Research On Job Security Technologies In Cloud Computing System

Cloud computing is a burgeoning Internet computing paradigm. It congregates large numbers of IT resources (computation, storage, software, etc), forms a huge virtual resources pool, and provides on-demand IT services to the remote Internet users. The convenient, cheap and elastic resources in cloud are pulling more and more attentions of the enterprises and users. It is becoming the focus of the academia, industrial community and governments. However, the security problem is confining its popularization and development. This dissertation is dedicated in the critical section of cloud computing security, the security of the user computation and data (named job in the rest).Firstly, this dissertation introduces systematically the concept, characteristic, architecture and security problems of the cloud computing, and represents the job's security demands and four security attributes (confidentiality, authenticity, availability and controllability). Then, aimed at the job security, a security framework and three security technologies are proposed.Because current security models and frameworks serve the whole cloud computing system, they don't meet the specific security demands of the jobs. This dissertation proposes an innovative security framework--TESDA, user-demand- oriented and composed of five security mechanisms (trust, evaluating, scheduling, defending and auditing). For securing the jobs, TESDA serves an effective guide for the application of the existing technologies and the development of new technologies. Its structure, components and work flow are represented in this dissertation.The current risk evaluating technologies aim mainly at the attacks outside the cloud, are incapable of assessing the risk that the jobs would be attacked by the cloud services and infrastructures they hosted. Therefore, this dissertation puts foreword a quantitative method which evaluates the risk that every service destroys the confidentiality and authenticity of the jobs that they would serve. In this method, the data flow in IPC level is used to describe the services'behavior, identify the attacks, and the services are divided into simple services and combined services. The attack identification gives full consideration to the functions of security technologies engaged by the jobs and the natural behaviors of the services. The experiments in the prototype system show that the method has little impact on the system performance.In the extremely dynamic cloud computing system, traditional access control technologies provide no autonomic authorization and access control for the users on their jobs in remote cloud. For this reason, this dissertation proposes a new decentralized information flow control technology, based on the standard operation system abstract. In this technology, jobs are annotated with confidentiality and authenticity labels which describe the control demands of the users, and access to the jobs are arbitrated based on their labels by intercepting IPC-relevant system calls. Thereby, the controls on the jobs are reached to the cloud, and sequentially the users'demands on the confidentiality, authenticity and controllability of their jobs are meet.The existing job-duplication-based fault-tolerant scheduling algorithms potentially lead that the copies of the same job fail in their cloud nodes for the same reason. To address this problem, the node similarity concept and a node-similarity-based fault-tolerant scheduling algorithm are proposed. For avoiding the copies of the same job failing for the same reason, the new algorithm allocates the copies to the cloud nodes with smaller similarity, and sequentially improves the job availability. Simulation experiments show the proposed algorithm is effective.Summarily, this dissertation systematically researches the job security problems for the first time. The proposed security framework and technologies orient the practical needs of cloud users and real threats to the jobs, can effectively improve the security of the jobs in cloud computing system, and have great value for guiding the coming development on the job security technologies.