CN104883369A - Cloud configuration safety assessment method - Google Patents

Cloud configuration safety assessment method Download PDF

Info

Publication number
CN104883369A
CN104883369A CN201510288104.1A CN201510288104A CN104883369A CN 104883369 A CN104883369 A CN 104883369A CN 201510288104 A CN201510288104 A CN 201510288104A CN 104883369 A CN104883369 A CN 104883369A
Authority
CN
China
Prior art keywords
layer
safety
security
cloud
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510288104.1A
Other languages
Chinese (zh)
Inventor
李晓红
白裕德
孙达志
许光全
韩卓兵
经雅婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201510288104.1A priority Critical patent/CN104883369A/en
Publication of CN104883369A publication Critical patent/CN104883369A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a cloud configuration safety assessment method. The cloud configuration safety assessment method comprises the following steps: (1), performing qualitative and quantitative analyzing on security problems and security evidences in the hierarchical structure of each service configuration including an IaaS layer, a Paas layer and an Saas layer; (2), assessing the security of each service configuration of a cloud platform; and (3), assessing the overall security of the cloud platform, establishing a first-level cloud security assessment model by use of a Sugeno fuzzy inference system based on an adaptive neural network, and analyzing the overall security of the cloud platform. Compared to the prior art, the number of users accessed to a network end is dynamically and reasonably controlled, loads accessed to the network end are always maintained within a certain acceptable scope, the users can be dispersed when a large number of users are simultaneously accessed to a network at the same frequency, the users can be accessed to the network as soon as possible, and the system random access performance in case of network congestion is greatly improved.

