Key Technology Research And Implement On Internal Administrators And Outsourcers Safety Risk For Controlled Cloud

Cloud computing enable users to reduce the costs of IT resources and accelerate the development on the core business through on-demand self-service and high scalability.While cloud computing benefits for enterprise and individual users,it also incurs security issues.Many enterprises hesitate to migrate their applications to public cloud infrastructures,opting instead to use private or in-house cloud offerings,the reason why enterprises are often reluctant to use public cloud infrastructures is security and privacy issues of client data.On public cloud infrastructures,the provider controls the management interface of user data,thus malicious cloud administrators or internal operators cloud use their administrative privileges to against security and privacy of client data.Therefore,how to manage and control the permissions and actions of cloud administrators,to protect security and privacy of client data,is the urgent problem to be solved in the process of cloud computing developing and generalizing.This paper,through an example of the OpenStack open source cloud,introduces internal control and audit system that based on API proxy.This paper implements wrapper of OpenStack's original API in API proxy,and append privilege layer in API proxy,implements access control of OpenStack's original API,to prevent that cloud administrators from using OpenStack's modules API to against the security and privacy of user's data and virtual machine.This solution provides a unified administrative interface to cloud administrators,and implements unified permission control;cloud administrator can use Web page or terminal to access management interfaces of cloud platform.This solution could dynamically configure management privilege for cloud administrators,and implement fine-grained privilege division,implements the access control of management interfaces of cloud platform,protects user data from insider threat of cloud platform.At the same time,this solution could record the operations of cloud administrators to the system logs,and provides the log audit function,could trace and account the operations of cloud administrator after the accident,and that implementation of API proxy give cloud administrators transparent access management interfaces of cloud platform.