CN102413192B - Data security insurance method in cloud computing environment - Google Patents
Data security insurance method in cloud computing environment Download PDFInfo
- Publication number
- CN102413192B CN102413192B CN201110457140.8A CN201110457140A CN102413192B CN 102413192 B CN102413192 B CN 102413192B CN 201110457140 A CN201110457140 A CN 201110457140A CN 102413192 B CN102413192 B CN 102413192B
- Authority
- CN
- China
- Prior art keywords
- cloud
- service
- data
- thin
- service cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses the data security insurance method in cloud computing environment belonging to cloud computing service field.It comprises the following steps: 1) thin cloud sends request to service cloud, and service cloud dynamically configures resource, responds rapidly according to user's request;Service cloud is judged by thin cloud according to this response;2) according to the architectural framework of cloud computing deployment, service cloud is divided into privately owned cloud, community cloud, public cloud and mixed cloud;3) data in transmitting procedure are encrypted by the method using dynamically generation DES key to combine rsa encryption.The invention have the benefit that 1) ensure the safety of data under cloud computing environment.2) stable terminal technology is had higher requirement.3) give, under cloud computing environment, data Security Assurance Mechanism and evaluation methodology need the problem considered successively and the main points needing perfect technology.
Description
Technical field
The invention belongs to cloud computing service field, protect safely particularly to data under cloud computing environment
Barrier method, the present invention relates to stable terminal technology, mass data distributed management technology, number
According to technology relevant to cloud computing such as encrypted transmission technology.
Background technology
Task distribution on the virtual resource pond that a large amount of computers are constituted, is made various answering by cloud computing
Computing power, memory space and various software service can be obtained as required by system.Cloud computing
A kind of service by user's request response.
The architectural framework of cloud computing: cloud computing service platform mainly provides the service of three levels,
It is that infrastructure i.e. services, platform i.e. services, software i.e. services respectively.Infrastructure i.e. services
It is to provide for the resource of physics, mainly includes computing power, memory space, data, network etc..
Platform i.e. services and is to provide for user one operating platform easily, and user can be basic at this
On, develop new application, and be provided out new service, propose new solution etc..Soft
It is to be supplied to use as a kind of service online using software, data, information, safety etc. that part i.e. services
Family uses.
The technology that cloud computing is relevant: cloud computing be mass data distributed system, mass data also
The calculating of row treatment technology, effectiveness, Intel Virtualization Technology, Web service, grid computing, platform pipe
The technology such as reason, system cluster, stable terminal, balancing resource load technology, programming model
Merge and development, be the virtualized resource pool of a kind of dynamic call.
The feature of cloud computing mainly includes following seven: (1) Service Source pond;(2) can expand
Malleability is strong;(3) broadband network calls;(4) mensurable;(5) reliability standard is high, passes through
The redundancy backup of data ensures the safety of data;(6) good interactivity, it is possible to dynamic
Ground response user's request;(7) from service with needing distribution;
Cloud computing mainly has the advantage in terms of three below: (1) isomerism is strong, support software,
The isomery of hardware level;(2) resource virtualizing management, enhances resource peace to a certain extent
Entirely;(3) cost performance is high, on the premise of low cost, embodies higher motility, can expand
Malleability, System Error-tolerance Property etc..
The problem that cloud computing future development runs into is as follows:
1) safety problem: cloud computing, as a kind of set of service, is shifted user onto at the moment, no matter taken
Business provider is in the most in full swing the developing carrying out service market, the most primary problem,
Then being to ensure that, the service of incoming terminal is safe, and terminal uploads to the data in high in the clouds and is also
Safety.Safety problem always can not be ignored, the most only on the premise of having ensured safety, and cloud
The popularization calculated just is continued.
Occur in that the cloud computing security reference model set up that sets out with different view in the market,
Wherein compare representational for CSA model.This model is layers based on 3 kinds of basic cloud services
Secondary property and dependence thereof propose, and display PaaS is positioned on IaaS, and SaaS is positioned at PaaS
On.The lowest grade that the distinguishing feature of this model is to provide business place, and cloud service user wanted
The security capabilities and the management responsibility that undertake are the most.