Description

Cloud framework safety evaluation method
Technical field
The present invention relates to cloud computing security fields, particularly relate to the appraisal procedure of a kind of cloud framework fail safe.
Background technology
According to the definition of NIST (National Institute of Standards and Technology), cloud computing is that a kind of mode can paid with easily, as required by network is obtained computational resource and improves the pattern of its availability.Wherein computational resource comprises network, server, storage, application and service etc., and these resources from shared, a configurable resource pool, and can obtain in the mode of the most laborsaving and unmanned intervention and discharge.
More specifically, according to the type service that cloud computing platform provides, the three-tier architecture of cloud computing platform is defined as follows: infrastructure is as service (IaaS), the ability being supplied to user is that cloud has supplied process, storage, network, and other basic computational resource, dispose or run arbitrarily oneself software for user, comprise operating system or application; Platform is as service (PaaS), and the ability being supplied to user is the application creating the deploy user of cloud infrastructure or purchase, the programming language that these application use service providers to support or too development; Software is as service (SaaS), and the ability being supplied to user is the application that use service provider operates on cloud infrastructure.User uses various client device to visit application (such as based on the mail of browser) by " thin " customer interface (such as browser) etc.
Along with the development of computer networking technology, cloud computing can significantly reduce expense cost and improve efficiency of operation, therefore its application and promote imperative.But the characteristic of the centralized running of cloud computing also makes it to become a double-edged sword.On the one hand, from management, safeguard and the angle of cost, cloud computing can provide and serve more efficiently while reducing costs; On the other hand, centralized running may cause the serious consequence of such as leaking data and so on.Therefore, the potential safety hazard that cloud computing brings should not be underestimated.
At present, safety problem has become one of subject matter hindering cloud computing development.In order to allow enterprise adopt cloud computing service relievedly, corresponding security evaluation mechanism just seems most important.But, also there is not enough comprehensively cloud framework security evaluation mechanism at present.Although recent domestic has many scholars to carry out a lot of related work for the safety evaluation of cloud and dependability evaluation, its research work is ubiquity problem but: the fail safe not analyzing cloud platform by different level.And cloud platform architecture is very complicated, its overall security be evaluated and tested, also layering should consider the potential safety hazard of its each layer, and then the overall security of cloud platform is assessed.
Summary of the invention
In order to overcome the problem of above-mentioned prior art, the present invention proposes a kind of cloud framework safety evaluation method, a kind of cloud framework security evaluation side based on Fuzzy AHP and Sugeno fuzzy inference system is proposed to the safety evaluation of cloud framework, according to selected cloud platform service architecture combined, the final safety value of cloud platform can be obtained.
1. the present invention proposes a kind of cloud security appraisal procedure, the method includes the steps of:
Step (1), to comprise IaaS layer, Paas layer and Saas layer each layer service architecture recursive hierarchy structure in safety problem and safe evidence carry out qualitative and quantitative analysis;
Step (2), the fail safe of each layer service architecture of cloud platform to be assessed;
Step (3), the fail safe of cloud platform and integrally to be assessed, adopt the Sugeno fuzzy inference system based on adaptive neural network to set up one-level cloud security assessment models, analyze the fail safe of cloud platform and integrally.
Described step (1) specifically comprises following process:
(1-1), IaaS layer safety problem at least comprises the integrity problem of the safety problem of virtual machine, the safety problem of virtual network, problem of data safety and hardware; Corresponding safe evidence has the Boundary Limit of the reliability of virtual machine image thesaurus, virtual machine, Malware or virus respectively at least, the reliability of dns server, the reliability locality of virtual switch software, integrality, isolation, confidentiality, backup, the reliability of server, the reliability of router, the reliability of memory device, the reliability of power supply;
(1-2), PaaS layer at least comprises safety problem, the safety problem of API and the storage security problem of mass data that SOA is correlated with; Corresponding safe evidence has at least XML to threaten protection, model validation, integrity protection, the security control of API Calls, API isolation, storage security, accessibility respectively;
(1-3), SaaS layer at least comprises the safety problem of network application, access control problem and problem of data safety; Corresponding safe evidence has Hole Detection, configuration safety respectively at least, authentication, access control, audit, locality, integrality, isolation, confidentiality, backup.
Described step (2) specifically comprises following process:
