryption of ABE ciphertexts .In Proceedings of the 20^th USENIX Security Symposium .San Francisco:USENIX Association Press,2011.1-16.

[100] Gamal T E.A public key cryptosystem and a signature scheme based on discrete logarithms[J].CRYPTO,1985,196:10-18.

[101] Liu Q,Tan C C,et al.Reliable re-encryption in unreliable clouds . Proceedings of GLOBECOM 2011 .USA:IEEE Press,2011.1-5.

[102] Gentry C,Silverberg A.Hierarchical id-based cryptography[J].Advances in Cryptology—Asiacrypt 2002,2002,2501:149-155.

[103] Bethencourt J,Sahai A,et al.Ciphertext-Policy attribute-Based encryption .IEEE Symposium on Security and Privacy .USA:IEEE Press,2007.321-334.

[104] Plouffe C R,Hulland J S,et al.Research report:Richness versus parsimony in modeling technology adoption decisions–understanding merchant adoption of a smart card-based payment system[J].Information Systems Research,2001,12(2):208-222.

[105] Wang C,Zhou Y.A collaborative monitoring mechanism for making a multitenant platform accountable .HotCloud'10 Proceedings of the 2nd USENIX conference on Hot topics in cloud computing .Berkeley:USENIX Association Press,2010.18-18.

[106] Haeberlen A,Aditya P,et al.Accountable virtual machines .Proceedings of the 9th USENIX conference on Operating systems design and implementation .Berkeley:USENIX Association Press,2010.1-16.

[107] Murray D G,Milos G,et al.Improving Xen security through disaggregation .VEE '08 Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments .New York:ACM Press,2008.151-160.

[108] Dai W,Jin H,et al.TEE:a virtual DRTM based execution environment for secure cloud-end computing .CCS '10Proceedings of the 17th ACM conference on Computer and commucations security .New York:ACM Press,2010.663-665.

[109] Barham P,Dragovic B,et al.Xen and the art of virtualization . Proceedings of the nineteenth ACM symposium on Operating Systems Principles(SOSP'03) .New York:ACM Press,2003.164-177.

[110] Aviram A,Hu S,et al.2010.Determinating timing channels in compute clouds .CCSW'10 Proceedings of the 2010 ACM workshop on Cloud Computing Decurity Workshop .New York:ACM Press,2010.103-108.

[111] 张尧学,周悦芝.一种云计算操作系统TransOS:基于透明计算的设计与实现[J].电子学报,2011,38(5):985-990. Zhang Yao-xue,Zhou Yue-zhi.A new cloud operating system:Design and implementation based on transparent computing[J].Acta Electronica Sinica,2011,38(5):985-990.(in Chinese)