Design And Implementation Of Credibility Evaluation System For Cloud Platform

In recent years,with the rapid development of cloud computing,it shows huge business potentiality,many domestic Internet companies began to build their own public cloud platform.A large number of enterprises and individuals as well as government departments have migrated their own services to the cloud platform provided by the cloud service providers.However,there is no sound credibility evaluation mechanism for cloud platform,traditional evaluation method of cloud platform mainly rely on itself to collect evidence and evaluation,the premise of this approach is that the cloud service provider itself is credible.But in the actual situation,even if the cloud service provider use specific security measures for examination,it still cannot eliminate cloud tenants' concerns of the credibility of the cloud platform.Cloud platform credibility evaluation system is set up as an independent trusted third party between cloud platforms and cloud tenants.To verify the credibility,the trusted third party establish a connection with the measured cloud platform through a secure channel,and exchange data,collect real-time evidence,store in the database.There are three main types of credible evidence: configuration information,behavior information,real-time monitoring information.Big data analysis platform audits and evaluates the data through the pre-defined rules in the library,and generate credibility evaluation results.The system supports periodic and on-demand two modes,in the periodic mode,the system automaticly collect the evidence,in the on-demand mode,users request the system,and the system uses the existing evidence evaluation library to detact and return the results.In order to verify the feasibility of the evaluation system,we used vSphere cloud platform provided by Chinese information security evaluation center in the experiment,successfully collected a lot of credibility evidence,analysed the evidence through the pre-defined rule base,found some platform credibility risk,and then issued credibility evaluation report to the tenants.