| 云计算安全审计技术研究综述 |
| |
| 引用本文: | 王文娟,杜学绘,王娜,单棣斌. 云计算安全审计技术研究综述[J]. 计算机科学, 2017, 44(7): 16-20, 30 |
| |
| 作者姓名: | 王文娟 杜学绘 王娜 单棣斌 |
| |
| 作者单位: | 解放军信息工程大学网络空间安全学院 郑州450001数字工程与先进计算国家重点实验室 郑州450001,解放军信息工程大学网络空间安全学院 郑州450001数字工程与先进计算国家重点实验室 郑州450001,解放军信息工程大学网络空间安全学院 郑州450001数字工程与先进计算国家重点实验室 郑州450001,解放军信息工程大学网络空间安全学院 郑州450001数字工程与先进计算国家重点实验室 郑州450001 |
| |
| 基金项目: | 本文受国家863高技术研究发展计划基金项目:基于多维控制的云计算信息流追责、管控技术研究(2015AA011705)资助 |
| |
| 摘 要: | 目前安全问题已经成为阻碍云计算推广和发展的巨大障碍,云计算环境特有的数据和服务外包、虚拟化、多租户和跨域共享等特点使得其面临的安全威胁相比传统IT环境更复杂多样,对安全审计技术也提出了更高的要求。首先分析了云计算环境下安全审计面临的主要挑战,提出云环境下的安全审计参考框架,从用户维、业务维、数据维、设施维等4个维度上对云环境进行全方位的“体检”。然后针对不同维度,围绕日志审计、存储审计、配置审计3个方面的研究进行了评述,以期为我国未来云计算安全审计的发展研究提供有益的参考。
|
| 关 键 词: | 云计算 安全审计 日志审计 存储审计 配置审计 |
| 收稿时间: | 2016-05-26 |
| 修稿时间: | 2016-09-06 |
Review on Security Audit Technology for Cloud Computing |
| |
| WANG Wen-juan,DU Xue-hui,WANG Na and SHAN Di-bin. Review on Security Audit Technology for Cloud Computing[J]. Computer Science, 2017, 44(7): 16-20, 30 |
| |
| Authors: | WANG Wen-juan DU Xue-hui WANG Na SHAN Di-bin |
| |
| Affiliation: | College of Cyberspace Security,PLA Information Engineering University,Zhengzhou 450001,China State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China,College of Cyberspace Security,PLA Information Engineering University,Zhengzhou 450001,China State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China,College of Cyberspace Security,PLA Information Engineering University,Zhengzhou 450001,China State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China and College of Cyberspace Security,PLA Information Engineering University,Zhengzhou 450001,China State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China |
| |
| Abstract: | Now the security concern has become a huge impediment to the development of cloud computing.Due to the specific characteristics such as data and service outsourcing,virtualization,multi-tenant and cross domain sharing,the cloud computing environment faces more complicated threats compared with traditional IT environment,and the security audit technology also needs higher demands.Firstly,this paper analyzed the main challenges that cloud security audit confronts with,proposed a security audit technology framework in cloud environment which provides all-around examination from four dimensions such as user dimension,business dimension,data dimension,infrastructure dimension.Then according to different dimensions,the studies were reviewed from three aspects including log audit,storage audit and configuration audit,in order to provide useful reference to the development research of security audit for cloud computing in our country. |
| |
| Keywords: | Cloud computing Security audit Log audit Storage audit Configuration audit |
|
|
点击此处可从《计算机科学》下载全文 |
|
