| Cloud computing platform has characteristics of high scalability and flexibility,on-demand computing resources supply which attract more and more enterprises to choose to migrate their traditional information systems to the environment of cloud.But the technologies such as virtualization which used by cloud computing platform have bring some security risks.When face those risks,the indicators of existing classified protection model in China have obvious deficiencies on feasibility and effectiveness.Through investigation and research of cloud security standards and academic literatures about cloud security evaluation domestic and overseas,the paper determines to choose cloud security standards put forward by ENISA,CSA and NIST—three foreign authoritative institutions—as study objects.It concludes security threats,security requirements and security objects of Iaa S cloud computing.On the basis of the third level traditional classified protection model,the paper come to a conclusion of cloud computing security evaluation guideline under Iaa S mode comprehensively.After that,the paper uses AHP-FCE which combined fuzzy comprehensive evaluation with analytic hierarchy process as the assessment method of the cloud computing security evaluation guideline suggested.Furthermore,the algorithm's program code in MATLAB environment is also implemented in this paper to statistical calculate evaluation data occurring in the process automatically.For verifying feasibility and effectiveness of the Iaa S cloud computing security evaluation guideline designed by the paper,it collects security assessment data with respect to a true cloud computing platform bases on the Cloud Stack framework.During the process,it calculates importance weights of each indicator by using AHP method.As a result,it works out a security score of the true Iaa S cloud computing platform through FCE. |
PDF Full Text Request