中國IDC產(chǎn)業(yè)大典云計(jì)算及應(yīng)用安全上

1、computer scienceassuring runtime service integrity in cloud systems 1/22ting yudepartment of computer sciencenorth carolina state universitycomputer science2cloud computing internet-based computing shared resources provided on demand basic computing resources virtual computing environment: cpu, memo

2、ry, storage, networking complicated services software as a service (saas), service-oriented architecture (soa) high level services: data processing, data management, auditing, web services, computer sciencemulti-tenant cloud systemsplatform for software as a service (saas)3/22p3p2p1p2p3p3p1userporta

3、lf1f2f3f4f1f2f3computer science4multi-tenant cloud systems (cont.)benefitsmore powerful services in a cost-effective wayapplicationsdataflow processing huge amounts of datareal-time processing and analysise.g. network traffic monitoring, sensor data analysis, scientific data processinge-commerce4/22

4、computer science5dataflow processing applicationsdataflowdata processing componentdata tuplediservice provider5/22p3p2p1p2p3p3p1userportalf1f2f3f4f1f2f3di,f1(di),f2(f1(di),f3(f2(f1(di),f3(f2(f1(di),di,computer scienceservice integrity attack6/22p3p2p1p2p3p3p1userportalf1f2f3f4f1f2f3di,f1(di),f0(f1(d

5、i),f3(f0(f1(di),f3(f0(f1(di),di, problems with multi-tenant cloud systemsservice providers come from different security domainsnot all data processing components are trustworthycomputer sciencesecurity concernscommunication securityinformation passed through the interneteasy to addressisolationinter

6、ference among tenantsconfidentialitynot trust third party to access dataintegritynot trust the result of servicesfocus of this work7/22computer science8previous workdistributed dataflow processing focuses on resource and performance management issues. usually assumes that all data processing compone

7、nts are trustworthytrust management in distributed systems distributed messaging systems haeberlen, et al. sosp 2007 pub-sub overlay srivatsa, et al., ccs 2005 virtualized datacenters berger, et al., sigops 2008 none of them addressed secure and scalable dataflow processing in multi-tenant cloud sys

8、tems8/22computer science9previous work (cont.)byzantine fault-tolerance in wide area networks amir, et al., dsn 2006 generally has scalability issuessecurity in soa ws-security v1.1 oasis, 2006 focuses on integrity and confidentiality of web service messages through encryption and authentication att

9、acks can go beyond messaging security9/22computer sciencechallenges10/22cannot install special hardware or software on third-party service providers required by existing hardware and software based attestation techniques scalable runtime integrity assurancecomputer science11our focuspractical runtime service integrity assurance for large-scale multi-tenant cloud systems without assuming a trusted entity at third-party service providers without requiring application modifications11/22computer science12assumptionsassumptionsthird-party component pr