Within 2009, CSA issues " cloud computing key area safety guide ", mainly from assailant angle
Degree summarizes the chief threat that cloud computing environment may face, and proposes 12 key safety and pays close attention to
Territory, after be concentrated into the threat that 7 most common, the extent of injury is maximum, be abuse respectively and dislike
Meaning uses cloud computing, unsafe interface and API, cankered internal staff, basis to set
Execute sharing problem, loss of data or leakage, account or service kidnap and some security breaches,
The control unknown risks etc. of security practices, code update etc..Meanwhile, exist with cloud computing center form
Infrastructure monopolization will also result in potential safety hazard, if substantial amounts of information fusion is carried out the most useful
The analysis of the heart, excavation etc., national information safely will be by baptism.If international corporation or clothes
Business provider stops service with certain reason, will also result in devastating impact.These are all cloud meters
Calculate the existing model in security fields cannot fundamentally solve and problem demanding prompt solution.
2) pell-mell development problem: cloud computing and the rise purchasing by group industry, to a certain extent,
Exist similar.Resource is many, and strength is big, under the driving of interests, and numerous service provider honeybees
Gather around and arrive, open up respective battlefield one after another, but safety and credit problems are the most day by day upgraded, city
Field is promoted needs a set of perfect data Security Assurance Mechanism.
3) network transmission problems: under cloud computing environment, speed, stability to network transmission are wanted
Asking and be greatly improved, network transmission problems also can not be ignored.
4) software license problem: make the acquisition of various software service under cloud computing environment,
Becoming more easy, the software license problem, the soft ware authorization infringement that produce therewith are asked
Topic etc. needs to cause the concern of related personnel and solution.
5) industry standard, regulation, government supervision management system are the most unsound.
Summary of the invention
The present invention is directed to drawbacks described above and disclose data security insurance method in cloud computing environment, it
Comprise the following steps:
1) thin cloud sends request to service cloud, and service cloud dynamically configures resource according to user's request,
Respond rapidly;Service cloud is judged by thin cloud according to this response, if service cloud is can
Misgivings clouding mind or enemy's cloud, thin cloud again sends request to service cloud, if service cloud is friend's cloud, opens
Begin to accept the data that service cloud sends over;
2) according to the architectural framework of cloud computing deployment, service cloud is divided into privately owned cloud, community
Cloud, public cloud and mixed cloud, privately owned cloud does not allow user terminal to make in the case of without permission
With, need possess subscriber authentication mechanism and data transmit encryption mechanism;Public cloud allows many
User simultaneously and concurrently conducts interviews, then it requires that network transfer speeds reaches 1000Mbps;Society
Qu Yun requires that network transfer speeds reaches 800Mbps;Mixed cloud requires that network transfer speeds reaches
500Mbps;
3) in the thin cloud data transmission procedure with service cloud, use and dynamically generate DES key
Data are encrypted by the method in conjunction with rsa encryption, and its detailed process is as follows: according to plaintext number
According to safe class, clear data is classified, service cloud clear data is carried out at random
Segmentation, produces N section clear data, N section clear data is carried out DES key encryption, it is thus achieved that
Ciphertext data, ciphertext length and DES key itself by RSA public key encryption.So,
Owing to ciphertext data, ciphertext length and DES key must be untied the most after one's death by RSA key, side
Clear data can be untied further.
Described thin cloud is user terminal.
Described can the definition of misgivings clouding mind be: if the link between service cloud and thin cloud exists risk,
Service cloud the most now is can misgivings clouding mind.
The definition of described enemy's cloud is: if the link between service cloud and thin cloud necessarily causes service
Cloud can spy upon the local resource in thin cloud, and service cloud the most now is enemy's cloud.
The definition of described friend's cloud is: if the connection between service cloud and thin cloud is harmless company
Connect, service cloud does not spy upon the local resource in thin cloud, it is to avoid letting out of the local resource in thin cloud
Dew, friend's cloud of service cloud the most now
The invention have the benefit that
1) divide four steps, have emphasis, ensure the safety of data under cloud computing environment with having primary and secondary,
It is to ensure the safety in thin cloud end, high in the clouds and data transmission procedure, compared with conventional art respectively
Lumping together, thinking is definitely with feasible.