(2-1) significance level, for the safe evidence of the service architecture of cloud platform each layer IaaS, PaaS, SaaS sets up Analytic Hierarchy Process Model, use analytic hierarchy process AHP to analyze the weight of IaaS layer, PaaS layer, each safety problem of SaaS layer and safe evidence, form the weight vectors of each safe evidence for corresponding safety problem;
(2-2) safety value of the safe evidence of multilayer fuzzy comprehensive appraisal computational analysis cloud platform each layer service architecture, is utilized: first determine evaluation object collection and Comment gathers, then each safe evidence is assessed according to Comment gathers, structure Evaluations matrix, the weight vectors of safety problem is finally utilized to take advantage of Evaluations matrix, obtain final comprehensive evaluation value, namely the safety value of SaaS, PaaS and IaaS layer, is expressed as SaS, PaS and IaS.
Described step (3) specifically comprises following process:
(3-1), input influencing factor: i.e. safety value SaS, PaS and IaS of cloud platform three layers of service architecture SaaS, PaaS, IaaS, Fuzzy processing is carried out to it;
(3-2), determine fuzzy rule, the second layer of this regular corresponding adaptive neural network, export the intensity of activation of fuzzy rule;
(3-3), finally carry out de-fuzzy process, select Centroid function to calculate, produce accurate single output valve, i.e. the safety value S of the entirety of cloud platform architecture.
Compared with prior art, the present invention is evaluated as object with cloud platform security, proposes a kind of cloud framework safety evaluation method based on FAHP and Sugeno fuzzy inference system.The method expection reaches following beneficial effect:
1), this model adopts Field Using Fuzzy Comprehensive Assessment FAHP.FAHP is a kind of evaluation method Field Using Fuzzy Comprehensive Assessment and analytic hierarchy process (AHP) combined, and having a wide range of applications in system appraisal, measures of effectiveness, system optimization etc., is a kind of evaluation model of combination of qualitative and quantitative analysis.General first by chromatographic assays determination set of factors, then determine to pass judgment on effect with fuzzy comprehensive evoluation.Fuzz method is on stratification, and both merge mutually, has good reliability to evaluation.
2), this model adopts Sugeno fuzzy inference rule.Sugeno fuzzy inference rule calculates simple, is beneficial to mathematical analysis, a given input space can be mapped to a specific output region by the method for fuzzy logic.In addition, this model also adopts adaptive neural network to be optimized the coefficient in the fuzzy rule of Sugeno fuzzy reasoning;
By the method assessed cloud platform security reasonable, feasible above, cloud platform can be selected to provide convenient for user, and ensure safe and reliable.And the development quality of cloud platform can be improved, by risk control at acceptable level.Meanwhile, this quantitative appraisal procedure also can provide reference for the selection of cloud platform, classification etc.
Accompanying drawing explanation
Fig. 1 is adaptive neural network structural representation;
Fig. 2 is the cloud security appraisal procedure based on Fuzzy AHP and Sugeno fuzzy inference system.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail, if these execution modes exist exemplary content, should not be construed to limitation of the present invention.
The present invention assesses using Google cloud platform as specific embodiment.Select Google Compute Engine as the example of IaaS layer, Google App Engine is as the example of PaaS layer, and Google Apps is as the example of SaaS layer.First utilize the Security Evaluation Model of each layer service architecture, recycling cloud platform movement compensation assessment models, finally obtains the safety value of cloud platform architecture entirety.
1, IaaS instance analysis (Google Compute Engine)
First, each safety problem of GCE and corresponding safe evidence are analyzed, comprising:
The safety problem of virtual machine: the reliability of virtual machine image thesaurus is that startup example is necessary; The boundary of virtual machine, thinks that this safety index implements dynamics higher; Malware or virus, suppose that Malware or the attack mortality of virus to virtual machine are 98%;
The safety problem of virtual network: the reliability of dns server, pushes away dns server reliability is 0.9997 according to formula; The reliability of virtual switch software, pushes away virtual switch reliability is 0.9921 according to formula; Malicious attack, supposes that to the malicious attack mortality of virtual network be 97%;
Data security: consider the locality of data, integrality, isolation, confidentiality and data backup;
The reliability of hardware: the reliability of server, pushes away the reliability of server is 0.9975 according to formula; The reliability of router, pushes away the reliability of router is 0.9816 according to formula; The reliability of memory device, pushes away the reliability of memory device is 0.9822 according to formula; The reliability of power supply, pushes away the reliability of power supply is 0.9967 according to formula;
Secondly, suppose have 3 experts to give a mark for above-mentioned safety index analysis.Expert estimation table is as shown in table 1.
Table 1, Google Compute Engine expert estimation table
Expert I 1 I 2 I 3 I 4 I 5 I 6 I 7 I 8 I 9 I 10 I 11 I 12 I 13 I 14 I 15
1 3 7 5 9 7 5 9 5 7 7 9 7 7 7 7
2 7 9 5 9 9 7 9 7 7 7 9 9 7 5 7
3 5 7 9 9 7 5 7 3 9 7 9 7 7 5 7
