CN102546672A - Out-of-band authorization safety reinforcement method for cloud computing platform - Google Patents
Out-of-band authorization safety reinforcement method for cloud computing platform Download PDFInfo
- Publication number
- CN102546672A CN102546672A CN2012100607922A CN201210060792A CN102546672A CN 102546672 A CN102546672 A CN 102546672A CN 2012100607922 A CN2012100607922 A CN 2012100607922A CN 201210060792 A CN201210060792 A CN 201210060792A CN 102546672 A CN102546672 A CN 102546672A
- Authority
- CN
- China
- Prior art keywords
- warrant
- program
- ssr
- password
- cloud computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 230000002787 reinforcement Effects 0.000 title claims abstract description 8
- 238000013475 authorization Methods 0.000 title claims abstract description 7
- 230000007123 defense Effects 0.000 claims abstract description 4
- 238000012544 monitoring process Methods 0.000 claims abstract description 4
- 238000005336 cracking Methods 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 3
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 abstract 1
- 230000007423 decrease Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 244000144985 peep Species 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a safety reinforcement method for a cloud computing platform. The method is characterized in that: programs on the cloud computing platform are subjected to out-of-band encryption authorization by adopting an active defense technology based on server system reinforcement (SSR) and the out-of-band encryption authorization, and the legitimacy of running a cloud computing program and the security of related data access are ensured under the support of the SSR by dynamic cross authorization between a cloud platform operation monitoring and management system and an external security management center. Therefore, a program running right is prevented from being illegally stolen and controlled by a super hacker Trojan, critical data is prevented from being illegally accessed, and the security of the cloud platform program running and the critical data can be greatly improved.
Description
Technical field
The present invention relates to a kind of cloud computing security fields that the invention belongs to, the outer authorizing secure reinforcement means of specifically a kind of cloud computing platform band.
Background technology
Cloud security has become the No.1 challenge that cloud computing is used, the main worry when safety problem has become most of customer selecting cloud computing service, and seriously hindered the development of cloud computing.Because virtual, the intensification of cloud computing, mobilism, many tenants characteristics make the security threat factor roll up, the key subjects that how to ensure information safety, security of operation are cloud computing.
The safety problem of cloud computing relates to many aspects such as cloud computing platform safety, application program security of operation, customer information safety, interface and network security; Wherein network security, platform host and storage system safety industry have had ripe solution, but program running and client's sensitive information safety problem are never solved well.
Existing solution is mainly taked measures such as access registrar, fire compartment wall, IDS, viral wooden horse killing, data encryption; In case yet assailant's (super hacker, wooden horse etc.) sees through the outposts of the tax office such as authentication, fire compartment wall through deception or the counterfeit means that make a variation; Just may have access to inner core data; Even the operation control of the program of acquisition, thereby cause serious consequence.
Summary of the invention
The purpose of this invention is to provide the outer authorizing secure reinforcement means of a kind of cloud computing platform band.
The objective of the invention is to realize by following mode; Employing is based on the outer active defense technique of encrypting mandate and security hardening server S SR of band; Be with outer the encryption to authorize to the program on the cloud computing platform; And under the support of SSR; Through the dynamic cross-certification of cloud platform operation monitoring management system and external security administrative center, can prevent the possibility of super hacker, the illegal snooper operation of wooden horse power effectively, thereby improve the legitimacy of cloud platform program operation and the fail safe of critical data greatly;
Following based on outer mandate of the band of SSR and dynamic encryption verification process:
1) authorizes outward based on the band of SSR
Be with outer the encryption to authorize for the cloud computing program; Before program loading operation; Authorize this program running warrant and password by external management person, and the warrant password of authorizing be saved among the SSR, simultaneously with the warrant cryptogram copy to cloud platform program operation management system and external security center;
In a single day warrant and password store among the SSR, do not have the advanced authorization at SSR and external security center just can't change, thereby guarantee not distorting by hacker, wooden horse of warrant and password;
2) legitimacy, the fail safe that move through the cross-certification monitoring program
After the cloud computing program obtains the warrant password; Just can on the cloud platform, activate operation; In program operation process; The intersection safety certification of various strategies will be implemented in SSR and external security center, and the operation power and the password of inspection check program guarantee the legitimacy and the fail safe of program running on the cloud computing platform;
3) utilize dynamic encryption to ensure the fail safe of program running warrant
For preventing that further warrant password victim from cracking, stealing; SSR can implement the secondary dynamic encryption based on original licencing key; With encrypting dynamic warrant and the password that generates; Be distributed to external security center and cloud platform program operation management system in real time, utilize the key of making an appointment to discern use then.The opportunity that generates dynamic warrant and password through superencipher be at random, regular, or select at random constantly regularly, destroy old encryption warrant in the time of the distribution in real time of each dynamic encryption warrant.
