信息网络安全 ›› 2019, Vol. 19 ›› Issue (7): 31-41.doi: 10.3969/j.issn.1671-1122.2019.07.004

• • 上一篇    下一篇

基于程序切片技术的云计算软件安全模型研究

崔艳鹏, 冯璐铭(), 闫峥, 蔺华庆   

  1. 西安电子科技大学,陕西西安 710071
  • 收稿日期:2018-10-15 出版日期:2019-07-19 发布日期:2020-05-11
  • 作者简介:

    作者简介:崔艳鹏(1978—),女,陕西,副教授,博士,主要研究方向为信号处理、系统模拟;冯璐铭(1994—),男,山西,硕士研究生,主要研究方向网络安全、二进制安全、恶意代码分析;闫峥(1972—),女,陕西,教授,博士,主要研究方向为信息安全与隐私保护、信任管理与可信计算;蔺华庆(1994—),男,山东,硕士研究生,主要研究方向为安全数据采集与分析、网络威胁检测。

  • 基金资助:
    国家自然科学基金[61672410,61802293]

Research on Software Security Model of Cloud Computing Based on Program Slicing Technology

Yanpeng CUI, Luming FENG(), Zheng YAN, Huaqing LIN   

  1. Xidian University, Xi’an Shaanxi 710071, China
  • Received:2018-10-15 Online:2019-07-19 Published:2020-05-11

摘要:

云计算是新一代信息技术产业的重要组成部分,是继个人计算机、互联网之后信息技术的第三次浪潮。虽然各界都一致认为云计算有着巨大的增长空间,但在推广中依然面临着用户认可度不高、运营经验不足、产业链不完善等诸多问题。在诸多不利因素中,云计算的安全性问题一直排在首位,云安全逐渐成为制约云计算发展的瓶颈。在云计算应用场景中,由于云计算的大规模、高动态、高开放等特点使其不但面临着一般的安全问题,而且还面临着由其固有特点所带来的安全风险。这些安全风险包括服务模式、虚拟化技术、云计算管理软件等所带来的安全问题。由于程序切片技术可以很好的辅助安全测试人员来分析云计算软件,因此文章提出了一种基于程序切片技术的云计算软件安全分析模型,该模型可以用于发现云计算软件中存在的关键信息泄露漏洞以及此类漏洞的扩散情况,从而提高对关键信息的保护能力。最后,文章讨论了云计算软件安全模型现存研究中的主要问题,并对未来的研究方向提出了建议。

关键词: 云计算, 软件安全, 程序切片, 二进制分析, 逆向工程

Abstract:

Cloud computing is an important part of the new generation of information technology industry. It is the third information technology wave after personal computer and Internet. Although people from all walks of life agree that cloud computing has a huge growth space, it still faces many problems in promotion, such as low user recognition, insufficient operation experience and imperfect industrial chain. Among all the disadvantages, the security of cloud computing has been ranked the first, and cloud security has gradually become the bottleneck restricting the development of cloud computing. In the cloud computing application scenarios, cloud computing is faced with not only general security problems, but also security risks brought by its inherent characteristics due to its super-large scale, high dynamics, high openness and other characteristics. In general, it includes security problems caused by service mode, security problems caused by virtualization technology, security problems of cloud-related management software, etc. And program slicing technology can assist security testers to analyze cloud computing software. Therefore, a software security analysis model of cloud computing based on program slicing technology is proposed. It is used to discover the key information leakage vulnerabilities and the spread of such vulnerabilities in cloud computing software, so as to improve the protection of key information.

Key words: cloud computing, software security, program slicing, binary analysis, reverse engineering

中图分类号: