信息网络安全
信息網絡安全
신식망락안전
NETINFO SECURITY
2014年
11期
1-7
,共7页
云桌面%攻防反馈防御图%系统安全%Graphviz
雲桌麵%攻防反饋防禦圖%繫統安全%Graphviz
운탁면%공방반궤방어도%계통안전%Graphviz
cloud desktop%offensive and defensive feedback defense graph%system security%Graphviz
随着云平台的飞速发展,移动办公、BYOD 办公已经席卷全球,各个企业更是将云桌面办公作为首选,建立基于云服务的云桌面环境。然而,新的办公环境也将引入新的安全问题。目前云桌面安全的研究尚未成体系,云桌面的防御知识相对匮乏,国内也缺少全面、系统、有效的防御方案。云桌面的虚拟化结构决定了其不再是糖葫芦串式的防御结构,在一定程度上云桌面服务器防御比传统服务器更敏感。文章通过对云桌面的防御体系架构分析,提出了一套适用于云桌面的攻防反馈防御图的主动防御方案,将其防御结构过程和攻击结构过程展现出来,通过防御分析进行定向攻击设计,并基于生成的攻击图进行安全防御的反馈,再进行防御图的优化。文章采用了逆向广度搜索算法寻找攻击脆弱点,不漏掉不重复任何一个可靠的攻击路径。文章引入了攻防博弈模型,实现符合适度安全原则的防御优化方案。最后,文章通过某著名的云桌面提供商实验展现云桌面攻防反馈图的仿真过程。
隨著雲平檯的飛速髮展,移動辦公、BYOD 辦公已經席捲全毬,各箇企業更是將雲桌麵辦公作為首選,建立基于雲服務的雲桌麵環境。然而,新的辦公環境也將引入新的安全問題。目前雲桌麵安全的研究尚未成體繫,雲桌麵的防禦知識相對匱乏,國內也缺少全麵、繫統、有效的防禦方案。雲桌麵的虛擬化結構決定瞭其不再是糖葫蘆串式的防禦結構,在一定程度上雲桌麵服務器防禦比傳統服務器更敏感。文章通過對雲桌麵的防禦體繫架構分析,提齣瞭一套適用于雲桌麵的攻防反饋防禦圖的主動防禦方案,將其防禦結構過程和攻擊結構過程展現齣來,通過防禦分析進行定嚮攻擊設計,併基于生成的攻擊圖進行安全防禦的反饋,再進行防禦圖的優化。文章採用瞭逆嚮廣度搜索算法尋找攻擊脆弱點,不漏掉不重複任何一箇可靠的攻擊路徑。文章引入瞭攻防博弈模型,實現符閤適度安全原則的防禦優化方案。最後,文章通過某著名的雲桌麵提供商實驗展現雲桌麵攻防反饋圖的倣真過程。
수착운평태적비속발전,이동판공、BYOD 판공이경석권전구,각개기업경시장운탁면판공작위수선,건립기우운복무적운탁면배경。연이,신적판공배경야장인입신적안전문제。목전운탁면안전적연구상미성체계,운탁면적방어지식상대궤핍,국내야결소전면、계통、유효적방어방안。운탁면적허의화결구결정료기불재시당호호천식적방어결구,재일정정도상운탁면복무기방어비전통복무기경민감。문장통과대운탁면적방어체계가구분석,제출료일투괄용우운탁면적공방반궤방어도적주동방어방안,장기방어결구과정화공격결구과정전현출래,통과방어분석진행정향공격설계,병기우생성적공격도진행안전방어적반궤,재진행방어도적우화。문장채용료역향엄도수색산법심조공격취약점,불루도불중복임하일개가고적공격로경。문장인입료공방박혁모형,실현부합괄도안전원칙적방어우화방안。최후,문장통과모저명적운탁면제공상실험전현운탁면공방반궤도적방진과정。
With the rapid development of Cloud Platform, Mobile Office and BYOD Office have swept across the world. Companies take Cloud Desktop Office as the preferred, and build Cloud Desktop environment. However, the new office environment will also introduce the new security issues. Currently, Cloud Desktop security architecture has not yet formed. Knowledge of Cloud Desktop defense is relatively scarce. Domestic also lack of comprehensive, system, effective defense model. Cloud desktop virtualization structure determines its defense structure is no longer a string type, to a certain extent; cloud server defense is more sensitive than traditional one. This paper proposed an active defense scheme of offensive and defensive feedback defense graph on which applicable to cloud desktop by analysis cloud desktop defense architecture. It unfolded the restructuring process of its defense and attack, marked the targeted attacks design according to the defense analysis, and feedback attack graph to security defense, and then optimized the defense map. It adopted reverse breadth search algorithm to find attack vulnerable points, no reliable attack path was missed or repeated. It introduces the offensive and defensive game model, to compliance with the principle of appropriate security. Finally, this paper revealed simulation process of offensive and defensive feedback defense graph on cloud desktop through a famous provider of cloud desktop.
