Escolar Documentos
Profissional Documentos
Cultura Documentos
So, the defensive and aggressive attack of endpoints are just like antennaes, and constantly
cloud firewall is just like the following codes to they explore useful information,thus breaking the
show˄quote "Microsoft Intemet Controls" in the protection of traditional firewall , which is
project˅˖ passive and waiting.Just for the attack, the
Dim dWinFOlder As New ShellWindows traditional firewall is completely passive defence,
Dim eventIE As and it does not know where is the attack and how
SHDocVwˊIntemetExplorer to attack. The core of the firewall is static rule
605
protection,that is to say,after the customers buy a technology, but a computing concept or a
firewall, the suppliers configure matching computing model. Cloud computing is the
security policy which is according to customer's development of parallel computing, distributed
requirements.Compared with traditional computing and grid computing , or it is
firewalls,the cloud firewall updates static commercial realization of the concept of
protection strategy dynamically to add computer science. Cloud computing is the
proactivity to network security,it has some mixed-jump result of the evolution of concepts of
significant features[4]: virtualization, utility computing, IaaS, PaaS,
z Firstly, the cloud firewall freezes botnets. SaaS[5]. It has huge scale, virtualization, high
For one thing , the cloud firewall can find reliability, commonality, high scalability and
malicious Web site in a short time relatively service on demand. Large scale is its greatest
to stop users to access to these sites; for the feature,the key of cloud computing is to have
other thing, if the users' computers become enough information collection points and
"zombie" or have Trojan Horse, the cloud computing capacity.That is to say,usually for the
firewall can stop the computers to send large data calculation, we can divide it into many
external master site information. small sub-blocks to many computing terminals
z Secondly, the cloud firewall let the world's which are in the "cloud". So we can get a
IPS be Intelligent linkage. The top of cloud large-scale computing system, and the computing
was added botnets master database and capability of this system is better than any
dynamic strategies to SensorBase to high-equipped computer. In this computing
monitor the dynamics of botnets model, all servers, networks, applications and
sensitively.If some Internet address have other parts related with the data center are
some questions,it will be blocked, and the provided to the IT department and end-users
top of cloud will try to update the through the Internet. Customers are only
information of SensorBase in the shortest connected to the "cloud", they can access to
time. infrastructure services, platform ( operating
z Thirdly, the cloud monitors Netflow V9 to system) services, or software as a service ——
achieve NOC / SOC combo. Netflow such as SaaS application, the "cloud" is possible
provides a session-level view of network to be the internal data center or computer which
traffic to record every service information has the same function.
from TCP / IP . Its function includes
B. Computational Logic in Cloud
abnormal traffic monitoring, high-speed
Computing˖
sampling and timed control ,the
About n-term computing is defined[6]:F is a
amalgamation of network and security, the
computing, and x1ˈx2ˈĂĂ,xn are n variable
standard network element management.
parameters for computing. So F is n-term
III. THE CLOUD COMPUTING IN CLOUD computing, S is the result of computing,such as S
FIREWALL˖ = F ( x1 , x2 , Ă , xn)˗if a1ˈa2ˈĂˈan
were the value data of x1ˈx2ˈĂˈxn, so
A. About Cloud Computing˖
S= F( a1 , a2 , …, an) is a calculation for F, and S
Cloud computing is still in its infancy
is the result.
currently.About the definition of cloud
About n-term rule is defined[7]: If A1ˈ
computing is still controversial, which are
A2ˈĂˈAn are n antecedents, B is conclusion,
multiple versions, so far there is no one
which is called n-term rule as R, R can be
conclusive. Cloud computing is not a specific
expressed as "If A1 , A2 , Ă, An , then B" DŽ
606
Cloud computing as a whole calculation process
is shown in Fig. 2:
invoke
DynamicallyReconfigurable,
Monitoring ,Automation
Cloud Computing
607
application requirements. Cloud computing updates of client-side in the traditional
structure must be sharp, which is able to make update-mode, most of these updates is now
quick response for changes in the load and available "local or global" cloud scanning
demand signal.In other words, the clouds cluster services, which would significantly reduce the
must be able to quickly respond to certain re-update mode of the terminal system to
malicious attacks, and rapidly from one to pass to minimize the download of anti-virus codes.
other points, to be co-processing. Traditional client-side virus pattern updates,
Typically, "cloud" have a large number of about 2-3 times per day, 2-3Mb download
servers, and resources are dynamic, and it need traffic every time , while the CCFR client cloud
real-time, accurate and dynamic resource virus code only updates once a week, 2-3Mb
information. Cloud computing monitored and every time. Precisely ,CCFR can decrease virus
managed all the resources in the computing database in the client-side about 90%[13].
resources pool by a monitor server,and it
IV. TRENDS AND RISKS˖
configured and monitored every resources server
by deploying “Agent” on all the servers in the At present, the cloud firewall is still in the
cloud,and it can pass information data to the data embryonic stage of development,and its
warehouse regularly.Monitor server analysised application form had also presented very many
the using data which is in the "cloud" in the data kinds.One trend,which is to connect the user with
warehouse and tracked the availability and the firewall software platforms closely by
capability of resource,which offered information Internet in order to form a huge monitoring for
for the exclusion of lesion and the balance of Trojan / malicious software , spyware network.