Finally, according to the weight of each index obtained, multilayer fuzzy comprehensive appraisal is used to show that the safety value of GoogleCompute Engine is: 6.5797, i.e. the safety value IaS of IaaS layer.
2, PaaS instance analysis (Google App Engine)
First, each safety problem of GAE and corresponding safe evidence are analyzed, comprising:
The safety problem that SOA is relevant: XML threatens protection, uses html5lib and ElementTree to solve the parsing problem of lopsided XML; Model validation; The integrity protection of data, GAE provides a powerful Distributed Storage service;
The safety problem of API: the security control of API Calls, Google recommendation OAuth 2.0 agreement carries out certification to calling of API; API isolates, and each application program is run in the safe sandbox of oneself, can not be subject to the impact of other application programs or potential resource contention;
The storage security of mass data: storage security, pushes away the storage security grade of database is 94.08 according to formula; Availability, pushes away the availability of database is 91.54 according to formula;
Secondly, suppose have 3 experts to give a mark for above-mentioned safety index analysis.Expert estimation table is as shown in table 2.
Table 2, Google App Engine expert estimation table
Expert I 1 I 2 I 3 I 4 I 5 I 6 I 7
1 5 3 7 7 7 7 7
2 5 3 7 7 9 7 9
3 3 5 7 5 7 9 7
Finally, according to the weight of each index obtained, multilayer fuzzy comprehensive appraisal is used to show that the safety value of GoogleApp Engine is: 7.1789, i.e. the safety value PaS of PaaS layer.
3, SaaS instance analysis (Google Apps)
First, each safety problem of Googles Apps and corresponding safe evidence are analyzed, comprising:
The safety problem of network application: leak is monitored, and the data center of Google Apps does not comprise any unnecessary firmly soft or software, can reduce the leak that may be utilized; Configuration safety, Google service managerZ-HU is in charge of all items comprising product renewing.
Access control: authentication; Control, Google carries out long-term access control by Access Control List (ACL) (ACLs), adopts mark URLs mode to provide the short term access of " foot man's key " type to control; Security audit, the network of the continual monitoring global data center of Google.
Data security: Google uses BigTable to provide data to store and inquiry service for Google applies; Consider the locality of data, integrality, isolation, confidentiality and backup problem.
Secondly, suppose have 3 experts to give a mark for above-mentioned safety index analysis.Expert estimation table is as shown in table 3.
Table 3, Google Apps expert estimation table
Expert I 1 I 2 I 3 I 4 I 5 I 6 I 7 I 8 I 9 I 10
1 7 5 9 5 7 3 7 7 9 7
2 7 7 9 7 9 3 9 7 7 7
3 7 7 7 7 7 5 9 7 7 7
Finally, according to the weight of each index obtained, application multilayer fuzzy comprehensive appraisal finally show that the safety value of Google Apps is: 7.5369.The i.e. safety value SaS of SaaS layer.
4, the Sugeno fuzzy inference system based on adaptive neural network using this patent to set up, safety value IaS, PaS, SaS of Google Compute Engine, Google App Engine and the Google Apps tri-layers that above-mentioned three steps are obtained are as input, use the Sugeno fuzzy inference system based on adaptive neural network set up above, the general safety value obtaining the cloud platform architecture taking above-mentioned service model to combine is: 0.78899 (span is [0,1]), the safety value S of the entirety of namely final cloud platform architecture.
As can be seen here, the cloud platform architecture availability of this service model combination is higher.
Step 1, qualitative and quantitative analysis is carried out to the safe evidence in the recursive hierarchy structure of each layer service architecture:
(1-1), IaaS layer safety problem mainly comprises the integrity problem of the safety problem of virtual machine, the safety problem of virtual network, problem of data safety and hardware.Corresponding safe evidence has the Boundary Limit of the reliability of virtual machine image thesaurus, virtual machine, Malware or virus respectively, the reliability of dns server, the reliability locality of virtual switch software, integrality, isolation, confidentiality, backup, the reliability of server, the reliability of router, the reliability of memory device, the reliability of power supply.
(1-2), PaaS layer mainly comprises safety problem, the safety problem of API and the storage security problem of mass data that SOA is correlated with.Corresponding safe evidence has XML to threaten protection, model validation, integrity protection, the security control of API Calls, API isolation, storage security, accessibility respectively.
(1-3), SaaS layer mainly comprises the safety problem of network application, access control problem and problem of data safety.The leaky detection respectively of corresponding safe evidence, configuration safety, authentication, access control, audit, locality, integrality, isolation, confidentiality, backup.
Step 2, the fail safe of each layer service architecture of cloud platform to be assessed:
(2-1) significance level, for cloud platform each layer service architecture (IaaS, PaaS, SaaS) safe evidence sets up Analytic Hierarchy Process Model, use analytic hierarchy process AHP to analyze the weight of IaaS layer, PaaS layer, each safety problem of SaaS layer and safe evidence, form the weight vectors of each safe evidence for corresponding safety problem;
