基于IP模型的云计算安全模型

doi:10.3969/j.issn.1671-1122.2018.11.004

摘要/Abstract

摘要：

云计算是一个开放式的计算架构,通过互联网为用户提供各种服务,这种方式可以使用户方便地使用云计算服务,但也导致其面临严重的安全威胁。因此,解决云计算中的安全问题是云计算能否进一步发展的关键所在。要实现对云计算中数据与隐私的安全保护,通常采用的方法是加密、访问控制和信息流控制等。加密和访问控制的方法不能防止系统中隐藏信息流,因此无法完全隔离云计算服务中的用户。信息流控制模型可以解决隐藏信息流这一问题,因此可以有效地隔离云计算中的用户。文章基于信息流模型研究领域的重要模型（IP模型）提出了云计算架构下的信息流安全（SMCCIP）模型,该模型可以检测云计算架构中是否存在隐藏的信息流,保证云计算用户间的隔离性。

关键词: 云计算安全模型, IP模型, 信息流控制, 信息安全

Abstract:

Cloud computing is an open architecture that provides users with a variety of services over the internet. This approach poses a variety of threats to cloud computing, so security is the key to cloud computing’s ability to grow further. To achieve data and privacy security, encryption, access control and information flow control is the most effective way, encryption, access control cannot control the hidden information flow. In this paper, the security model of cloud computing architecture based on IP (SMCCIP) model can detect whether there is a hidden information flow in the cloud computing architecture so as to ensure the isolation between cloud computing users.

Key words: cloud computing security model, IP model, information flow control, information security

中图分类号:

TP309

吕从东, 韩臻. 基于IP模型的云计算安全模型[J]. 信息网络安全, 2018, 18(11): 27-32.

Congdong LV, Zhen HAN. A Security Model of Cloud Computing Based on IP Model[J]. Netinfo Security, 2018, 18(11): 27-32.