2) stable terminal technology is had higher requirement, it is indicated that network transmission efficiency and
Data encryption technology is core.
3) stand in the angle of entirety, give under cloud computing environment data Security Assurance Mechanism and
Evaluation methodology needs the problem considered successively and the main points needing perfect technology, for cloud computing
Following development opens a firm wide development space and innovative space.
Accompanying drawing explanation
Fig. 1 is user terminal safety detection schematic diagram;
Fig. 2 is service cloud classification schematic diagram;
Fig. 3 is the schematic diagram being encrypted transmission data.
Detailed description of the invention
Below in conjunction with the accompanying drawings embodiments of the invention are illustrated:
Data security insurance method in cloud computing environment, it is necessary first to carry out following operation: perfect
Cloud mechanism used in connection with, gives requirement to the service life of cloud computing, once becomes cloud meter
Calculate service provider, in 5 years can not Termination at will service offer.
The offer of cloud computing service or termination need through strict law flow process examination & approval and batch
Standard, arbitrarily entering and termination of market of can not leaving.This ensure that entrance enterprise to a certain extent
The threshold of industry, it helps the autonomous property right of cloud computing service is rested in national and strong
In enterprise's hands, user is facilitated to enjoy service.Meanwhile, when going wrong, also can there are laws to abide by,
Have good grounds.
Then, data security insurance method in cloud computing environment, carry out following operation:
1) terminal security detection: terminal security detection aims at by user terminal from main separation
Cloud computing service provider, reduces user and uses the risk of service, it is ensured that enjoy the safety of service.
As it is shown in figure 1, thin cloud sends request to service cloud, (this is a kind of service request, request
COS mainly have three classes, be the service of IaaS level, the service of FaaS level respectively
Or the service of SaaS level), service cloud dynamically configures resource according to user's request, makees rapidly
Go out response;Thin cloud relies on stable terminal technology (such as: Block Storage and File Storage
Etc. technology.Stable terminal technology has a characteristic that data storage security is stable, terminal
The virus-free attack of main frame, resource management's convenient and efficient etc.) cloud (service cloud) responded is carried out
Judge, if service cloud be can misgivings clouding mind or enemy cloud, thin cloud again to service cloud send ask, as
Really service cloud is friend's cloud, starts to accept the data that service cloud sends over;
In said process, as the key of data security service technical system under cloud computing environment,
It is the need to ensure that stable service terminal technology is as support.This stable terminal technology needs
Possess such function, i.e. on the basis of considering user terminal configuration and high in the clouds configuration,
The character of the cloud providing service response is judged.
Described thin cloud be user terminal (from the point of view of the service cloud huge relative to resource, user terminal
Scarcity of resources, configuration simple, but there is also data, information and the computing power useful to user
Etc. resource, therefore, user terminal is referred to as thin cloud).
Described can the definition of misgivings clouding mind be: if the link between service cloud and thin cloud exists risk,
Likely local thin cloud resource can be caused pry and reveal, service cloud the most now is suspicious
Cloud.
The definition of described enemy's cloud is: if the link between service cloud and thin cloud necessarily causes service
Cloud can spy upon the local resource in thin cloud, causes the local resource in thin cloud to reveal, the most now
Service cloud for enemy cloud.
The definition of described friend's cloud is: if the connection between service cloud and thin cloud is harmless company
Connect, service cloud does not spy upon the local resource in thin cloud, it is to avoid letting out of the local resource in thin cloud
Dew, friend's cloud of service cloud the most now.
This step is to ensure that the safety of local resource service in thin cloud.
2) as in figure 2 it is shown, according to the architectural framework of cloud computing deployment, service cloud is divided into
Privately owned cloud, community cloud, public cloud and mixed cloud, privately owned cloud does not allow user terminal without awarding
Use in the case of power, need possess subscriber authentication mechanism and data transmit encryption mechanism;
Public cloud allows multi-user simultaneously and concurrently to conduct interviews, then it requires that network transfer speeds reaches
1000Mbps;Community cloud requires that network transfer speeds reaches 800Mbps;Mixed cloud requires net
Network transmission speed reaches 500Mbps;
This step, primarily to ensure the safety of resource in service cloud, prevents certain customers to be in
The resource of service cloud is destroyed and is attacked by the purpose of malicious access.
