摘要: | 雲端運算是近來新興起的動態、可擴展的 (Scalable)運算方式,通常以網路服務的形式 (as a service)來滿足使用者各式各樣的計算與軟體需求。雲端服務通常採用資料中心 (Data Center) 的概念去建立服務,並以「基礎架構服務」(Infrastructure as a Service, IaaS)、「平台服務」(Platform as a Service, PaaS)、「軟體服務」(Software as a Service, SaaS)等三種不同的形式呈現出來。由於雲端運算牽涉到使用者與服務提供者之間的關係,所以雲端服務通常需要保證一定的服務品質,並依需求去監控與調控資源與服務使用的狀況。依據雲端服務的運作模式,我們還可以將雲端服務約略分成Public Cloud、Private Cloud、Hybrid Cloud 三種模式。雖然雲端技術逐漸進入資訊產業的主流,然而過去很多透過網際網路與行動裝置進行惡意破壞的行為,都有可能被移植到雲端運算平台之上,因此使用雲端運算最大的顧慮就是安全問題。本計畫為三年期的整合型計畫『用於維護雲端服務(含客端)安全機制與其安全服務實驗平台之研究』下的子計畫(子計畫三) 『雲端資安平台之實作』。另外兩個子計畫是分別是子計畫一『用於雲端服務之行動裝置與網際網路服務異常行為監控與防護機制之研究』以及子計畫二『建立雲端安全服務實驗平台之研究』。本子計畫著重在發展一個提供私人雲端服務或者混合雲端服務的資安平台,而這個平台可以歸類為雲端基礎架構服務 (IaaS) 或者雲端平台服務 (PaaS)。而另外兩個相關的子計畫將利用本平台所提供的計算資源與運算環境進行研究,並以雲端軟體服務 (SaaS) 的概念來建立各自的系統,以服務不同的目標的雲端使用者。在第一年中,我們將利用現成的雲端建置工具去提供一個統整的計算與儲存環境給雲端使用者使用,以帳號註冊的方式開放給特定使用者使用,設計一個使用者導向的服務與資源監控系統,並研究如何提供適當的介面來設定一個虛擬的電腦實驗室。在第二年我們將陸續完成使用者導向的服務與資源監控系統以及雲端安全服務實驗平台的介面。而在第三年我們預計要強化本平台的 Accounting 、 Authentication 、 Authorization 機制,並提供使用者(應用程式)行為分析,以及系統資源使用分等詳盡的分析工具。 Cloud computing is an emerging technology which delivers dynamic, scalable, and on-demand computing power to end-users “as a service”. The existing cloud computing paradigm adopts the concept of data centers which consolidates the computing infrastructure in a centralized manner to facilitate resource management. Cloud services can be categorized into three types of services: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). According to how cloud services are shared and used, they can also be divided into three domains: the public cloud, the private cloud, and the hybrid cloud. Although cloud computing is shifting into the mainstream of the IT industry, many critical issues remain unsolved. Among those issues, security is one of the major concerns while using cloud services. In this proposal, we focus our research on private cloud and hybrid cloud, and devise a security model to support accountable cloud computing. We will create and maintain a cloud platform service, which can facilitate cloud security research for the NCU cloud security research team. We plan to operate the proposed project in a three-year period. In the first year, we will create a private/hybrid cloud platform to provide computing service and storage service, and unify them by providing a single account for each end-user. We will design and implement a user-oriented monitoring architecture to enhance cloud accounting in the first year as well. We will finish the implementation of the user-oriented monitoring architecture in the second year. Meanwhile, we will provide a user interface to create a virtualized laboratory for cloud security experiments. In the last year, we plan to improve the accounting, authentication, and authorization mechanism for the proposed cloud platform service. We will also provide a user (application) behavior analysis toolkit and a resource usage analysis toolkit in the last year. 研究期間:9908 ~ 10007 |