| Public cloud service has been commercially available for years. Public cloud service platform greatly reduces the cost of software development and improves the utilization of hardware resources by resource sharing and flexible resource management. However, the current public cloud service platform security solution is still not mature. On the one hand the traditional enterprise security solutions are not applicable in the scenes of cloud platform opening services, on the other hand the complexity of the platform architecture and a large number of references to supporting technologies lead to single level security solution untrusted.In this paper, we discuss the typical problems of mainstream commercial cloud services platform security solutions, cloud security research as well as traditional security technologies in cloud computing scenarios. Then we propose a multi-level cloud security mechanism that deeply protects security and integrity of cloud platform user data and platform sevices. Multi-level cloud security mechanism protects the privacy and integrity even faceing a compromise of virtual machine monitor (VMM) and the management VM. Java application isolation sandbox of multi-level cloud security mechanism fine-grained controls over the cloud platform programs’behavior and minimize the costs when tenant migrants service program from local to cloud platform. Multi-level cloud security mechanism alse can effectively collect the running log of both platform services and customer services, then series logs into the call chain of the services. The loging service provides information support to user opreation audit, platform services fault location, intrusion detection and performance analysis.The main ideas and achivements of this paper include:1. Research the major security issues of cloud computing. Analysis of the main security challenges cloud platform from the source of the security threat and structure cloud platform and summarize main problems of current research enterprise security solutions.2. Add support for Xen mirroring encryption and decryption operations, separate the key transport, key management and processing decryption operations management from virtual machine monitor VMM and the other cloud platform services to ensure even face a compromise to of virtual machine monitor and the management VM, security mechanism can still proctect security and integrity of user data.3. On the Java application sandbox isolation, multi-level cloud security mechanism monitor running of Java API by dynamic aspect injection technology, enhance the ability to control of the user program based on Java security model, solve the problem of fine-grained monitoring API and how to third parties library security authorization issues, ensure the safety of isolation while reducing service users migrate from the local to the cost of work PaaS platform.In this paper, we describe the design ideas multi-level cloud security system, design and implementation of concrete frame structure and function, and finally through experimental test the effectiveness of the system and gives performance impact results. |
PDF Full Text Request