Research And Implementation Of Cloud Platform Privileged Operation Audit And Management Based On Security Proxy

The global IaaS market has maintained steady growth.88%of enterprises are using public cloud services,and IaaS's infrastructure cloud platform is widely used.However,the division of management authority of the mainstream cloud platform is not fine,management and auditing capabilities of cloud platform are seriously missing,these problems can cause administrators to steal and tamper with user sensitive data through privileged operations.This thesis starts with the issue of privileged operational security in cloud computing,in-depth researches on the privileged behavior attacks faced by current cloud platform tenants.This article introduces the current privileged operational security issues in mainstream cloud platforms and comprehensively analyzes the two solutions proposed by the current academic community:Cloud Platform Management Rights Division and Cloud Platform Verification.Then,this paper simulates the privileged operation attack of the cloud platform under the real scene,quantifies the damage degree of the attack,and forms a security quantitative analysis model of the cloud platform.To solve the problem of privileged operation security of the cloud platform,this paper presents a cloud platform privileged operation audit management and control technology based on secure unified gateway.There are four main breakthroughs in this article:1.A secure and unified gateway architecture is proposed,which can be seamlessly integrated into the mainstream cloud platform without any changes in the cloud platform;2.This system supports many kinds of protocols such as HTTP,HTTPS and other protocols of major cloud platforms;3.Dividing different permissions in advance for different roles to make audit and control finer;4.Support more flexible control technology and provide all the operation logs of the cloud administrator.In the evaluation stage,this thesis has carried out effective experiments and performance experiments on cloud platform privileged operation audit and control system.The system realizes fine-grained permission division,privileged operation control and audit of the mainstream cloud platform.The performance cost is only about 100 milliseconds,which has little effect on user operation.