| As a deployment model of cloud computing, private cloud has been accepted by more and more enterprises and the government. Private cloud brings advantages to groups, such as flexible management, high efficiency and energy saving, at the same time brings challenges to security policy management of the system. In the private cloud, there are lots of applications, and the security policy management is complex. For these reasons, it is necessary to make the management roles and responsibilities of security policy further refined and improved, with considering the features of resource management in the private cloud, and following the principle of separation of duties which is one of the information security management principles.First of all, through the analysis of features of private cloud and its applications’ security management, this paper proposed the design concept of Application-Driven Based Security Policy Management. The traditional three-members management model, which includes system administrator, security administrator and security auditor, is further refined. The security administrator role is split into application security administrator role and private cloud platform security administrator role. The application security administrator is responsible for the security of application, and the private cloud platform security administrator is responsible for the security of the private cloud infrastructure.Secondly, according to the design concept of Application-Driven Based Security Policy Management, this paper proposed security policy management architecture for private cloud. The architecture includes security policy control layer and security policy refine layer. In the security policy control layer, application security administrator makes security policy according to the security goal of the group, and security auditor checks the security policy. These two operations are finished by human. In the security policy refine layer, security policy is refined as security rules which the system components can directly recognize and execute. And this operation is finished automatically by software systems.Finally, this paper designed and implemented the security policy management prototype system. The private cloud platform was built and one application was deployed in the private cloud. Then the security policy management of the application was carried out through the prototype system. The innovations of this paper are:(1) This paper puts forward the design concept of Application-driven Based Security Policy Management, based on the traditional three-members management model. The security administrator role is split into application security administrator role and private cloud platform security administrator role.(2) Security policy management architecture for private cloud is designed. The architecture is divided into security policy control layer which is the upper layer and security policy refine layer which is the lower layer. The upper layer is responsible for the making of policies from security goal and the lower layer is responsible for the refining of the policies to a set of security rules which can be directly recognized and executed by different security components in different network layers.(3) This paper Gives solutions to problems raised during policy refinement process, especially problems caused by the dynamic features of private cloud. And these solutions contains association mechanism, and replacement mechanism which using system components of higher network layer replace the system components of lower network layer. |
PDF Full Text Request