(2-2) safety value of the safe evidence of multilayer fuzzy comprehensive appraisal computational analysis cloud platform each layer service architecture, is utilized: first determine evaluation object collection and Comment gathers.Then each safe evidence is assessed according to Comment gathers, structure Evaluations matrix.Finally utilize the weight vectors of safety problem to take advantage of Evaluations matrix, obtain final comprehensive evaluation value, namely the safety value of SaaS, PaaS and IaaS layer, is expressed as SaS, PaS and IaS.
Step 3, the fail safe of cloud platform and integrally to be assessed, adopt the Sugeno fuzzy inference system based on adaptive neural network to set up one-level cloud security assessment models, analyze the fail safe of cloud platform and integrally.Neural net is the nonlinear dynamic system be made up of a large amount of simple process unit, has self adaptation reasoning learning ability and extensive parallel computing ability.And fuzzy technology is based on fuzzy logic, process the insoluble fuzzy information problem of conventional method by the fuzzy comprehensive estimation reasoning imitating human thinking.Therefore can use neural net to process complicated fuzzy information, carry out reasoning self study, the network parameter in adaptive adjustment reasoning algorithm simultaneously.
This adaptive neural network has five layers, as shown in Figure 1.Every layer of correspondence function separately, its parameter is optimized by adaptive neural network:
(3-1), influencing factor is inputted.Namely safety value SaS, PaS and IaS of cloud platform three layers of service architecture SaaS, PaaS, IaaS, carry out Fuzzy processing to it.
(3-2), fuzzy rule is determined.The second layer of this regular corresponding adaptive neural network, exports the intensity of activation of fuzzy rule.Wherein have 27 fuzzy rules, the following is the language representation of fuzzy rule:
1.If(IaS is Low)and(PaS is Low)and(Sas is Low)then(S is VeryPoor)(1)
2.If(IaS is Medium)and(PaS is Low)and(Sas is Low)then(S is VeryPoor)(1)
3.If(IaS is Low)and(PaS is Medium)and(Sas is Low)then(S is VeryPoor)(1)
4.If(Ias is Low)and(PaS is Low)and(Sas is Medium)then(S is VeryPoor)(1)
5.If(IaS is High)and(PaS is Low)and(Sas is Low)then(S is Poor)(1)
6.If(IaS is Low)and(PaS is High)and(Sas is Low)then(S is Poor)(1)
7.If(IaS is Low)and(PaS is Low)and(Sas is High)then(S is Poor)(1)
8.If(IaS is Low)and(PaS is Medium)and(Sas is Medium)then(S is Poor)(1)
9.If(IaS is Medium)and(PaS is Low)and(Sas is Medium)then(S is Poor)(1)
10.If(IaS is Medium)and(PaS is Medium)and(Sas is Low)then(S is Poor)(1)
11.If(IaS is Low)and(PaS is Medium)and(Sas is High)then(S is Good)(1)
12.If(IaS is Low)and(PaS is High)and(Sas is Medium)then(S is Good)(1)
13.If(IaS is Medium)and(PaS is Low)and(Sas is High)then(S is Good)(1)
14.If(IaS is Medium)and(PaS is High)and(Sas is Low)then(S is Good)(1)
15.If(IaS is High)and(PaS is Low)and(Sas is Medium)then(S is Good)(1)
16.If(IaS is High)and(PaS is Medium)and(Sas is Low)then(S is Good)(1)
17.If(IaS is Low)and(PaS is High)and(Sas is High)then(S is Good)(1)
18.If(IaS is High)and(PaS is Low)and(Sas is High)then(S is Good)(1)
19.If(IaS is High)and(PaS is High)and(Sas is Low)then(S is Good)(1)
20.If(IaS is Medium)and(PaS is Medium)and(Sas is Medium)then(S is Good)(1)
21.If(IaS is High)and(PaS is Medium)and(Sas is Medium)then(S is VeryGood)(1)
22.If(IaS is Medium)and(PaS is High)and(Sas is Medium)then(S is VeryGood)(1)
23.If(IaS is Medium)and(PaS is Medium)and(Sas is High)then(S is VeryGood)(1)
24.If(IaS is Medium)and(PaS is High)and(Sas is High)then(S is Excellent)(1)
25.If(IaS is High)and(PaS is Medium)and(Sas is High)then(S is Excellent)(1)
26.If(IaS is High)and(PaS is High)and(Sas is Medium)then(S is Excellent)(1)
27.If(IaS is High)and(PaS is High)and(Sas is High)then(S is Excellent)(1)
(3-3), finally de-fuzzy process is carried out.Select Centroid function to calculate, produce accurate single output valve, i.e. the safety value S of the entirety of cloud platform architecture;
(3-4) function that, adaptive neural network every layer is corresponding is as follows.This adaptive neural network has five layers, as shown in Figure 1.Every layer of correspondence function separately, its parameter is optimized by adaptive neural network:
Ground floor: define given k (input value x, y, z be corresponding IaS respectively, PaS, SaS) to quantizer K i(the A namely in Fig. 1 i, B i, C i, respective corresponding linguistic labels Low, Medium, High, finally obtain nine linguistic labelses) satisfaction degree.It is wherein premise parameter set.
Table 1, premise parameter
The second layer, is multiplied the input signal of the output signal of ground floor as the second layer, then is exported by product.Obtain the intensity of activation of 27 fuzzy rules.The output of i.e. ground floor here, x, y, z be corresponding IaS, PaS, SaS respectively.
W i = μ A i ( x ) · μ B i ( y ) · μ C i ( z ) , i = 1,2 , , 27
Third layer, gets the ratio of the intensity of activation of the i-th rule and the intensity of activation sum of strictly all rules, as standardized intensity of activation.
w ‾ i = w j w 1 + w 2 + . . . w 27
4th layer is the output of third layer, and launching namely, is consequent parameter set, and x, y, z is corresponding IaS, PaS and SaS respectively.When middle i gets 1 ~ 4, p, q, r, s corresponding VeryPoor a line value.When middle i gets 5 ~ 10, p, q, r, s corresponding Poor a line value.When middle i gets 11 ~ 20, p, q, r, s corresponding Good a line value.When middle i gets 21 ~ 23, p, q, r, s corresponding VeryGood a line value.When middle i gets 24 ~ 27, p, q, r, s corresponding Excellent a line value.
Table 2, consequent parameter
Layer 5, this one deck obtains final output by cumulative for all input signals (output signal of last layer).