3) in the thin cloud data transmission procedure with service cloud, use and dynamically generate DES key
Data are encrypted by the method in conjunction with rsa encryption.
It is known that DES is a kind of typical symmetric encipherment algorithm, be characterized in algorithm open,
Amount of calculation is little, enciphering rate is fast, encryption efficiency is high, and weak point is that safety can not get at all
Ensure.RSA is a kind of typical rivest, shamir, adelman, be characterized in key be easy to management,
Distribution is simple, communication is open quickly, can realize digital signature and numeral discriminating etc., deficiency
Place is that operand is big.Therefore, huge for cloud computing data volume and comprehensive to the requirement height of safety
Close and consider, it should use the mode that symmetric encipherment algorithm and rivest, shamir, adelman combine, come
Data in transmitting procedure are carried out dynamic encryption and deciphering.
The method using dynamically generation DES key to combine rsa encryption can play both excellent
Point, i.e. on the premise of ensureing the DES key safety dynamically generated, whole data are by multiple
The DES key sectional encryption of stochastic generation, DES key itself and corresponding segment information thereof
By RSA public key encryption.Try hard in performance close on the premise of DES algorithm, make safety connect
The level of nearly RSA Algorithm.Such encryption method can realize Real Time Compression and breakpoint transmission
Function.
As it is shown on figure 3, the detailed process of encryption is as follows: according to the safe class of clear data,
Clear data is classified, service cloud clear data is carried out random segment, produce N section
Clear data, carries out DES key encryption to N section clear data, it is thus achieved that ciphertext data, close
Literary composition length and DES key itself are by RSA public key encryption.So, owing to using
RSA key unties ciphertext data, ciphertext length and DES key the most after one's death, can solve further
Open clear data.
This step is primarily to the safety that ensures in data transmission procedure.
Three above-mentioned steps ensure that the peace in terminal, high in the clouds and data transmission procedure respectively
Entirely, this relates to committed step and the upgrading of technology and optimization therebetween, for number under cloud computing environment
A kind of feasible method is provided according to the guarantee of safety.
Claims (1)
1. data security insurance method in cloud computing environment, it is characterised in that it includes following
Step:
1) thin cloud sends request to service cloud, and service cloud dynamically configures resource according to user's request,
Respond rapidly;Service cloud is judged by thin cloud according to this response, if service cloud is can
Misgivings clouding mind or enemy's cloud, thin cloud again sends request to service cloud, if service cloud is friend's cloud, opens
Begin to accept the data that service cloud sends over;
Described thin cloud is user terminal;
Described can the definition of misgivings clouding mind be: if the link between service cloud and thin cloud exists risk,
Service cloud the most now is can misgivings clouding mind;
The definition of described enemy's cloud is: if the link between service cloud and thin cloud necessarily causes service
Cloud can spy upon the local resource in thin cloud, and service cloud the most now is enemy's cloud;
The definition of described friend's cloud is: if the connection between service cloud and thin cloud is harmless company
Connect, service cloud does not spy upon the local resource in thin cloud, it is to avoid letting out of the local resource in thin cloud
Dew, friend's cloud of service cloud the most now;
2) according to the architectural framework of cloud computing deployment, service cloud is divided into privately owned cloud, community
Cloud, public cloud and mixed cloud, privately owned cloud does not allow user terminal to make in the case of without permission
With, need possess subscriber authentication mechanism and data transmit encryption mechanism;Public cloud allows many
User simultaneously and concurrently conducts interviews, then it requires that network transfer speeds reaches 1000Mbps;Society
Qu Yun allows multi-user simultaneously and concurrently to conduct interviews, and it requires that network transfer speeds reaches
800Mbps;Mixed cloud allows multi-user simultaneously and concurrently to conduct interviews, and it requires network transmission speed
Degree reaches 500Mbps;
3) in the thin cloud data transmission procedure with service cloud, use and dynamically generate DES key
Data are encrypted by the method in conjunction with rsa encryption, and its detailed process is as follows: according to plaintext number
