前瞻性雲端動態防護、安全授權、與風險評估---總計畫暨子計畫一：惡意程式動態行為分群、隱藏行為誘發、與行為特徵的自動產生

Abstract

隨著網路基礎建設與行動裝置的大量普及，各類雲端平台與服務已被廣泛

的使用，雲端安全的相關討論與研究亦為現今資訊技術研發中很重要的一環。

雲端系統安全與雲端資料安全是雲端服務之兩大安全性議題：雲端系統安全主

要是討論此系統是否可抵抗各種常見、變形或複雜的攻擊行為；而雲端資料安

全則是考量系統中所儲存的各類型資料是否會被惡意的窺視、竄改、或是能否

提供資料使用授權等其他進階功能。為了提供一套同時兼顧雲端系統安全與雲

端資料安全的整合性方案，本計晝團隊以前期計晝的成果為基礎，規劃了此整

合型計晝「總計晝：前瞻性雲端動態防護、安全授權、與風險評估」。

本計晝包含四個子計晝：「子計畫一：惡意程式動態行為分群、隱藏行為誘

發、與行為特徵的自動產生」將基於惡意程式動態執行時期之行為以及各種攻擊

觸發條件，自動分類並萃取惡意程式之行為模式特徵，以提供一個惡意程式行

為模式特徵資料庫，「子計晝四：虛擬化資料中心之在線式未知惡意程式偵測與

隔離」並將依據此行為模式特徵資料庫開發出一套安全雲端平台，可動態即時地

阻斷惡意程式之執行並進行後續的損害控管。此外「子計畫二 ：高效率安全可靠

雲端資料之完整性檢測與授權使用：以醫療資料為例」亦將以此安全雲端平台為

基礎，實做出一套高效率的安全雲端醫療資料庫，除了私密性與完整性之外，

本資料庫更可提供使用者授權存取等功能。為了證明本計晝所研發之各項建構

技術、平台、與資料庫之安全性，本計晝之「子計畫三：基於虛擬化技術之雲端

系統風險評估機制」也將提出一套完整的風險評估機制。此機制可有系統性地分

析目標系統的各項風險值，本計晝並將利用此評估機制對所提出之各項技術與

系統進行安全性評估，以證明其整體安全性符合需求。

本計晝預期能針對雲端環境在惡意程式分析、安全檢測防護、雲端應用服務、 與安全評估模型方面提出前瞻性的構想與成果。本計晝亦將積極規劃與政府機構 及產業界的合作研發，未來將與宏達電、趨勢科技、喬鼎資訊(全球前三大容錯 磁碟陣列廠商）、中華電信、工研院、與教育部等進行技術移轉及多年期合作研 發案，可望吸引台灣發達的資安產業投入雲端安全的研究，進而厚植台灣產官學 界對雲端安全技術的研發實力。

With the increasing popularity of network infrastructure and mobile devices, various cloud platforms and services have been widely used. Cloud security-related discussion and research are very important part to the development of information technology today. Cloud system security and data security are the two important security issues of cloud services. Cloud system security is about how the system resists to various complex and aggressive attack behavior. Cloud data security considers the safety of data stored in the system and protects data from malicious disclosure and tampering, or can provide information on the license. In order to take two types of cloud security into account, we will investigate in this project "Cloud Platform for Dynamic Protection, Security Authorization and Risk Assessment."

This project consists of four sub-projects: "Sub-project 1: Classifying Malware by Runtime Behavior, Triggering Hidden Behaviors, and Automatically Generating Malware Behavior Patterns," "Sub-project 2: Efficient, secure and robust cloud data storage with integrity and authorization: use medical records as examples," "Sub-project 3: Virtuanlization-Based Risk Assessment as a Service in Cloud Environments," "Sub-project 4: Online Detection and Containment of Unknown Malware in Virtualized Datacenter Environment." Based on the runtime behavior and trigger conditions, Sub-project 1 will automatically classify patterns of malware behavior and provide a malware behavior database which collects these patterns. Sub-project 4 will use the information in the database and develop a secure cloud platform. This platform can block the execution of malware during run-time and provide damage control for the cloud system. On this platform, Sub-project 2 will implement a high efficient secure medical database. This medical database can guarantee privacy, integrity and authentication. To prove the security of the techniques and the platform implemented in this project, Sub-project 3 will propose a complete mechanism of risk assessment. This mechanism can systematically analyze target system and compute its risk values in several ways. We will use it to demonstrate that the overall safety requirements are met.

This project is expected to propose forward-looking ideas and results about cloud environment for malware analysis, security testing protection, cloud application services, and safety assessment model. This project will also actively plan to cooperate with government agencies and industry R & D. A number of cooperation programs in succession or negotiation.