標題: 前瞻性雲端安全儲存、偵測、行為分析與觀測---總計畫(I)
Cloud Platform for Secure Storage, Intrusion Detection, Malware Behavior Analysis and Network Observation (Cloud Computing-Security Technology) (I)
作者: 曾文貴
關鍵字: 雲端計算;雲端儲存;入侵偵測;入侵預防;動態汙染分析;惡意行為分析;雲端虛擬化技術;實驗觀測網路;cloud computing;cloud storage;intrusion detection;intrusion prevention;malware analysis;taint analysis;virtualization
公開日期: 2010
摘要: 在網路與行動裝置的催化下,雲端服務已是IT產業的重點技術,因此雲端的安全問題就顯得格外重要。本計劃將提出一個整合性的建構方案,目的是建立一個前瞻性雲端安全儲存、防護、行為分析與觀測平台。此平台包含四個子計畫:曾文貴教授所主持的「子計畫一:支援多樣功能之雲端資料安全儲存」、謝續平教授所主持的「子計畫二:基於機器碼之Windows惡意程式行為分析雲端平台」、黃育綸教授所主持的「子計畫三:設計與實作基於雲端技術之安全實驗觀測網路」與吳育松教授所主持的「子計畫四:基於Xen Hypervisor之即時雲端環境入侵偵測與反制 (雲端運算_安全技術)」。本平台不但能提供雲端儲存的安全性、正確性及其他功能性,亦可透過即時入侵偵測及反制系統確保整個雲端平台不會受到一般的網路攻擊,並能利用雲端的運算能力分析經過變形、隱匿、加殼等處理的複雜攻擊行為。本計劃更提供一個具有仿真性與即時性的實驗觀測網路平台,不但可直接取得接近硬體層級的網路流量資訊、模擬受到攻擊的網路狀態、更能讓需要改變的網路拓樸即時生效。
 已與中華電信簽訂技術合作計畫
With the growth of Internet and mobile devices, “cloud services” have become one of the key networking technologies. However, concerns about cloud security have been threatening the success of cloud services. So the security issues become more and more important. This project will propose an integrated project including four sub-projects for a secure cloud platform. Prof. Wen-Guey Tzeng will lead the sub-project to provide efficient solutions to the security problems in cloud systems. Prof. Shiuhpyng Winston Shieh will lead the sub-project to build an analysis system against malwares. Prof. Yu-Lun Huang will lead the sub-project to design and implement an observation cloud for security experiments. Prof. Yu-Sung Wu will lead the sub-project to integrate IDS/IPS into Xen Hypervisor. Our proposed platform provides correctness, privacy, and other security functions for cloud systems. Its integrated IDS/IPS also provides a first line of defense against incoming attacks. Moreover, it can analyze complex malware behavior using the computing power of the cloud. This project also proposes a real-time secure cloud observation testbed, on which attacks can be emulated and observed. The network topology in the testbed can be easily adjusted in real-time.
The relationships among the sub-projects are as follows: The normal attacks from Internet will be blocked by the IDS/IPS developed by sub-project #2. The possible complex attacks will be redirected to and analyzed by the malware analysis platform on the cloud. And the analysis result can be used to fine-tune the IDS/IPS to further improve its protection capability. Moreover, to analyze complex network attacks, the malicious network traffic can be directed to the secure cloud observation testbed. Experiments about the attacks can be conducted on the testbed to help better understanding of the attacks, and that may offer new signatures or defense strategies for the IDS/IPS. Observation result from the testbed experiments can also be directed to the malware analysis platform on the cloud for a closer inspection.
In conclusion, this project will construct a cloud platform with four main sub-systems: a set of efficient solutions to the security problems in cloud systems, a malware analysis system based on cloud computing, an observation cloud for security experiments, and IDS/IPS-integrated Xen Hypervisor. We will propose new theories and implement related systems to show that our project is valuable and feasible.
官方說明文件#: NSC99-2218-E009-017
URI: http://hdl.handle.net/11536/100275
顯示於類別:Research Plans