针对云计算中信息的完整性问题,文章提出了一个基于云平台的多级安全模型。该模型将系统划分为三层:以虚拟机中的进程为基础层;将运行在同一台虚拟机监视器上的各虚拟机作为中间层;以该虚拟机监视器作为顶层,按自底向上的顺序进行安全性比较。结合这种安全模型,提出相配套的基于分布式计算环境的信息流控制(Decentralized Information Flow Control,DIFC)的访问控制方法(Decentralized Information Control Flow Based on Biba and BLP,DIFC-B)。该方法将虚拟机及其中的进程进行安全等级划分,再根据Biba模型和BLP模型的性质对进程间的访问进行验证,以确保系统运行时信息的完整性与机密性。最后,结合无干扰理论对基于云平台的多级安全模型进行了安全性分析,进而说明了模型的实用性。
For the problem of the integrity of information in cloud computing, this paper proposed a multi-level security model for a cloud-based platform. The system is divided into three layers by this model and takes the process of virtual machine as a basic layer. The virtual machines run on the same virtual machine monitor are middle layer. Finally, the virtual machine monitor is the top layer. Through comparing the safety in the bottom-up order, the access control method DIFC-B (Decentralized Information Control Flow Based on Biba and BLP)based on the information flow control method of a distributed computing environment DIFC (Decentralized Information Flow Control) is proposed, which is raised for the security model. The method divides virtual machines and the processes in virtual machines into different security levels. Then according to the properties of Biba model and BLP model to verify the process between the access and to ensure the integrity and confidentiality of information when the system is running. Finally, the multi-level security model based on cloud platform is analyzed with noninterference theory, which can show the usefulness of the model.