云计算环境下文件完整性检测系统的设计
|
摘要
随着云计算的发展,计算能力通过互联网自由流通,公有云发展迅猛,混合云、私有云也在很多企业落地。虽然云计算给用户提供了一种新型的计算、网络、存储环境,但是在系统和应用与传统部署方式在提供的服务等方面却并未发生革命性的改变,其安全问题仍然面临诸多挑战。根据云计算环境下平台系统的特点,提出一套基于文件完整性检测系统的设计方案。首先,分析当前文件监控方案不能满足云计算环境下平台系统文件检测方法的需要,然后设计一套完整的技术方案,实现原型系统,指出待研究的关键问题,并着重阐述新安全哈希算法的应用。通过对原型系统的评测表明,本设计可将检测系统的运行的大部分负载从被监控主机转移,从而适用于云计算环境。
With the development of cloud computing, computing power is freely circulated through the Internet, public clouds are developing rapidly, and hybrid cloud and private clouds are also falling in many enterprises. While cloud computing provides users with a new type of computing, networking, and storage environment, there has been no revolutionary change in the way systems and applications and traditional deployment methods provide services, and its security issues still face many challenges. According to the characteristics of the cloud computing system, a design scheme based on the file integrity detection system is proposed. Firstly, it analyzes that the current file monitoring scheme can't meet the needs of the platform system file detection in the cloud computing environment, and then designs a complete technical solution, realizes the prototype situation, points out the key issues to be studied, and supports the new security hash algorithm.
With the development of cloud computing, computing power is freely circulated through the Internet, public clouds are developing rapidly, and hybrid cloud and private clouds are also falling in many enterprises. While cloud computing provides users with a new type of computing, networking, and storage environment, there has been no revolutionary change in the way systems and applications and traditional deployment methods provide services, and its security issues still face many challenges. According to the characteristics of the cloud computing system, a design scheme based on the file integrity detection system is proposed. Firstly, it analyzes that the current file monitoring scheme can't meet the needs of the platform system file detection in the cloud computing environment, and then designs a complete technical solution, realizes the prototype situation, points out the key issues to be studied, and supports the new security hash algorithm.
引文
[1]Ian Foster,Yong Zhao,Ioan Raicu,Shiyong Lu.Cloud Computing and Grid Computing 360-Degree Compared.Grid Computing Environments Workshop,2008:1-10.
[2]Gartner Corporatoin.Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17.3 Percent in 2019[E/OL].[2018-09-12].https://www.gartner.com/en/newsroom/press-releases/2018-09-12-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2019.
[3]Gartner Corporatoin.Gartner Survey Says Cloud Computing Remains Top Emerging Business Risk[E/OL].[2018-08-15].https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-says-cloud-computing-remains-top-emerging-business-risk.
[4]郑晓红,刘志贵,陆荣杰.分布式UNIX文件安全检测系统的设计与实现[J].计算机应用研究,2005,10:(142-144).
[5]王颐帅.基于LVS的服务器负载均衡技术[J].计算机系统应用,2014,(7):252-255.
[6]鲜伟,胡晓勤.基于OSPF等价路由的LVS集群负载均衡技术的研究[J].网络安全技术与应用,2018,(4):29-30.
[7]刘增杰,李坤.MySQL 5.6从零开始学[M].北京:清华大学出版社,2013.
[8]冯力.Tripwire在入侵检测系统中的应用[J].信息安全与通信保密,2002,5:(28-29).
[9]Xiaoyun Wang,Hongbo Yu.How to Break MD5 and Other Hash Functions[J].EUROCRYPT,2005:19-35.
[10]Xiaoyun Wang,Yiqun Lisa Yin,Hongbo Yu.Finding.Finding Collisions in the Full SHA-1,CRYPTO.Lecture Notes in Computer Science,2005,3621:17-36.
[11]Christoph Dobrauning,Maria Eichlseder,and Florian Mendel.Analysis of SHA-512/224 and SHA-512/256.IACR Cryptology ePrint Archive,Report 2016/374(2016).
[12]王淦,张文英.SHA-3的安全性分析[J].计算机应用研究,2016,(33)3:(142-144).
[2]Gartner Corporatoin.Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17.3 Percent in 2019[E/OL].[2018-09-12].https://www.gartner.com/en/newsroom/press-releases/2018-09-12-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2019.
[3]Gartner Corporatoin.Gartner Survey Says Cloud Computing Remains Top Emerging Business Risk[E/OL].[2018-08-15].https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-says-cloud-computing-remains-top-emerging-business-risk.
[4]郑晓红,刘志贵,陆荣杰.分布式UNIX文件安全检测系统的设计与实现[J].计算机应用研究,2005,10:(142-144).
[5]王颐帅.基于LVS的服务器负载均衡技术[J].计算机系统应用,2014,(7):252-255.
[6]鲜伟,胡晓勤.基于OSPF等价路由的LVS集群负载均衡技术的研究[J].网络安全技术与应用,2018,(4):29-30.
[7]刘增杰,李坤.MySQL 5.6从零开始学[M].北京:清华大学出版社,2013.
[8]冯力.Tripwire在入侵检测系统中的应用[J].信息安全与通信保密,2002,5:(28-29).
[9]Xiaoyun Wang,Hongbo Yu.How to Break MD5 and Other Hash Functions[J].EUROCRYPT,2005:19-35.
[10]Xiaoyun Wang,Yiqun Lisa Yin,Hongbo Yu.Finding.Finding Collisions in the Full SHA-1,CRYPTO.Lecture Notes in Computer Science,2005,3621:17-36.
[11]Christoph Dobrauning,Maria Eichlseder,and Florian Mendel.Analysis of SHA-512/224 and SHA-512/256.IACR Cryptology ePrint Archive,Report 2016/374(2016).
[12]王淦,张文英.SHA-3的安全性分析[J].计算机应用研究,2016,(33)3:(142-144).