Analysis And Realization Of IaaS Cloud Platform Security Reinforcement

In the cloud computing era, the importance of cloud security has become increasingly prominent.On the one hand, the nature of the cloud computing model is the separation of data ownership and management.Objectively cloud administrator can abuse the privilege to steal user privacy data. On the other hand, IaaS cloud platform is the foundation layer of the entire cloud computing. In the IaaS layer, configuration of each component and system vulnerabilities are likely to affect the security of the entire cloud environment.Firstly, this paper combs the main technical routes in domestic and foreign research work, including the cloud platform authority fine-grained division, cloud platform execution arbitration, retrospective and accounta bility in cloud computing, IaaS cloud platform security configuration.After that, in order to reveal the problem of fuzzy management privilege, misuse of privilege behavior, and vulnerability of IaaS cloud platform configuration in IaaS cloud computing model, by analyzing the architecture, privilege partition and log audit of the current mainstream cloud platform (such as OpenStack, VMware vSphere, QEMU + KVM,XEN), this paper realizes five attack examples which malicious cloud administrators steal user data from the IaaS cloud platform.In this paper, the research and implementation work of IaaS cloud platform security reinforcement is divided into two parts: on the one hand,IaaS cloud platform privilege behavior control and audit, that is based on IaaS cloud platform API, fine-grained permissions, role definition,interception review and audit. On the other hand, IaaS cloud platform security configuration check and reinforcement, that is based on IaaS cloud platform configuration, IaaS cloud platform security configuration check and reinforcement repair.The experimental results show that the cloud privilege behavior control and audit system based on IaaS cloud platform API implements the fine granularity privilege partitioning, seamless adaptation, privilege control and log audit function for two types of cloud platforms, which are OpenStack, VMware vSphere. Performance to ensure the normal operation of the user response time; Cloud platform security configuration on the OpenStack and VMware vSphere reduces the attack surface reinforcement to ensure the safe operation of IaaS cloud platform.