Dynamic Attack Surface Defense Technology Based On Data Layer

Cloud computing is a storage computing platform for big data.After the cloud computing system is deployed,the entire system is basically in a relatively static state,and the attributes cannot be dynamically modified.This feature and the vulnerabilities in the system itself allow an attacker to attack in multiple ways.The protection of cloud computing systems requires a lot of effort and cost to defend against a specific attack.This kind of defense makes the existing offensive and defensive situation unequally,and the cost of defense is much higher than the cost of attack.This paper focuses on the data defense problem in cloud storage system,combined with the mobile target defense,focusing on the dynamic defense technology of the attack surface of the data layer.This paper mainly studies in detail from the following three aspects:1)On the basis of the encrypted file system,the data encryption transformation is performed through the system attribute change: the key update of the decision file is performed according to the user identity set,the file access operation and the system security coefficient,and the data is respectively saved by stream encryption and AES encryption,and the key is saved.The use of broadcast encryption and ECC encryption on the client and the file storage server respectively ensures that the file data is in a ciphertext security state during storage and transmission;2)Using the characteristics of the binary random spreading code,the data block copy stored in a certain node can be dynamically transformed in the multi-node copy storage by random coding calculation,and the security of the data copy is guaranteed under a low computational overhead.And the transformed copy guarantees the complete availability of the original data.Theoretical analysis and simulation experiments show that the time cost of coding for transforming is not high in the whole dynamic transform.The main time overhead is the transmission of data coding blocks between nodes.3)Based on the DHR of the mimicry defense technology,the adaptive DHR defense model is implemented according to the credibility feedback information of the server executive.The adaptive DHR model consists of a cloud storage server pool and a selector.The cloud storage server pool consists of multiple layers of heterogeneous servers.The selector includes a distribution layer and a control layer,wherein the distribution layer completes the input request distribution function;the control layer is responsible for performing the selection and voting of the collection,and is composed of a selection module,a voting module,and a negative feedback information module.Specifically,the selector dynamically controls the execution of the collection based on the server credibility information and the difference between the isomers.In this paper,the above three research points are divided into three chapters for description.Each chapter has carried out separate theoretical analysis and experimental verification,and summarized and prospected at the end of the article.