摘要
资源弹性伸缩、数据动态迁移以及平台租户共享等云计算技术,在最大限度发挥IT资源集约化管理效益的同时,也为云上应用引入了潜在的安全风险。云平台系统特权、软件缺陷和数据泄漏等引发的安全问题,已成为云租户敏感应用上网入云的最大障碍。围绕如何构建安全可信的云租户应用环境,系统研究了云计算安全架构,基于分域防护安全策略和安全服务链防护思想,提出了“域安全+流防护”云安全架构,并着重研究了相关安全防护机制。
Cloud computing technologies such as resource resiliency, data dynamic migration, and platform tenant sharing, while maximizing the benefits of IT resource intensive management, also introduce potential security risks for cloud applications. The security issues caused by cloud platform system privileges, software defects and data leakage have now become the biggest obstacle for cloud tenants to migrate security-sensitive applications onto the cloud. The cloud computing security architecture is systematically explored around how to build a secure and trusted cloud tenant application environment. Based on the security policy of domain protection and the protection of security service chain, the cloud security architecture of "domain security + stream protection" is proposed, and the related security protection mechanism is emphasized.
作者
廖飞
陈捷
肖云峰
LIAO Fei;CHEN Jie;XIAO Yun-feng(No.30 Institute of CETC, Chengdu Sichuan 610041, China;Unit 92682 of PLA, Zhanjiang Guangdong 524000, China)
出处
《通信技术》
2019年第10期2472-2482,共11页
Communications Technology
关键词
云计算
安全防护
安全架构
安全机制
租户安全
cloud computing
security protection
security architecture
security mechanism
tenant security