您的位置:首页  > 论文页面

云平台特权行为管控与审计系统

发表时间:2017-02-28  浏览量:2356  下载量:367
全部作者: 杨春鹏,刘川意
作者单位: 北京邮电大学计算机学院;哈尔滨工业大学(深圳)计算机科学与技术学院
摘 要: 云管理员客观上具备滥用特权以控制与窃取云中用户数据的技术手段与金钱动机,如何细粒度划分云平台特权、实时管控与事后审计云管理员操作,成为极具挑战的问题。研究实现了云平台攻击实例,验证恶意云管理员可利用特权窃取用户数据。之后梳理相关研究工作中的主要技术路线:云平台管理权限划分与云平台运行时特权验证。最后,设计并实现了云平台特权行为管控与审计系统,提高了云平台管理权限划分与云平台运行时特权验证的适用性。
关 键 词: 数据安全与计算机安全;云计算;权限划分;特权管控;日志审计
Title: Cloud platform privileges control and audit system
Author: YANG Chunpeng, LIU Chuanyi
Organization: School of Computer Science, Beijing University of Posts and Telecommunications; School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen)
Abstract: Objectively, cloud administrators have both technical means and monetary motivation to misuse privileges to control and steal users’ data in the cloud platform. It is challenging to divide the least privileges, real-time control and post-audit cloud administrators’ operations. This paper firstly performs several attacks on the cloud platform to demonstrate that malicious cloud administrators can take advantage of privileges to steal users’ data. Secondly, this paper summaries the main technical approaches of recent researches: cloud administrators’ privileges division and run-time permissions control. Finally, this paper designs and implements a cloud platform privileges control and audit system to improve the applicability of cloud platform management privilege division and cloud platform runtime privilege verification.
Key words: data security and computer security; cloud computing; permissions division; privileges control; log audit
发表期数: 2017年2月第4期
引用格式: 杨春鹏,刘川意. 云平台特权行为管控与审计系统[J]. 中国科技论文在线精品论文,2017,10(4):356-364.
 
5 评论数 0
暂无评论
友情链接