前瞻性雲端安全儲存、偵測、行為分析與觀測---總計畫(I)

Abstract

在網路與行動裝置的催化下，雲端服務已是IT產業的重點技術，因此雲端的安全問題就顯得格外重要。本計劃將提出一個整合性的建構方案，目的是建立一個前瞻性雲端安全儲存、防護、行為分析與觀測平台。此平台包含四個子計畫：曾文貴教授所主持的「子計畫一：支援多樣功能之雲端資料安全儲存」、謝續平教授所主持的「子計畫二：基於機器碼之Windows惡意程式行為分析雲端平台」、黃育綸教授所主持的「子計畫三：設計與實作基於雲端技術之安全實驗觀測網路」與吳育松教授所主持的「子計畫四：基於Xen Hypervisor之即時雲端環境入侵偵測與反制 (雲端運算_安全技術)」。本平台不但能提供雲端儲存的安全性、正確性及其他功能性，亦可透過即時入侵偵測及反制系統確保整個雲端平台不會受到一般的網路攻擊，並能利用雲端的運算能力分析經過變形、隱匿、加殼等處理的複雜攻擊行為。本計劃更提供一個具有仿真性與即時性的實驗觀測網路平台，不但可直接取得接近硬體層級的網路流量資訊、模擬受到攻擊的網路狀態、更能讓需要改變的網路拓樸即時生效。 本計畫的子計畫間關聯性如下：來自於Internet的一般攻擊會在子計畫四的即時雲端環境入侵偵測與反制子系統被擋下。而疑似為複雜攻擊程式的，則會被該子系統導向到子計畫二所開發的惡意程式行為分析雲端平台進行分析，且分析的結果，亦可回饋至入侵偵測與反制子系統，以加強前端系統的防護能力。此外，為分析複雜的網路攻擊行為，可疑的惡意網路封包則會被導向到子計畫三所建構的安全實驗觀測網路，並在其上進行實驗與觀測。最後得到的觀測結果，可經由即時雲端環境入侵偵測與反制子系統回傳，實驗結果中若有特別的需求，亦可交由惡意程式行為分析雲端平台進行再次分析。 綜合來看，本計劃建構一個包含多面向的雲端安全服務平台，其中包含四大子系統，並針對雲端資料安全儲存、即時雲端環境入侵偵測與反制、惡意程式行為分析、雲端技術之安全實驗觀測網路之建構，提出理論與實務創新的構想與設計，相關研究成果並將實作，以彰顯其實用價值。  已與中華電信簽訂技術合作計畫

With the growth of Internet and mobile devices, “cloud services” have become one of the key networking technologies. However, concerns about cloud security have been threatening the success of cloud services. So the security issues become more and more important. This project will propose an integrated project including four sub-projects for a secure cloud platform. Prof. Wen-Guey Tzeng will lead the sub-project to provide efficient solutions to the security problems in cloud systems. Prof. Shiuhpyng Winston Shieh will lead the sub-project to build an analysis system against malwares. Prof. Yu-Lun Huang will lead the sub-project to design and implement an observation cloud for security experiments. Prof. Yu-Sung Wu will lead the sub-project to integrate IDS/IPS into Xen Hypervisor. Our proposed platform provides correctness, privacy, and other security functions for cloud systems. Its integrated IDS/IPS also provides a first line of defense against incoming attacks. Moreover, it can analyze complex malware behavior using the computing power of the cloud. This project also proposes a real-time secure cloud observation testbed, on which attacks can be emulated and observed. The network topology in the testbed can be easily adjusted in real-time. The relationships among the sub-projects are as follows: The normal attacks from Internet will be blocked by the IDS/IPS developed by sub-project #2. The possible complex attacks will be redirected to and analyzed by the malware analysis platform on the cloud. And the analysis result can be used to fine-tune the IDS/IPS to further improve its protection capability. Moreover, to analyze complex network attacks, the malicious network traffic can be directed to the secure cloud observation testbed. Experiments about the attacks can be conducted on the testbed to help better understanding of the attacks, and that may offer new signatures or defense strategies for the IDS/IPS. Observation result from the testbed experiments can also be directed to the malware analysis platform on the cloud for a closer inspection. In conclusion, this project will construct a cloud platform with four main sub-systems: a set of efficient solutions to the security problems in cloud systems, a malware analysis system based on cloud computing, an observation cloud for security experiments, and IDS/IPS-integrated Xen Hypervisor. We will propose new theories and implement related systems to show that our project is valuable and feasible.