Claims (4)

1. a cloud security appraisal procedure, is characterized in that, the method includes the steps of:
Step (1), to comprise IaaS layer, Paas layer and Saas layer each layer service architecture recursive hierarchy structure in safety problem and safe evidence carry out qualitative and quantitative analysis;
Step (2), the fail safe of each layer service architecture of cloud platform to be assessed;
Step (3), the fail safe of cloud platform and integrally to be assessed, adopt the Sugeno fuzzy inference system based on adaptive neural network to set up one-level cloud security assessment models, analyze the fail safe of cloud platform and integrally.
2. cloud security appraisal procedure as claimed in claim 1, it is characterized in that, described step (1) specifically comprises following process:
IaaS layer safety problem at least comprises the integrity problem of the safety problem of virtual machine, the safety problem of virtual network, problem of data safety and hardware; Corresponding safe evidence has the Boundary Limit of the reliability of virtual machine image thesaurus, virtual machine, Malware or virus respectively at least, the reliability of dns server, the reliability locality of virtual switch software, integrality, isolation, confidentiality, backup, the reliability of server, the reliability of router, the reliability of memory device, the reliability of power supply;
PaaS layer at least comprises safety problem, the safety problem of API and the storage security problem of mass data that SOA is correlated with; Corresponding safe evidence has at least XML to threaten protection, model validation, integrity protection, the security control of API Calls, API isolation, storage security, accessibility respectively;
SaaS layer at least comprises the safety problem of network application, access control problem and problem of data safety; Corresponding safe evidence has Hole Detection, configuration safety respectively at least, authentication, access control, audit, locality, integrality, isolation, confidentiality, backup.
3. cloud security appraisal procedure as claimed in claim 1, it is characterized in that, described step (2) specifically comprises following process:
Significance level for the safe evidence of the service architecture of cloud platform each layer IaaS, PaaS, SaaS sets up Analytic Hierarchy Process Model, use analytic hierarchy process AHP to analyze the weight of IaaS layer, PaaS layer, each safety problem of SaaS layer and safe evidence, form the weight vectors of each safe evidence for corresponding safety problem;
Utilize the safety value of the safe evidence of multilayer fuzzy comprehensive appraisal computational analysis cloud platform each layer service architecture: first determine evaluation object collection and Comment gathers, then each safe evidence is assessed according to Comment gathers, structure Evaluations matrix, the weight vectors of safety problem is finally utilized to take advantage of Evaluations matrix, obtain final comprehensive evaluation value, namely the safety value of SaaS, PaaS and IaaS layer, is expressed as SaS, PaS and IaS.
4. cloud security appraisal procedure as claimed in claim 1, it is characterized in that, described step (3) specifically comprises following process:
Input influencing factor: i.e. safety value SaS, PaS and IaS of cloud platform three layers of service architecture SaaS, PaaS, IaaS, carries out Fuzzy processing to it;
Determine fuzzy rule, the second layer of this regular corresponding adaptive neural network, export the intensity of activation of fuzzy rule;
Finally carry out de-fuzzy process, select Centroid function to calculate, produce accurate single output valve, i.e. the safety value S of the entirety of cloud platform architecture.
CN201510288104.1A 2015-05-29 2015-05-29 Cloud configuration safety assessment method Pending CN104883369A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510288104.1A CN104883369A (en) 2015-05-29 2015-05-29 Cloud configuration safety assessment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510288104.1A CN104883369A (en) 2015-05-29 2015-05-29 Cloud configuration safety assessment method

