| After the age of personal computer and Internet, cloud computing is regarded as the third information technology revolution. As a product of computer technology and Internet technology integrative development, cloud computing had brought major update of the information technology industry mode. It is gradually being extended to various application fields. But because of the huge system of cloud computing, a lot of user privacy data is carried. Combined with openness and complexity, there are more serious challenges of security issue facing than the traditional information system. At present, it had exposed various security problems in the process of cloud computing application. For coping with these problems, the major application agencies propose their cloud security solutions in succession. And the researchers propose their achievements which based on one kind of specific techniques of cloud security.Aiming at the confidentiality, integrity and availability of the data, and combining with the characteristics of cloud computing architecture, this thesis propose one kind of multidimensional protection system which based on user-dimension, data-dimension, application-dimension and basic-dimension. According to this classification, the safety technologies and strategies were proposed specifically. Simultaneously, the subjects which use and manage "cloud"(cloud computing users and service providers) and the environment (network hardware environment and the social system environment) were accepted into cloud security system. The destination of this system is to grasp the problems of all aspects in the process of application and promotion of cloud computing as far as possible, so as to set up a thorough and comprehensive "trusted cloud" system.In the discussion of the multi-dimensional system model, each dimension has its focused. The user-dimensional use the trust management technology as the focus, and had put forward the identity authentication and authorization system which based on trust management. The data-dimensional use the data encryption technology as the focus. And a cloud storage encryption solution is proposed and implemented. The service-dimensional use the security audit and monitoring as the focus, a service-oriented cloud security monitoring system is proposed. The basic-dimension focuses on network and host security. In addition, aiming at the problem of cloud security standardization, a cloud security standardized assessment system which based on cloud implementation is purposed.In the cloud storage security technology solutions, two problems are solved:(1) For the user authentication problem, combined with the HDFS file system access interface, a HDFS identity authentication technology based on PKI is designed. Using the characteristic of PKI, HDFS user authentication is completed by a digital signature of user’s private key, which could improve the availability of the cloud storage system based on HDFS(2) Aiming at the security issues such as data leakage and data tampering in cloud storage technology, combined with the characteristics of HDFS data integrity verification mechanism, a kind of data security technical solution which bases on data transmission and data storage of HDFS is designed and implemented. The data uploaded to HDFS is encrypted by AES algorithm and stored in cipher, and the AES secret key is encrypted by RSA algorithm. This solution can effectively avoid the leakage of data transmission and storage. The tile stored in two kinds of form, cipher-form or plaintext-form. The user can choose whether or not to encrypt the file. On the basis of the security analysis and experimental data of the performance test, the security and viability of this solution is verified. |
PDF Full Text Request