Excellent effect of the present invention; Employing has formed high-intensity security protection system based on measures such as the outer mandate of the band of security hardening server, dynamic encryption, cross-certification; Caused great difficulty for assailant in the various bands (it is movable in the band that the behavior of hacker, wooden horse all belongs to); Thereby can realize high-intensity protection to the legitimacy of program running, the access security of critical data; Method of the present invention can not only defend hacker, wooden horse to attack effectively, also can defend effectively the cloud computing centralized administrator to the unauthorized access of sensitive data, peep, thereby intactly guarantee critical data, the high security of sensitive information.
Description of drawings
Fig. 1 is based on the outer dynamic encryption authentication model structural representation of authorizing of SSR band;
Fig. 2Topological structure sketch map based on outer mandate of the band of SSR and dynamic encryption authentication method.
Embodiment
With reference to Figure of description to explanation at length below the work of the present invention.
The outer authorizing secure reinforcement means of a kind of cloud computing platform band of the present invention; Be by generally comprising security hardening server S SR, band outer authorized component (or system), cloud computing platform program running monitor component, external security administrative center four parts based on complete application system of the present invention, the detailed operation process is referring to Fig. 2.
If there is not external security administrative center, also can become the very high safety system of intensity by other case parts, only the grade of safeguard protection (or reliability) decreases.
Employing is based on the outer active defense technique of encrypting mandate and security hardening server S SR of band; Be with outer the encryption to authorize to the program on the cloud computing platform; And under the support of SSR; Through the dynamic cross-certification of cloud platform operation monitoring management system and external security administrative center, can prevent the possibility of super hacker, the illegal snooper operation of wooden horse power effectively, thereby improve the legitimacy of cloud platform program operation and the fail safe of critical data greatly.Concrete principle and innovative point are following.
Basic principle model of the present invention is referring to figure below, and wherein outer mandates of band, security hardening server S SR, dynamic encryption cross-certification three parts constitute safety system, its object of protection to liking cloud program and cloud data.
Following based on outer mandate of the band of SSR and dynamic encryption verification process:
1) authorizes outward based on the band of SSR
The present invention is with outer the encryption to authorize for the cloud computing program; Before program loading operation; Authorize this program running warrant and password by external management person; And the warrant password of authorizing is saved among the SSR, simultaneously with the warrant cryptogram copy to cloud platform program operation management system and external security center;
In a single day warrant and password store among the SSR, if there is not the advanced authorization at SSR and external security center just can't change, thereby assurance warrant and password are not distorted by hacker, wooden horse etc.;
2) legitimacy, the fail safe that move through the cross-certification monitoring program
The cloud computing program just can activate operation after obtaining the warrant password on the cloud platform.In program operation process, the intersection safety certification of various strategies will be implemented in SSR and external security center, and the operation power and the password of inspection check program guarantee the legitimacy and the fail safe of program running on the cloud computing platform;
3) utilize dynamic encryption to ensure the fail safe of program running warrant
For preventing that further warrant password victim from cracking, stealing; SSR can implement the secondary dynamic encryption based on original licencing key; With encrypting dynamic warrant and the password that generates; Be distributed to external security center and cloud platform program operation management system in real time, utilize the key of making an appointment to discern use then.The opportunity that generates dynamic warrant and password through superencipher can be at random, regular, or select at random constantly regularly, destroy old encryption warrant in the time of the distribution in real time of each dynamic encryption warrant.