Publications (1)

Publication Number Publication Date
CN104883369A true CN104883369A (en) 2015-09-02

Family

ID=53950703

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510288104.1A Pending CN104883369A (en) 2015-05-29 2015-05-29 Cloud configuration safety assessment method

Country Status (1)

Country Link
CN (1) CN104883369A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254517A (en) * 2016-08-31 2016-12-21 成都秦川科技发展有限公司 Information private transmission based on Internet of Things and object control method, Apparatus and system
CN106295357A (en) * 2016-08-29 2017-01-04 安徽云图信息技术有限公司 Information security evaluation and service cloud platform
CN106375438A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy transmission method, apparatus and system based on Internet of Things information private channel
CN106375313A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Information transmission method, apparatus and system based on private information channel of Internet of things and public network fuzziness
CN106375310A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Information transmission and object control method, apparatus and system of private channel of Internet of things
CN106375439A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy distribution and object control method and apparatus of information of Internet of Things
CN106375424A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy transmission and control method, device and system for Internet of things information
CN106487810A (en) * 2016-11-25 2017-03-08 中国科学院信息工程研究所 A kind of cloud platform security postures cognitive method
CN107733895A (en) * 2017-10-19 2018-02-23 国云科技股份有限公司 A kind of method for quantitatively evaluating of cloud computing platform safety
CN107919033A (en) * 2016-10-10 2018-04-17 北京七展国际数字科技有限公司 A kind of telegraphy official's Experience of Ecological system by merging multimedia, micro climate and bio-landscape
CN108667886A (en) * 2017-04-01 2018-10-16 华为技术有限公司 The method, management system and cloud computing service framework of PaaS services are provided
CN109478263A (en) * 2016-06-10 2019-03-15 欧帕特公司 System and equipment for architecture assessment and strategy execution
CN110266723A (en) * 2019-07-08 2019-09-20 云南财经大学 A kind of safety of cloud service methods of risk assessment
CN113128810A (en) * 2019-12-31 2021-07-16 中移动信息技术有限公司 Training method, device and equipment of scoring model and storage medium
CN113379372A (en) * 2021-05-20 2021-09-10 同济大学 Human-machine object co-fusion manufacturing platform architecture system for non-ferrous metal smelting process control
CN116418699A (en) * 2023-06-12 2023-07-11 北京天融信网络安全技术有限公司 Cloud service provider network security capability assessment system, method, equipment and medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AHMED TAHA等: ""AHP-Based Quantitative Approach for"", 《IEEE》 *
MEI LI等: ""A RISK ASSESSMENT METHOD OF CLOUD COMPUTING BASED ON MULTI-LEVEL FUZZY COMPREHENSIVE EVALUATION"", 《IEEE》 *
李芳等: ""基于模糊推理理论的线控***网络健康度研究"", 《电工技术学报》 *
梁员宁: ""云服务可靠性评估模型及关键技术研究"", 《中国优秀硕士论文全文数据库》 *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109478263B (en) * 2016-06-10 2022-04-29 欧帕特公司 System and apparatus for architecture evaluation and policy enforcement
CN109478263A (en) * 2016-06-10 2019-03-15 欧帕特公司 System and equipment for architecture assessment and strategy execution
CN106295357A (en) * 2016-08-29 2017-01-04 安徽云图信息技术有限公司 Information security evaluation and service cloud platform
CN106375438A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy transmission method, apparatus and system based on Internet of Things information private channel
CN106375313A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Information transmission method, apparatus and system based on private information channel of Internet of things and public network fuzziness
CN106375310A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Information transmission and object control method, apparatus and system of private channel of Internet of things
CN106375439A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy distribution and object control method and apparatus of information of Internet of Things
CN106375424A (en) * 2016-08-31 2017-02-01 成都秦川科技发展有限公司 Public network fuzzy transmission and control method, device and system for Internet of things information
CN106254517A (en) * 2016-08-31 2016-12-21 成都秦川科技发展有限公司 Information private transmission based on Internet of Things and object control method, Apparatus and system
CN107919033A (en) * 2016-10-10 2018-04-17 北京七展国际数字科技有限公司 A kind of telegraphy official's Experience of Ecological system by merging multimedia, micro climate and bio-landscape
CN106487810B (en) * 2016-11-25 2019-10-18 中国科学院信息工程研究所 A kind of cloud platform security postures cognitive method
CN106487810A (en) * 2016-11-25 2017-03-08 中国科学院信息工程研究所 A kind of cloud platform security postures cognitive method
CN108667886A (en) * 2017-04-01 2018-10-16 华为技术有限公司 The method, management system and cloud computing service framework of PaaS services are provided
US11438242B2 (en) 2017-04-01 2022-09-06 Huawei Cloud Computing Technologies Co., Ltd. Method for providing PaaS service, management system, and cloud computing service architecture
WO2019075795A1 (en) * 2017-10-19 2019-04-25 国云科技股份有限公司 Method for evaluating security of cloud computing platform
CN107733895B (en) * 2017-10-19 2020-09-29 国云科技股份有限公司 Quantitative evaluation method for cloud computing platform security
CN107733895A (en) * 2017-10-19 2018-02-23 国云科技股份有限公司 A kind of method for quantitatively evaluating of cloud computing platform safety
CN110266723A (en) * 2019-07-08 2019-09-20 云南财经大学 A kind of safety of cloud service methods of risk assessment
CN113128810A (en) * 2019-12-31 2021-07-16 中移动信息技术有限公司 Training method, device and equipment of scoring model and storage medium
CN113128810B (en) * 2019-12-31 2024-05-28 中移动信息技术有限公司 Training method, device, equipment and storage medium of scoring model
CN113379372A (en) * 2021-05-20 2021-09-10 同济大学 Human-machine object co-fusion manufacturing platform architecture system for non-ferrous metal smelting process control
CN116418699A (en) * 2023-06-12 2023-07-11 北京天融信网络安全技术有限公司 Cloud service provider network security capability assessment system, method, equipment and medium

