| With the rapid development of cloud computing technology, an increasing number of organizations and enterprises have chosen cloud computing technology as the solution to their growing complex and heavy business. Considering a variety of factors, such as security, economy, feasibility and the quick development of open source community, competitive enterprises always hope through the open source cloud platform to build a private cloud platform within in the boundaries of the enterprice to enhance the application running performance, decrease the complexity of application operations. There are a wide variety of systems within the traditional organizations and enterprises, because of the differences of the development time of systems, target customers, functional objectives and development teams, the security management of system within organizations and enterprises are dispersed, and every application has its own security guarantee mechanism. Thus, it not only resulted in a waste of resources but also the existence of security risks. Due to the complexity and uncertainty of cloud computing, when organizations or enterprises are going to adopt cloud computing technology to transplant current application system to cloud computing platform, they will face bigger security issues. Meanwhile, compared to commercial software, because of a lack of enough financial and technical support, there are often a variety of security holes in open source cloud platform. Thus, to realize a complete set of enterprise private cloud security system based on open source cloud platform is crucial for the enterprise and the development of open source cloud platform itself.According to the basic needs of the security problems in build enterprise private cloud computing system based on open source cloud platform. Firstly,this thesis studies the design of private cloud platform security architecture, and builds a private cloud computing environment based on open source cloud platform Cloud Foundry v2, and studies the implementation mechanisms for the isolation and control of application resources. Secondly, for the current open source of cloud platform has no enough support to the service of being security access to applications, this thesis designs and implements a framework of the unified identity authentication and access control management system. Meanwhile, for the security flaws in the enterprise data storage, this thesis proposes a new grading encryption algorithm, by grading the data based on the security specification, to encrypt the high requirements data with symmetric encryption, then, to encrypt the encryption key which is used in symmetric encryption, thus to balance the security of the data and system efficiency. Finally, based on the previous studies,this thesis designs and implements a private cloud security system which provides a unified platform for application authentication and provides the function of accessing control management, grading double encryption of application data, the backup and recovery of critical database, and the audit management of user behavior.The system will offer protection for the applications running on the cloud platform, enhance the applications access security and data security, improve the overall security of applications running on the platform and the cloud platform itself. |
PDF Full Text Request