Adopt the novelty measure of above three aspects, can solve the legal operation and the data security problem of cloud computing platform program more completely.
Except that the described technical characterictic of specification, be the known technology of those skilled in the art.
Claims (1)
1. the outer authorizing secure reinforcement means of a cloud computing platform band; It is characterized in that adopting based on the outer active defense technique of encrypting mandate and security hardening server S SR of band; Be with outer the encryption to authorize to the program on the cloud computing platform; And under the support of SSR; Through the dynamic cross-certification of cloud platform operation monitoring management system and external security administrative center, can prevent the possibility of super hacker, the illegal snooper operation of wooden horse power effectively, thereby improve the legitimacy of cloud platform program operation and the fail safe of critical data greatly;
Following based on outer mandate of the band of SSR and dynamic encryption verification process:
1) authorizes outward based on the band of SSR
Be with outer the encryption to authorize for the cloud computing program; Before program loading operation; Authorize this program running warrant and password by external management person, and the warrant password of authorizing be saved among the SSR, simultaneously with the warrant cryptogram copy to cloud platform program operation management system and external security center;
In a single day warrant and password store among the SSR, do not have the advanced authorization at SSR and external security center just can't change, thereby guarantee not distorting by hacker, wooden horse of warrant and password;
2) legitimacy, the fail safe that move through the cross-certification monitoring program
After the cloud computing program obtains the warrant password; Just can on the cloud platform, activate operation; In program operation process; The intersection safety certification of various strategies will be implemented in SSR and external security center, and the operation power and the password of inspection check program guarantee the legitimacy and the fail safe of program running on the cloud computing platform;
3) utilize dynamic encryption to ensure the fail safe of program running warrant
For preventing that further warrant password victim from cracking, stealing; SSR can implement the secondary dynamic encryption based on original licencing key; With encrypting dynamic warrant and the password that generates; Be distributed to external security center and cloud platform program operation management system in real time, utilize the key make an appointment to discern use then, the opportunity that generates dynamic warrant and password through superencipher be at random, regular; Or select at random constantly regularly, destroy old encryption warrant in the time of the distribution in real time of each dynamic encryption warrant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100607922A CN102546672A (en) | 2012-03-09 | 2012-03-09 | Out-of-band authorization safety reinforcement method for cloud computing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100607922A CN102546672A (en) | 2012-03-09 | 2012-03-09 | Out-of-band authorization safety reinforcement method for cloud computing platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102546672A true CN102546672A (en) | 2012-07-04 |
Family
ID=46352630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100607922A Pending CN102546672A (en) | 2012-03-09 | 2012-03-09 | Out-of-band authorization safety reinforcement method for cloud computing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546672A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457780A (en) * | 2013-09-18 | 2013-12-18 | 浪潮电子信息产业股份有限公司 | Method for managing server host reinforcing product in non-application-proxy mode |
| CN105718790A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Program execution control method based on user under UNIX system |
| CN105718789A (en) * | 2016-01-25 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Program execution control method based on user under AIX system |
| CN105740696A (en) * | 2016-01-26 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | User-based program execution control method under Solaris system |
| CN105740702A (en) * | 2016-01-25 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | User-based program execution control method under LINUX system |
| CN106845168A (en) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | A kind of obfuscating control flow method towards remote computation |
| CN107566329A (en) * | 2017-05-11 | 2018-01-09 | 新华三云计算技术有限公司 | A kind of access control method and device |
| CN108206741A (en) * | 2016-12-16 | 2018-06-26 | 北京国双科技有限公司 | Verification method, the apparatus and system of service |
| CN109145586A (en) * | 2018-08-14 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of SSR centralized management platform identity dynamic authorization method |