resource[10-11]. Every user will contribute to the firewall "Cloud
security" , while sharing the results from the
D. Based on the File Reputation Technology˖
other users. This is similar to the P2P. If we can
The real technical focal point of "Cloud really dig into the user's enthusiasm , build a new
security" lies in how they do data mining for security system is not impossible. But now, users
the collection of sample data , and then form a don't still fully accept this cloud firewall, which
new identification technology in the clouds. After means everyone's enthusiasm was not high .This
adding the concept of cloud security to is something we have to face.
firewall,the new cloud-client file reputation Another trend ,is to set up a sufficient
(CCFR) technology will become the users' number of servers (tens of thousands or even
focus.In the cloud security,the core is more) in the world to collect application requests
cloud-client file reputation,which is to change the from global users in real time, and by the
mode to manually update the protection.For the calculation in the top of cloud,it is to judge the
ordinary users ,the cloud security which is based safety of these requests. For example,a user
on the cloud-client file reputation can be requests to connect a corporate Web site. By a
understood:It reached interaction between number of technical indicators ,the operator will
"anti-virus vendor's computer cluster" and "user determine whether the site's URL was normal
terminal" ,which can change the issue of the virus and secure, whether the web links embedded in
code into the uploading of the characteristics of the text and Button were normal and secure,
the file to compare in the top of cloud.But it whether the user will be directed to
cannot upload the whole codes to compare,rather non-performing Web site or lead to other
than features in the files.The whole process is dangerous behavior. If the site is secure, the user
just some milliseconds[12]. can link to, but if not, this link in the text will be
From general technology, CCFR reduces the block ,not the whole web page. Accordingly, the
608
problematic URL will also be added to the REFERENCES
problem database in the top of cloud.Once the [1] H. chih Yang, A. Dasdan, R.-L. Hsiao, and D.
other users Ą requests access to this data, S.Parker.Simplified relational data processing on large
according to the problem database ,"the top of clusters. In Proc. SIGMOD, 2007.pp.33-78.
cloud" can decide whether to allow the user to [2] D. Patterson and J. Henessy. Computer
access by judging the data [14]. Architecture.Morgan Kaufmann Publish-ers,
The first challenge cloud firewall faced fourth edition, 2006.pp.31-53.
was network environment issues. If security [3] ĀSectaoāWebsiteˈ(in Chinese)
threats had emerged and destroyed the network http://www.sectao.net/blog/index.php?go=category_2
connection, at this time, then no matter how [4] Pike R, Dorward S, Griesemer R, Quinlan S.
strong "the top of cloud" to protect, the client's Interpreting the data: Parallel analysis with Sawzall.
losses are inevitable. Second, the cloud security Scientific Programming Journal, 2005,13(4),pp.12-30.
standards in the cloud firewall is still in a chaotic [5] Baidu Wikipedia Webˈ(in Chinese)
state, there is no uniform standard, various http://baike.baidu.com/view/1316082.htm?fr=ala0
vendors are still fighting each other, vendors [6] T. H. Davenport and J. G. Harris. Competing on
have their own standards.So the client may get a Analytics: The New Science of Winning. Harvard
different judgement, which is harm to unify the Business School Press, 2007.pp.44-50.
cloud security in future. The root of these [7] Peng Liu, Yao Shi, Francis C. M. Lau, Cho-Li Wang,
problems was that cloud computing has not yet San-Li Li, Grid Demo Proposal: AntiSpamGrid, IEEE
been spread extensively, complete cloud International Conference on Cluster Computing, Hong
computing environment is still not perfect.That is Kong, Dec 1-4, 2003.pp.80-121. (in Chinese)
to say,the cloud security was born from the cloud [8] Guoding YinˈHong WeiˈAchieve the method of
computing will not lay a good foundation, so calculation of conceptionˈJournal of Southeast
now cloud security environment is not safe Universityˈ2003˄04˅. (in Chinese)
enough , and only after the popularity of cloud [9] Boss G, Malladi P, Quan D, Legregni L, Hall H. Cloud
computing , will cloud security begin truly. computing. IBM White Paper, 2007.
[10] S. Ghemawat, H. Gobioff, and S.-T. Leung. The
V. CONCLUSION˖
google file system. In 19th ACM Symposium on
Cloud firewall is a popular form of security
Operating Systems Principles, 2003(10).pp.43-44.
software, but it is a tightly fur products, we have
[11] T. H. Davenport and J. G. Harris. Competing on
to achieve the whole cloud security protection
Ana-lytics: The New Science of Winning. Harvard
model finally, which is the real purpose. Because
Business School Press, 2007.pp.12-16.
of the agility and high spreadability of the cloud
[12] Xiangling Wang. Core Technology of Grid Computing.
security , it determined its security model is
Tsinghua University Press.2006(11).pp.55-66. (in
definitely the future development trend, and even
Chinese)
the most difficult to guard against the so-called
[13] H. Liu and D. Orban. Cloud computing for large-scale
"zero-day attacks" [15] ,this hacker is also easy to
data-intensive batch applications. IEEE Computer
be guarded. But, before cloud computing become
Society, 2008.
mainstream,the cloud security will not lay a good
[14] P. Shivam. Active and accelerated learning of cost
foundation.That is to say,we will have a long
models. In VLDB, 2006.pp.98-100.
road to real cloud security,which will need the
[15] R. Sakellariou. Utility Driven Adaptive Workflow
strong support from all users and the unity from
Execution.In Proc. 9th CCGrid. IEEE Press, 2009.
the major manufacturers.Only in this way,can
achieve the real cloud security.
609