Research On The Key Technologies Of Mimic Cloud Service Architecture

At present,cloud computing has attracted more and more users to deploy their business on the cloud with advantages of advanced techniques,flexible deployment patterns,on-demand computing power and cost with high efficient.The service model based on cloud computing has been widely used and developed,people's daily life is now closely related to the information services provided by cloud computing.While cloud service technology is rapidly developing and widely applied in applications from different fields,it also faces more and more severe security problems,including both traditional cyberspace security threats and new challenges brought by cloud services.The major source of these threats is the known or unknown vulnerabilities and backdoors of various software and hardware components.Moreover,the cloud service platforms are built by integrating existing software and hardware infrastructures,so the existing vulnerabilities and backdoors are gathered to cloud services,and eventually affect the security of the platforms.Vulnerabilities and backdoors have become important issues affecting the security of cloud services,and this security issue has become one of the important factors that hinder users from migrating applications to cloud platforms.However,most of the existing cloud service security protection technologies are passive defenses that require prior knowledge,such as threat characteristics and behavior perception.These technologies need to constantly find vulnerabilities and patch the system,and it is difficult to effectively resist uncertain threats based on unknown vulnerabilities or backdoors in software and hardware.Fortunately,the Cyber Mimic Defense(CMD)technology proposed by the domestic team overcomes many problems of traditional security methods,and has significant effects in the face of uncertain threats,such as unknown vulnerabilities,backdoors,virus and Trojans,etc.In addition,this technology also fits well with the heterogeneous redundancy characteristics of the dynamic pooling resources of the cloud service platform.Therefore,we study mimic defense technology of cloud services based on the theory of CMD in this paper.By taking advantage of the technology and model characteristics of cloud service,we research the construction method of mimic cloud service architecture,the scheduling method of mimic executor and the output decision method.We also propose a method to build Unified Data Management(UDM)network function for 5G core network based on mimic cloud service architecture.Finally,a lightweight and convenient simulation environment of mimic cloud service is designed and implemented.The main contents of this paper include:1.To solve the problem that current cloud service nodes use static and single executor structure and cannot deal with unknown security threats,we propose a mimic cloud service architecture to enhance the cloud service's capacity of defending from vulnerabilities and backdoors from structure's perspective.First,the characteristics and security threats of cloud service are analyzed,to find security weak points,and propose a feasible construction method of mimic cloud service.Then,based on relative theories of mimic defense,we design a mimic cloud service architecture oriented to cloud service node.The proposed architecture changes the static and single structure of existing service node.It replaces the cloud service node with mimic service package(MSP),and provide the same service as the original node.The MSP takes the Dynamic,Heterogeneous,Redundancy(DHR)as its basic architecture,and utilizes heterogeneous redundant computing resources provided by cloud platform as its executor.The MSP uses the scheduling mechanism of the executors to gain dynamics,and the mimic decision mechanism to ensure output consistency.Finally,the simulation environment of mimic cloud service designed in this paper is used to test and analyze the security of the architecture.2.Aiming at the scheduling mechanism of executors in mimic cloud service architecture,we propose a scheduling method for executors based on temporal-spatial similarity model.First,we analyze existing similarity models and scheduling mechanisms of executors.To solve the problem that existing similarity models cannot reflect the temporal-spatial features of common vulnerabilities,and the scheduling mechanism does not consider both the dynamic and heterogeneous characteristics,we propose a temporal-spatial similarity model.Then based on the scheduling indicator provided by this model,we propose an executor pool scheduling algorithm based on priority and time slice.The algorithm pre-sorts the executor pools based on the similarity indicator,and then performs scheduling for the executor pools according to the time slice and other strategies.Finally,the dynamics,similarity and time consumption of the algorithm is validated and analyzed by experiments.Empirical results indicate,the proposed scheduling method shows good dynamics,and is able to balance between dynamic and heterogeneous with the help of time slice strategy.It also costs less time compared to other methods.3.Aiming at the output decision mechanism of executors in mimic cloud service architecture,we propose an output decision method based on template and confidence model.First,we analyze existing output decision methods of executors.Focusing on the high complexity of decision mechanism brought by executors' irregular output and the shortcomings of existing credibility scoring methods,we analyze the feature of the interface of application-oriented cloud service.Combining the characteristics of cloud application service interface standardization and structured transmission data,we propose a response data decision method based on templates.Then we propose the decision correction method based on credibility indicator to solve the failure of majority decision.In the method,the credibility indicator combines both the historic performance of executor and the vulnerability score.It can dynamically consider the historical performance and vulnerability score,and reflects the credibility of the executor.Finally,the effectiveness of proposed credibility mechanism is validated by experiments.4.Aiming at the security threats faced by UDM network function in the 5G core network,a method for constructing UDM network function based on mimic cloud services architecture is presented.First,briefly introduce the service model of UDM network function and the threats of data leakage and data tampering.Then based on the mimic cloud service architecture,the construction method of mimic UDM is given,and the network function of mimic UDM and its security protection ability against data leakage and data tampering are tested through experiments.The results show that the mimic UDM can perform the normal service of its network function,and can protect against the security threats of data leakage and data tampering.This provides a practical method for improving the security of the 5G core network through mimic defense technology.5.Aiming at the real demand for the lack of convenient and efficient experimental evaluation tools in the research of mimic cloud service,we propose to implement a simulation environment for mimic cloud service.First,we analyze the fact that most experiments and evaluation works of mimic defense researches need to construct expensive and complicated physical environment.Then we analyze the development of different simulation environments and tools for cloud computing.According to the requirements analysis and technical selection for mimic cloud service systems,we extend the tool of Cloud Sim to implement a simulation environment of mimic cloud service.The simulation environment is designed according to the DHR architecture,and provides an extensible interface to help researchers implement new scheduling and decision mechanisms.In this paper,we firstly describe the architecture and implementation of the simulation environment,and then discusses the simulation process.Finally,we demonstrate the capabilities of the simulation environmentby using a decision mechanism,and test its performance.