According to safe class, clear data is classified, service cloud clear data is carried out at random
Segmentation, produces N section clear data, N section clear data is carried out DES key encryption, it is thus achieved that
Ciphertext data, ciphertext length and DES key itself by RSA public key encryption;The most necessary
Ciphertext data, ciphertext length and DES key is untied the most after one's death by RSA key, can be further
Untie clear data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110457140.8A CN102413192B (en) | 2011-12-30 | 2011-12-30 | Data security insurance method in cloud computing environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110457140.8A CN102413192B (en) | 2011-12-30 | 2011-12-30 | Data security insurance method in cloud computing environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102413192A CN102413192A (en) | 2012-04-11 |
| CN102413192B true CN102413192B (en) | 2016-08-17 |
Family
ID=45915035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110457140.8A Expired - Fee Related CN102413192B (en) | 2011-12-30 | 2011-12-30 | Data security insurance method in cloud computing environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102413192B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051614A (en) * | 2012-12-14 | 2013-04-17 | 无锡华御信息技术有限公司 | Secure access and data transmission method for cloud platform |
| CN104301094A (en) * | 2014-09-11 | 2015-01-21 | 江苏集群信息产业股份有限公司 | Safe data storage method for distributed type database |
| CN105227664A (en) * | 2015-10-10 | 2016-01-06 | 蓝盾信息安全技术股份有限公司 | A kind of underlying security service-Engine of cloud computing center |
| CN106254342A (en) * | 2016-09-23 | 2016-12-21 | 西安邮电大学 | The secure cloud storage method of file encryption is supported under Android platform |
| CN107046577B (en) * | 2017-04-28 | 2020-07-28 | 深信服科技股份有限公司 | Cloud mixing method and system |
| CN107360141B (en) * | 2017-06-23 | 2023-09-29 | 广州华盈电气科技有限公司 | Big data cloud platform safety protection method for electric power secret data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8341427B2 (en) * | 2009-02-16 | 2012-12-25 | Microsoft Corporation | Trusted cloud computing and services framework |
-
2011
- 2011-12-30 CN CN201110457140.8A patent/CN102413192B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102413192A (en) | 2012-04-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Braun et al. | Security and privacy challenges in smart cities | |
| CN102413192B (en) | Data security insurance method in cloud computing environment | |
| CN106790294B (en) | A kind of 5G network security risk evaluation method | |
| CN104331329B (en) | The mobile office security system and method for support region management | |
| CN106850690A (en) | A kind of honey jar building method and system | |
| CN113783871B (en) | Micro-isolation protection system adopting zero trust architecture and protection method thereof | |
| CN110233817A (en) | A kind of vessel safety system based on cloud computing | |
| CN109347847A (en) | A kind of smart city security assurance information system | |
| CN114268508B (en) | Internet of things equipment security access method, device, equipment and medium | |
| CN107046577B (en) | Cloud mixing method and system | |
| CN104683376A (en) | Novel cloud computing distributed data encryption method and system | |
| CN103885725A (en) | Virtual machine access control system and method based on cloud computing environment | |
| Zhu et al. | From data-driven to intelligent-driven: technology evolution of network security in big data era | |
| Shuanglin | Data security policy in the cloud computing | |
| Gaur et al. | Prevention of Security Attacks in Cloud Computing | |
| Yang et al. | Risk analysis and safety design of mobile smart medical system | |
| CN105912892B (en) | A kind of Process Protection system and method based on cloud computing | |
| Jiang et al. | Research on Edge Computing Security Defense of Information Energy System | |
| Cornelius et al. | Cyber Security Risks in Emerging South African Smart Cities: Towards a Cyber Security Framework | |
| Mukhopadhyay et al. | A Novel Virtualization Enabled Cloud Infrastructural Framework for Enhancing Private Cloud Communication Security | |
| WO2022174509A1 (en) | Method for designing firewall | |
| CN102508931B (en) | Database protection method | |
| Rao | Blockchain-Based Trust Mechanism For Empowering And Augmenting The Cloud | |
| Sharma | An innovation development of smart data protection mechanisms and its related parameters in financial institutions | |
| Durga Prasad Jasti et al. | Conversational AI and Cloud Platform: An Investigation of Security and Privacy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160817 Termination date: 20161230 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |