雲端運算環境下檔案更新管理之安全性研究

學術產出-Theses

Article View/Open

pdf(826)

Publication Export

Google Scholar^TM

政大圖書館

學術資源探索系統

Citation Infomation

No doi shows Citation Infomation

Simple Record
Full Record

題名	雲端運算環境下檔案更新管理之安全性研究 A study on the security of patch management in a cloud computing environment
作者	簡禎儀
貢獻者	左瑞麟簡禎儀
關鍵詞	雲端安全虛擬主機映像檔更新檔管理 Cloud security Virtual machine image Patch management
日期	2012
上傳時間	1-Feb-2013 16:53:39 (UTC+8)
摘要	隨著雲端運算盛行,企業採用大量虛擬主機來取代實體機器,虛擬主機有效率的模擬實體機器達到企業減少能源耗損與提高成本效率目標。文中提及虛擬主機映像檔目錄系統(VMIC)主要讓使用者能有效率搜尋期望的檔案並獲得下載的實體位置,故本論文研究重點著重在改進安全性在原 VMIC 系統,應用 Pakiti 監控系統來掌握更新檔狀況於實體機器或虛擬機器環境,使資安人員能在短期間內獲得正確資訊,及時升級更新檔避免攻擊災害發生。 As cloud computing techniques advance, Virtual Machines (VM) seems to be an appropriate solution than physical machine deployment. Having multiple instances of virtual machines cause more efficient use of computing resources to achieve the aim of energy consumption and cost effectiveness. In this thesis, Virtual Machine Image Catalogue (VMIC) is designed for helping users search and acquire expected virtual machine images promptly. Nevertheless, security of VMIC is also a crucial task to keep systems up-to-date and defends against security attacks. Pakiti is adopted to monitor patch status of physical and virtual machines, and schedules the warning information to remind security staffs to update the patches.
參考文獻	[1] Cloud computing. http://en.wikipedia.org/wiki/Cloud_computing. [2] M. Armbrust, A. Fox, R. Griffith, and et al. 2009. Above the Clouds: A Berkeley View of Cloud Computing. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html. [3] I. Foster, Y. Zhao, I. Raicu, S. Lu. 2008. Cloud Computing and Grid Computing 360-Degree Compared. Grid Computing Environment Workshop. [4] P. Mell, T. Grance. 2011. Effectively and Security Using the Cloud Computing Paradigm. The National Institute of Standards and Technology. [5] Cloud computing security.http://en.wikipedia.org/wiki/Cloud_computing_security. [6] Virtualization . http://en.wikipedia.org/wiki/Virtualization. [7] 陳瀅(2010)。雲端策略。台北：天下。 [8] Gerald J. Popek. 1974. Formal Requirements for Virtualizable Third Generation Architectures. Magazine Communications of the ACM Volume 17 Issue 7, Pages 412-421. [9] Virtual Machine. http://en.wikipedia.org/wiki/Virtual_machine. [10] KVM. http://www.linux-kvm.org/page/Main_Page. [11] Kernel based Virtual Machine. http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine. [12] Oracle VM VirtualBox. https://www.virtualbox.org/. [13] Oracle VM VirtualBox. http://en.wikipedia.org/wiki/VirtualBox. [14] VMWare. http://www.vmware.com/. [15] VMWare. http://en.wikipedia.org/wiki/VMware. [16] Xen. http://en.wikipedia.org/wiki/Xen. [17] XEN. http://www.xen.org/. [18] R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, U. Schwickerath. 2009. Image Distribution Mechanisms in Large Scale Cloud Providers. 2nd IEEE International Conference on Cloud Computing Technology and Science. [19] Academia Sinica Grid Center (ASGC). http://www.twgrid.org/en/. [20] Distributed Cloud of ASGC. 2012. The International Symposium on Grid Computing. [21] The High Energy Physics Unix Information Exchange. https://www.hepix.org/. [22] The HEPiX Virtualisation Working Group. http://w3.hepix.org/virtualization/. [23] StratusLab. http://stratuslab.eu/doku.php/start. [24] M. Vlieta , A. Agarwala , M. Andersona , P. Armstronga , A. Charbonneaub , K. Franshama b , I. Gablea , D. Harrisa , R. Impeyb , C. Leavett-Browna , M. Patersona , W.Podaimab , R.J. Sobiea. 2011. Repoman: A Simple RESTful X.509 Virtual MAchine Image Repository. International Symposium on Grid and Clouds and Open Grid Forum 31. [25] EGI European Grid Infrastructure. http://www.egi.eu/. [26] EGI Strategy and Policy. http://www.egi.eu/about/policy/index.html. [27] Security Policy For The Endorsement and Operation of Virtual Machine Images. https://documents.egi.eu/document/771 [28] L. Zhang, D. Zhang et al., 2010. Live Digital Forensics in a Virtual Machine. International Conference on Computer Application and System Modeling. [29] HEPiX Virtualsation Working Group report. [30] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning. 2009. Managing Security of Virtual Machine Images in a Cloud Environment. CCSW. [31] Wayne A. Jansen, NIST. 2011. Cloud Hooks: Security and Privacy Issues in Cloud Computing. The 44th Hawaii International Conference on System Sciences. [32] Scientific Linux CERN6. http://linux.web.cern.ch/linux/scientific6/. [33] OpenStack. http://www.openstack.org/. [34] U. Schwickerath, B. Moreira, J. Chien, V. Sharma. 2011. CloudMan and VMIC projects overview. HEPiX Fall. [35] DESY. http://www.desy.de/index_eng.html. [36] BitTorrent. http://en.wikipedia.org/wiki/BitTorrent. [37] Keystone. http://docs.openstack.org/developer/keystone/. [38] D. Hyde. 2009. A Survey on the Security of Virtual Machines. [39] Patch (computing). http://en.wikipedia.org/wiki/Patch_(computing). [40] M. Prochazka, D. Kouril, R. Wartel, C. Kanellopoulos, C. Triantafyllidis. 2011. A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster than Attackers, in Proceedings of Science (PoS). International Symposium on Grid and Clouds. [41] Pakiti. http://pakiti.sourceforge.net/. [42] The MITRE Corporation, “Open Vulnerability and Assessment Language”. http://oval.mitre.org/language/. [43] MITRE. http://www.mitre.org/. [44] Common Vulnerabilities and Exposures , CVE. http://cve.mitre.org/. [45] M. Ma, M. Prochazka, D. Kouril et al. 2012. EGI Security Monitoring, in Proceedings of Science (PoS). International Symposium on Grid and Clouds. [46] Nagios. http://www.nagios.org/. [47] W. Zhou, P. Ning, X. Zhang et al. 2010. Always Up-to-date-Scalable Offline Patch of VM Images in a Compute Cloud. ACSAC. [48] Chroot. http://en.wikipedia.org/wiki/Chroot. [49] Horizon. http://docs.openstack.org/developer/horizon/. [50] B.Ross, C. Jackson et al. 2005. Stronger Password Authentication Using browser extensions. [51] A. Choudhury, P. Kumar et al. 2011. A Strong User Authentication Framework for Cloud Computing. IEEE Asia-Pacific Services Computing Conference. [52] R. Warschofsky, M. Menzel, C. Meinel. 2011. Automated Security Service Orchestration for the Identity Management in Web Service based Systems. IEEE Asia-Pacific Services Computing Conference. [53] S. Luo, J. Hu and Z. Chen. 2009. An Identity-Based One-Time Password Scheme with Anonymous Authentication. International Conference on Networks Security, Wireless Communications and Trusted Computing. [54] L. Jin, H. Takabi, J. Joshi . 2010. Security and Privacy Risks of Using E-mail Address as an Identity pp.906-913. IEEE International Conference on Social Computing. [55] Reeder, R.W. 2011. When the Password Doesn`t Work Secondary Authentication for Websites Volume: 9, Issue: 2, Page43- 49. The IEEE Computer and Reliability Societies. [56] S. Schechter, S.Egelman, R. Reeder. 2009. It’s Not What You Know, But Who You Know - A social approach to last-resort authentication, CHI.
描述	碩士國立政治大學資訊科學學系 98971018 101
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0989710181
資料類型	thesis

dc.contributor.advisor	左瑞麟	zh_TW
dc.contributor.author (Authors)	簡禎儀	zh_TW
dc.creator (作者)	簡禎儀	zh_TW
dc.date (日期)	2012	en_US
dc.date.accessioned	1-Feb-2013 16:53:39 (UTC+8)	-
dc.date.available	1-Feb-2013 16:53:39 (UTC+8)	-
dc.date.issued (上傳時間)	1-Feb-2013 16:53:39 (UTC+8)	-
dc.identifier (Other Identifiers)	G0989710181	en_US
dc.identifier.uri (URI)	http://nccur.lib.nccu.edu.tw/handle/140.119/56890	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	資訊科學學系	zh_TW
dc.description (描述)	98971018	zh_TW
dc.description (描述)	101	zh_TW
dc.description.abstract (摘要)	隨著雲端運算盛行,企業採用大量虛擬主機來取代實體機器,虛擬主機有效率的模擬實體機器達到企業減少能源耗損與提高成本效率目標。文中提及虛擬主機映像檔目錄系統(VMIC)主要讓使用者能有效率搜尋期望的檔案並獲得下載的實體位置,故本論文研究重點著重在改進安全性在原 VMIC 系統,應用 Pakiti 監控系統來掌握更新檔狀況於實體機器或虛擬機器環境,使資安人員能在短期間內獲得正確資訊,及時升級更新檔避免攻擊災害發生。	zh_TW
dc.description.abstract (摘要)	As cloud computing techniques advance, Virtual Machines (VM) seems to be an appropriate solution than physical machine deployment. Having multiple instances of virtual machines cause more efficient use of computing resources to achieve the aim of energy consumption and cost effectiveness. In this thesis, Virtual Machine Image Catalogue (VMIC) is designed for helping users search and acquire expected virtual machine images promptly. Nevertheless, security of VMIC is also a crucial task to keep systems up-to-date and defends against security attacks. Pakiti is adopted to monitor patch status of physical and virtual machines, and schedules the warning information to remind security staffs to update the patches.	en_US
dc.description.tableofcontents	TABLE OF CONTENTS 1 Introduction .................................................................................................................. 1 1.1 Introduction ...................................................................................................... 1 1.2 Thesis Architecture .......................................................................................... 2 2 Background and Related Work ................................................................................... 3 2.1 Cloud Computing ............................................................................................. 3 2.1.1 Cloud Service Models ........................................................................... 4 2.1.2 Cloud Computing Security ................................................................... 6 2.2 Virtualization .................................................................................................... 7 2.2.1 Virtual Machine Infrastructure ............................................................ 10 2.2.2 Virtual Machine Image Catalogue ...................................................... 12 2.2.2.1 HEPiX Virtualization Working Group ..................................... 14 2.2.2.2 Image Trust .............................................................................. 15 2.2.3 Virtual Machine Image Security ......................................................... 16 3 Virtual Machine Image Catalogue System ............................................................... 19 3.1 System Introduction ....................................................................................... 19 3.2 Virtual Machine Image Catalogue Components ............................................ 21 3.2.1 Command Line Interface .................................................................... 21 3.2.2 HEPiX Tool Subscription .................................................................... 22 3.2.3 VMIC Image Distribution ................................................................... 23 3.2.4 Glance Module and Authentication with Keystone ............................ 25 3.3 Security Considerations of VMIC ................................................................. 25 4 VMIC Security Improvement ................................................................................... 27 4.1 Security Improvement .................................................................................... 27 4.2 Online Patch Management - Pakiti ................................................................ 29 4.2.1 Pakiti Architecture .............................................................................. 30 4.3 Offline Patch Management ............................................................................ 33 4.3.1 Nuwa ................................................................................................... 33 4.4 Method: Patch Management in VMIC System .............................................. 37 4.4.1 Pakiti in VMIC System ....................................................................... 38 4.4.2 Nuwa in VMIC System ....................................................................... 40 5 Implementation of VMIC Security Improvement ..................................................... 42 5.1 Pakiti Client ................................................................................................... 42 5.2 Pakiti Server ................................................................................................... 43 6 Future Work .............................................................................................................. 47 7 Conclusion ................................................................................................................ 49 8 Reference .................................................................................................................. 50	zh_TW
dc.language.iso	en_US	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0989710181	en_US
dc.subject (關鍵詞)	雲端安全	zh_TW
dc.subject (關鍵詞)	虛擬主機映像檔	zh_TW
dc.subject (關鍵詞)	更新檔管理	zh_TW
dc.subject (關鍵詞)	Cloud security	en_US
dc.subject (關鍵詞)	Virtual machine image	en_US
dc.subject (關鍵詞)	Patch management	en_US
dc.title (題名)	雲端運算環境下檔案更新管理之安全性研究	zh_TW
dc.title (題名)	A study on the security of patch management in a cloud computing environment	en_US
dc.type (資料類型)	thesis	en
dc.relation.reference (參考文獻)	[1] Cloud computing. http://en.wikipedia.org/wiki/Cloud_computing. [2] M. Armbrust, A. Fox, R. Griffith, and et al. 2009. Above the Clouds: A Berkeley View of Cloud Computing. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html. [3] I. Foster, Y. Zhao, I. Raicu, S. Lu. 2008. Cloud Computing and Grid Computing 360-Degree Compared. Grid Computing Environment Workshop. [4] P. Mell, T. Grance. 2011. Effectively and Security Using the Cloud Computing Paradigm. The National Institute of Standards and Technology. [5] Cloud computing security.http://en.wikipedia.org/wiki/Cloud_computing_security. [6] Virtualization . http://en.wikipedia.org/wiki/Virtualization. [7] 陳瀅(2010)。雲端策略。台北：天下。 [8] Gerald J. Popek. 1974. Formal Requirements for Virtualizable Third Generation Architectures. Magazine Communications of the ACM Volume 17 Issue 7, Pages 412-421. [9] Virtual Machine. http://en.wikipedia.org/wiki/Virtual_machine. [10] KVM. http://www.linux-kvm.org/page/Main_Page. [11] Kernel based Virtual Machine. http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine. [12] Oracle VM VirtualBox. https://www.virtualbox.org/. [13] Oracle VM VirtualBox. http://en.wikipedia.org/wiki/VirtualBox. [14] VMWare. http://www.vmware.com/. [15] VMWare. http://en.wikipedia.org/wiki/VMware. [16] Xen. http://en.wikipedia.org/wiki/Xen. [17] XEN. http://www.xen.org/. [18] R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, U. Schwickerath. 2009. Image Distribution Mechanisms in Large Scale Cloud Providers. 2nd IEEE International Conference on Cloud Computing Technology and Science. [19] Academia Sinica Grid Center (ASGC). http://www.twgrid.org/en/. [20] Distributed Cloud of ASGC. 2012. The International Symposium on Grid Computing. [21] The High Energy Physics Unix Information Exchange. https://www.hepix.org/. [22] The HEPiX Virtualisation Working Group. http://w3.hepix.org/virtualization/. [23] StratusLab. http://stratuslab.eu/doku.php/start. [24] M. Vlieta , A. Agarwala , M. Andersona , P. Armstronga , A. Charbonneaub , K. Franshama b , I. Gablea , D. Harrisa , R. Impeyb , C. Leavett-Browna , M. Patersona , W.Podaimab , R.J. Sobiea. 2011. Repoman: A Simple RESTful X.509 Virtual MAchine Image Repository. International Symposium on Grid and Clouds and Open Grid Forum 31. [25] EGI European Grid Infrastructure. http://www.egi.eu/. [26] EGI Strategy and Policy. http://www.egi.eu/about/policy/index.html. [27] Security Policy For The Endorsement and Operation of Virtual Machine Images. https://documents.egi.eu/document/771 [28] L. Zhang, D. Zhang et al., 2010. Live Digital Forensics in a Virtual Machine. International Conference on Computer Application and System Modeling. [29] HEPiX Virtualsation Working Group report. [30] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning. 2009. Managing Security of Virtual Machine Images in a Cloud Environment. CCSW. [31] Wayne A. Jansen, NIST. 2011. Cloud Hooks: Security and Privacy Issues in Cloud Computing. The 44th Hawaii International Conference on System Sciences. [32] Scientific Linux CERN6. http://linux.web.cern.ch/linux/scientific6/. [33] OpenStack. http://www.openstack.org/. [34] U. Schwickerath, B. Moreira, J. Chien, V. Sharma. 2011. CloudMan and VMIC projects overview. HEPiX Fall. [35] DESY. http://www.desy.de/index_eng.html. [36] BitTorrent. http://en.wikipedia.org/wiki/BitTorrent. [37] Keystone. http://docs.openstack.org/developer/keystone/. [38] D. Hyde. 2009. A Survey on the Security of Virtual Machines. [39] Patch (computing). http://en.wikipedia.org/wiki/Patch_(computing). [40] M. Prochazka, D. Kouril, R. Wartel, C. Kanellopoulos, C. Triantafyllidis. 2011. A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster than Attackers, in Proceedings of Science (PoS). International Symposium on Grid and Clouds. [41] Pakiti. http://pakiti.sourceforge.net/. [42] The MITRE Corporation, “Open Vulnerability and Assessment Language”. http://oval.mitre.org/language/. [43] MITRE. http://www.mitre.org/. [44] Common Vulnerabilities and Exposures , CVE. http://cve.mitre.org/. [45] M. Ma, M. Prochazka, D. Kouril et al. 2012. EGI Security Monitoring, in Proceedings of Science (PoS). International Symposium on Grid and Clouds. [46] Nagios. http://www.nagios.org/. [47] W. Zhou, P. Ning, X. Zhang et al. 2010. Always Up-to-date-Scalable Offline Patch of VM Images in a Compute Cloud. ACSAC. [48] Chroot. http://en.wikipedia.org/wiki/Chroot. [49] Horizon. http://docs.openstack.org/developer/horizon/. [50] B.Ross, C. Jackson et al. 2005. Stronger Password Authentication Using browser extensions. [51] A. Choudhury, P. Kumar et al. 2011. A Strong User Authentication Framework for Cloud Computing. IEEE Asia-Pacific Services Computing Conference. [52] R. Warschofsky, M. Menzel, C. Meinel. 2011. Automated Security Service Orchestration for the Identity Management in Web Service based Systems. IEEE Asia-Pacific Services Computing Conference. [53] S. Luo, J. Hu and Z. Chen. 2009. An Identity-Based One-Time Password Scheme with Anonymous Authentication. International Conference on Networks Security, Wireless Communications and Trusted Computing. [54] L. Jin, H. Takabi, J. Joshi . 2010. Security and Privacy Risks of Using E-mail Address as an Identity pp.906-913. IEEE International Conference on Social Computing. [55] Reeder, R.W. 2011. When the Password Doesn`t Work Secondary Authentication for Websites Volume: 9, Issue: 2, Page43- 49. The IEEE Computer and Reliability Societies. [56] S. Schechter, S.Egelman, R. Reeder. 2009. It’s Not What You Know, But Who You Know - A social approach to last-resort authentication, CHI.	zh_TW

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

Google Scholar^TM