Similar Documents

Publication Publication Date Title
CN104883369A (en) Cloud configuration safety assessment method
Zammori et al. ANP/RPN: A multi criteria evaluation of the risk priority number
Shi et al. A privacy protection method for health care big data management based on risk access control
Lee et al. A semantic approach to improving machine readability of a large-scale attack graph
Deng et al. Elimination of policy conflict to improve the PDP evaluation performance
Oliveira et al. An approach for benchmarking the security of web service frameworks
Ren et al. A universal defense strategy for data-driven power system stability assessment models under adversarial examples
García-Martín et al. Energy-aware very fast decision tree
Dong et al. Combination of D‐AHP and Grey Theory for the Assessment of the Information Security Risks of Smart Grids
Zhou et al. SC-VDM: A lightweight smart contract vulnerability detection model
Zhao et al. Research on multidimensional system security assessment based on ahp and gray correlation
Sun et al. Security Attitude Prediction Model of Secret‐Related Computer Information System Based on Distributed Parallel Computing Programming
Gorawski et al. Performance tests of smart city IoT data repositories for universal linear infrastructure data and graph databases
Jianye et al. Information security risk assessment of smart grid based on absorbing markov chain and SPA
Jia et al. Association analysis of private information in distributed social networks based on big data
Zhang et al. A security monitoring method based on autonomic computing for the cloud platform
Meng et al. Comparison of different centrality measures to find influential nodes in complex networks
Li et al. QoS-based service selection method for big data service composition
Shi et al. A Privacy Risk Assessment Model for Medical Big Data Based on Adaptive Neuro‐Fuzzy Theory
Zhang Information security risk assessment based on cloud computing and bp neural network
Wu et al. A dynamic resource-aware endorsement strategy for improving throughput in blockchain systems
Li et al. A risk assessment method of cloud computing based on multi-level fuzzy comprehensive evaluation
Daoudagh et al. A Decentralized Solution for Combinatorial Testing of Access Control Engine.
Chen et al. Mobile internet access control strategy based on trust perception
Dong et al. A Privacy-Preserving Electricity Theft Detection (PETD) Scheme for Smart Grid

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150902