| US10251061B2 (en) | 2015-12-17 | 2019-04-02 | Tadhg Kelly | Cellular out of band management as a cloud service |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286839A (en) * | 2006-12-27 | 2008-10-15 | 英特尔公司 | A method for exchanging strong encryption keys between devices using alternative input methods in wireless personal area networks (WPAN) |
| EP2395446A1 (en) * | 2010-06-14 | 2011-12-14 | Gemalto SA | Method for pairing a first device with a second device |
| CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
-
2012
- 2012-03-09 CN CN2012100607922A patent/CN102546672A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286839A (en) * | 2006-12-27 | 2008-10-15 | 英特尔公司 | A method for exchanging strong encryption keys between devices using alternative input methods in wireless personal area networks (WPAN) |
| EP2395446A1 (en) * | 2010-06-14 | 2011-12-14 | Gemalto SA | Method for pairing a first device with a second device |
| CN102281314A (en) * | 2011-01-30 | 2011-12-14 | 程旭 | Realization method and apparatus for high-efficient and safe data cloud storage system |
Non-Patent Citations (1)
| Title |
|---|
| 曹人盛: "《"云计算"对广电国标地面数字电视无线传输应用的影响》", 《有线电视技术》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457780A (en) * | 2013-09-18 | 2013-12-18 | 浪潮电子信息产业股份有限公司 | Method for managing server host reinforcing product in non-application-proxy mode |
| US10251061B2 (en) | 2015-12-17 | 2019-04-02 | Tadhg Kelly | Cellular out of band management as a cloud service |
| CN105718789A (en) * | 2016-01-25 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Program execution control method based on user under AIX system |
| CN105740702A (en) * | 2016-01-25 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | User-based program execution control method under LINUX system |
| CN105718790A (en) * | 2016-01-26 | 2016-06-29 | 浪潮电子信息产业股份有限公司 | Program execution control method based on user under UNIX system |
| CN105740696A (en) * | 2016-01-26 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | User-based program execution control method under Solaris system |
| CN108206741A (en) * | 2016-12-16 | 2018-06-26 | 北京国双科技有限公司 | Verification method, the apparatus and system of service |
| CN106845168A (en) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | A kind of obfuscating control flow method towards remote computation |
| CN106845168B (en) * | 2016-12-20 | 2019-05-03 | 西安电子科技大学 | A kind of obfuscating control flow method towards remote computation |
| CN107566329A (en) * | 2017-05-11 | 2018-01-09 | 新华三云计算技术有限公司 | A kind of access control method and device |
| CN109145586A (en) * | 2018-08-14 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of SSR centralized management platform identity dynamic authorization method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102546672A (en) | Out-of-band authorization safety reinforcement method for cloud computing platform | |
| CN103310161B (en) | A kind of means of defence for Database Systems and system | |
| CN102724215B (en) | Method for storing user key safely and improving data security of cloud platform based on user login password | |
| CN105491062B (en) | A kind of client software guard method, device and client | |
| CN103455763B (en) | A kind of internet log record system and method protecting individual subscriber privacy | |
| CN102006306B (en) | Security authentication method for WEB service | |
| CN110233817B (en) | Container safety system based on cloud computing | |
| CN104038478A (en) | Embedded platform identity authentication trusted network connection method and system | |
| CN104767745A (en) | Cloud data security protection method | |
| CN105740725A (en) | File protection method and system | |
| CN104573549A (en) | Credible method and system for protecting confidentiality of database | |
| CN102760213A (en) | Credible Agent based MT (Mobile Terminal) credible state monitoring method | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| CN103780584A (en) | Cloud computing-based identity authentication fusion method | |
| CN108200073B (en) | Sensitive data safety protection system | |
| CN102340500A (en) | Security management system and method of dependable computing platform | |
| CN106850232B (en) | The authorization management method and system that state is kept | |
| CN110290125A (en) | Data security system and data safety processing method based on block chain | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN103607378A (en) | Access control method | |
| CN117390608A (en) | Security authentication method and system for file management | |
| CN102098313A (en) | Waterproof wall system and authentication method thereof | |
| Hieb et al. | Security enhancements for distributed control systems | |
| CN105912945A (en) | Safety reinforcing device and operation method of operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120704 |
|
| WD01 | Invention patent application deemed withdrawn after publication |