Key Technologies And Systems About Secure Cloud Computing Services Based Permission Subdivision

With the advent of the era of cloud computing,cloud security that cloud services provider provide gradually becomes the bottleneck of cloud computing to develop.In order to attract users,cloud providers want to prove himself crediblely.However,the issue of credibility often comes from the cloud administrators that grant too much authority.This paper mainly studies several key technologies about secure cloud computing services based on permission subdivision and implements a system prototype about secure cloud computing services.This paper introduces the concept of cloud computing firstly,pushing to that cloud security is becoming the bottleneck of cloud services to develop and the issue of secure cloud computing services is credibility.We find permission subdivided is not enough,so there are too many rights in the cloud administrators,and the users’ virtualization devices that rent in some current mainstream commercial public cloud platforms generate a credible threat.This paper simulates the real attack on the Openstack,VMware that cloud administrators steal information from users’ virtual machines,and summarizes and modeleds three attacks.Three typical models that attack on the cloud platforms is proposed,recorded some integral attack video.This paper bases on permissions subdivision,re-subdivision the cloud administrators’ permission and becomes a fine-grained permission system.Focusing on two key technologies on secure cloud computing services,double-check and logging and auditing technology.Combined with unified login entry technology,this paper implements a credibility system prototype of secure cloud computing services.We confirme the validity of this prototype system,and calculate the prototype increased time overhead through experiments.The main contribution of this paper is to point out the issue of credibility in public cloud,and simulates the actual attack that the cloud administrators may be used;Granting some fine-grained permission to the cloud.administrators;Avoiding audit system that involves a large number of protocol analysis,and we use the ssh conneet to transmit information.