图/表 1

参考文献 23

[1]	CHEN Hao, WU Xiongnan, SHAO Zhong, et al.Toward Compositional Verification of Interruptible OS kERNELS and Device Drivers[J]. Programming Language Design and Implementation, 2016, 51(6): 431-447.
[2]	SESHADRI A, LUK M, QU N, et al.SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes[J]. ACM SIGOPS Operating Systems Review, 2007, 41(6): 335-350.
[3]	DONG Qinghe, HE Qian, JIANG Bingcheng, et al.Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection. Netinfo Security, 2018, 18(7): 60-68.
	董庆贺,何倩,江炳城,等. 面向云数据库的多租户属性基安全隔离与数据保护方案[J]. 信息网络安全,2018,18(7):60-68.
[4]	DAI Yuehua, SHI Yi, QI Yong, et al.Design and Verification of a Lightweight Reliable Virtual Machine Monitor for a Many-core Architecture[J]. Frontiers of Computer Science, 2013, 7(1): 34-43.
[5]	ZHANG Fan, ZHANG Cong, CHEN Wei, et al.Noninterference Analysis of Trust of Behavior in Cloud Computing System[J]. Chinese Journal of Computers, 2017(40): 1-15.
	张帆,张聪,陈伟,等. 基于无干扰的云计算环境行为可信性分析[J]. 计算机学报,2017(40):1-15.
[6]	WANG Jian, LI Chang, HAN Lei, et al.Computing Resource Control and Protection Scheme Based on Desktop Cloud[J]. Netinfo Security, 2018, 18(2): 27-33.
	王健,李昶,韩磊,等. 基于桌面云的计算资源控制保护方案[J]. 信息网络安全,2018,18(2):27-33.
[7]	WEST R, LI Y, MISSIMER E S, et al.A Virtualized Separation Kernel for Mixed-criticality Systems[J]. ACM Transactions on Computer Systems, 2016, 34(3): 201-212.
[8]	ZENG Wen, KOUTNY M, WATSON P, et al.Formal Verification of Secure Information Flow in Cloud Computing[J]. Journal of Information Security and Applications, 2016, 27(C): 103-116.
[9]	SRIVASTAVA H, KUMAR S A.Control Framework for Secure Cloud Computing[J]. Journal of Information Security, 2015, 6(1): 12-23.
[10]	BEZEMER C P, ZAIDMAN A.Multi-tenant SaaS Applications: Maintenance Dream or Nightmare?[C]//ACM. The Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on PrinSMCCIPles of Software Evolution(IWPSE), September 20-21, 2010, Antwerp, Belgium. New York: ACM, 2010: 88-92.
[11]	XU Yunjing, BAILEY M, JAHANIAN F, et al.An Exploration of L2 Cache Covert Channels in Virtualized Environments[C]//ACM. 3rd ACM workshop on Cloud Computing Security Workshop, October 21, 2011, Chicago, Illinois, USA. New York: ACM, 2011: 29-40.
[12]	WANG Zhan, SUN Kun, JAJODIA S, et al.Disk Storage Isolation and Verification in Cloud[C]//IEEE. 2012 IEEE Global Communications Conference, December 3-7, 2012, Anaheim, CA, USA. New Jersey: IEEE, 2012: 771-776.
[13]	LI Ye, WEST R, MISSIMER E.A Virtualized Separation Kernel for Mixed Criticality Systems[C]//ACM. 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 1-2, 2014, Salt Lake City, Utah, USA. New York: ACM, 2014: 201-212.
[14]	RISTENPART T, TROMER E, SHACHAM H, et al.Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds[C]//ACM. 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 199-212.
[15]	OKAMURA K, OYAMA Y.Load-based Covert Channels between Xen Virtual Machines[C]//ACM. 2010 ACM Symposium on Applied Computing, March 22-26, 2010, Sierre, Switzerland. New York: ACM, 2010: 173-180.
[16]	ZHAO Yongwang, SANÁN D, ZHANG Fuyuan, et al. Reasoning About Information Flow Security of Separation Kernels with Channel-based Communication[C]//Springer. International Conference on Tools and Algorithms for the Construction and Analysis of Systems, April 4-7, 2016, Eindhoven, The Netherlands. Heidelberg: Springer, 2016: 791-810.
[17]	XU Xiaolong, LIU Guangpei, ZHU Jie.Cloud Data Security and Integrity Protection Model Based on Distributed Virtual Machine Agents[C]//IEEE. 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, October 13-15, 2016, Chengdu, China. New Jersey: IEEE, 2017: 6-13.
[18]	YAN Xixi, YE Qing, LIU Yu.Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment[J]. Netinfo Security, 2017, 17(6): 14-21.
	闫玺玺,叶青,刘宇. 云环境下支持隐私保护和用户撤销的属性基加密方案[J]. 信息网络安全,2017,17(6):14-21.
[19]	REUBEN J S.A Survey on Virtual Machine Security[J]. Helsinki University of Technology, 2007(2): 20-36.
[20]	DARYL M.Specifications for Multi-level Security and a Hook-up Property[C]//IEEE. 1987 IEEE Symposium on Security and Privacy, April 27-29, 1987, Oakland, CA, USA. New Jersey: IEEE, 1987: 161-166.
[21]	GOGUEN J A, MESEGUER J.Unwinding and Inference Control[C]//IEEE. 1984 IEEE Symposium on Security and Privacy, April 29-May 2, 1984, Oakland, CA, USA. New Jersey: IEEE, 1984: 75-81.
[22]	GEORGET L, JAUME M, PIOLLE G.Verifying the Reliability of Operating System-level Information Flow Control Systems in Linux[C]//IEEE/ACM. 5th International FME Workshop on Formal Methods in Software Engineering, May 27-27, 2017, Buenos Aires. New Jersey: IEEE, 2017: 10-16.
[23]	MEYDEN R V D, ZHANG Chenyi. A Comparison of Semantic Models for Noninterference[J]. Theoretical Computer Science, 2010, 411(47): 4123-4147.

元素集	元素及含义	说明
U	U={U₁,U₂,…,U_n},U_i表示云计算环境中的某个用户	云用户集合
V	V={V₁,V₂,…,V_n},V_i表示云计算环境中的某个服务器	云端服务器集合
D	D=U∪V,D_i表示云计算环境中的一个安全域	安全域集合
S	S={s₀,s₁,s₂,…,s_n},s_i表示云状态,s₀表示初始状态	云状态集合
AC	AC={r,w},r表示读,w表示	用户行为
T	T={T₁,T₂,…,T_n},T_i表示某个行为的时态	时态状态
E	E={E₁,E₂,…,E_n},E_i表示某个行为的环境	环境状态
A	A={AC,T,E},AC、T、E这3个要素构成行为	行为集合
O	O={O₁,O₂,…,O_n},O_i表示云计算环境中的某个用户视图	用户视图集合
obs	obs_μ (s_i),μ∈D,s_i∈S,输出函数	安全域在某个状态下的视图
dom	dom(a),a∈A,获得动作发生安全域函数	动作发生安全域
step	step(s∙α,a),s∈S,a∈A,α∈A^,可以简写为s∙αa,获得动作发生安全域函数s∙ε*=s,ε为空动作或空动作序列	单步执行函数
→	信息流策略	安全域间信息流