中文摘要：

云计算模式的本质特征是数据所有权和管理权的分离,即用户将数据迁移到云上,失去了对数据的直接控制权,需要借助云计算平台实现对数据的管理.而云计算模式的引入带来了很多新的安全问题和挑战,如恶意的云管理员、可利用的安全漏洞和不当的访问接口等.尤其是当云管理员客观上具备偷窥和泄露用户数据和计算资源的能力时,如何保障用户数据的权益,成为一个极具挑战的问题.因此,内部威胁的研究和应对在云计算模式下变得尤为重要,也是近年来学术界和工业界共同关注的热点.为进一步深入研究云计算模式内部威胁问题及其应对,从具体方式方法上作系统的归纳和梳理,并促进国内在该方向上的研究,该文系统分析和总结了云计算模式下内部威胁的类型、特点,并针对真实的云平台构建和实施切实可行的内部威胁攻击实例,展示了云平台客观存在的可利用内部风险以及典型攻击方法.在此基础上,通过梳理相关研究工作,该文总结了三类应对云计算模式内部威胁的主要技术路线,即人员评价与行为分析、云管理权限划分和执行时验证和用户可控的数据加密.针对每一类技术路线,该文深入分析了其主要原理、关键技术、最新进展和产业实用性.最后给出了云计算模式下内部威胁的重要研究点和未来发展方向.

英文摘要：

The division of data ownership and data management is regarded as the key characteristicsof cloud computing. Customers outsource their data to the cloud and need to use cloud computing platform for data management, as a result losing direct control over the data. The introduction of cloud computing model has brought some new security issues and challenges, such as malicious cloud administrator, security vulnerabilities and improper access interface. So insider threats become more crucial, especially with the cloud administrators gaining more control on customers＇ virtual machines and data in reality. How to defend against malicious insiders, especially who have priorities to access or steal customers＇ data and computation resources, has become a challenging problem as well as a common focus of attention in both academia and industry in recent years. For further study of the insider threats in cloud computing model, making systematic summary from ways and means to deal with,and promoting domestic research in this direction,this paper firstly summarizes the major types of internal threats in the cloud environment, and takes an experimental approach to demonstrate typical insider vulnerabilities and possible actionable attacks. This paper summarizes and proposes three approaches to deal with insider threats in the cloud, as： user ＆ entity behavior analysis and evaluation, cloud administration priority division and run-time access control, and customer controlled data encryption. For each approach, this paper thoroughly analyzes its technical principles, key technologies, state of the art, as well as practical possibilities in the real world. At last, this paper points out the future researchdirections and key technologies against insider threats in the cloud.