信息网络安全 ›› 2018, Vol. 18 ›› Issue (2): 27-33.doi: 10.3969/j.issn.1671-1122.2018.02.004

• • 上一篇    下一篇

基于桌面云的计算资源控制保护方案

王健1, 李昶1(), 韩磊2, 韩臻1   

  1. 1. 北京交通大学智能交通数据安全与隐私保护技术北京市重点实验室,北京 100044
    2. 66019部队,北京 100042
  • 收稿日期:2017-12-19 出版日期:2018-02-20 发布日期:2020-05-11
  • 作者简介:

    作者简介:王健(1975—),男,山东,副教授,博士,主要研究方向为网络安全;李昶(1993—),男,天津,硕士研究生,主要研究方向为信息安全;韩磊(1983—),男,内蒙古,工程师,博士,主要研究方向为网络信息安全、密钥管理;韩臻(1962—),男,浙江,教授,博士,主要研究方向为信息安全。

  • 基金资助:
    国家自然科学基金[61672092]

Computing Resource Control and Protection Scheme Based on Desktop Cloud

Jian WANG1, Chang LI1(), Lei HAN2, Zhen HAN1   

  1. 1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing 100044, China
    2. Troops 66019 of PLA, Beijing 100042, China
  • Received:2017-12-19 Online:2018-02-20 Published:2020-05-11

摘要:

桌面云是基于云计算技术的虚拟桌面服务,已经被广泛应用。同时,在桌面云平台与业务需求的结合过程中,形成了基于业务的桌面云管理平台和业务应用平台。然而桌面云环境的脆弱性和计算资源的底层访问特性,使得基于桌面云的应用环境缺乏对计算资源调用的有效控制和保护,迫切需要解决资源认证和非授权调用等问题。这种对资源的安全保护问题也制约了桌面云与业务需求结合的进一步发展。针对上述问题,文章设计了一种基于桌面云的计算资源控制保护方案,以HTTPS加密信道作为资源请求接入点,采用基于携带用户信息的公钥加密令牌认证方法对用户请求进行认证并对通信内容进行加密,并根据认证机制和角色权限对计算资源进行管控和防护。方案实现了用户对计算资源的安全访问,有效改善了桌面云环境下计算资源的控制保护特性。

关键词: 桌面云, 计算资源, 控制保护, 认证

Abstract:

Desktop cloud is commonly known as a type of virtual desktop which towards cloud computing to implement. At the same time, with the combination of desktop cloud platform and business requirements, business application platform and business based desktop cloud management platform are also been produced. However, the vulnerability of the desktop cloud environment and the underlying access characteristics of computing resources, not only make the application environment based on the desktop cloud lack of effective control and protection for the invoking of computing resource, but also make the computing resource face the problems that need to be used certified and cannot be invoked without authorization. Aiming at the above problems, this paper designs a desktop cloud-based computing resource controlled protection scheme, which made HTTPS encryption as the resource request access, and used PKI token based on user information, authenticated the user request and encrypted the communication content, controlled and protected the computing resources according to the authentication mechanism and the role privilege. The scheme protects users from secure access to computing resources. After testing, the system effectively improves the controlled protection of computing resources in desktop cloud.

Key words: desktop cloud, computing resource, controlled protection, authentication

中图分类号: