本文選題：云平臺 + 多層身份認(rèn)證�。� 參考：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：隨著計算機(jī)計算能力不斷的提高,云計算技術(shù)憑借其在可擴(kuò)展性和提高資源共享能力方面的優(yōu)勢,將分布式集群和網(wǎng)格計算推向國內(nèi)外研究的熱點。OpenStack作為一個旨在為公共云及私有云的建設(shè)與管理提供軟件的開源項目,簡化了云平臺的部署過程并為其帶來良好的可擴(kuò)展性,使得云平臺技術(shù)正在被廣泛應(yīng)用于商業(yè)、軍事和學(xué)術(shù)等各個領(lǐng)域中,這就使得對整個云平臺的身份認(rèn)證和資源態(tài)勢監(jiān)控顯得格外重要。從用戶的角度看,需要保證請求訪問平臺資源的用戶身份的合法性,防止平臺資源被非法用戶獲取。從服務(wù)器角度看,要保證提供服務(wù)的服務(wù)器身份的合法性,以防止合法用戶的資料外泄。為了能夠了解系統(tǒng)的運行狀態(tài),需要將系統(tǒng)資源使用態(tài)勢實時反饋給管理員,從而給管理員提供維護(hù)和解決問題的向?qū)�。在現(xiàn)有面向OpenStack的身份認(rèn)證方案中,尚且沒有比較全面的保護(hù)方案,所以本文提出了一種三層身份認(rèn)證機(jī)制保證云平臺的訪問控制,并通過開源分布式監(jiān)控系統(tǒng)ganglia獲取主機(jī)節(jié)點的相關(guān)信息,建立二元線性回歸模型,對系統(tǒng)資源使用態(tài)勢進(jìn)行分析和圖形化顯示。與現(xiàn)有云平臺安全保障技術(shù)相比,該三層身份認(rèn)證機(jī)制克服了現(xiàn)有技術(shù)認(rèn)證方式單一的缺點,不僅從三個層面上保證了云平臺下用戶和服務(wù)器身份的合法性,也避免了虛擬機(jī)資源的濫用,一定程度上防止了DoS的實施。在認(rèn)證方式上,本文采用了USBKey技術(shù),該技術(shù)通過將CA分配給用戶的密鑰和頒發(fā)的數(shù)字證書通過軟件形式寫入到USBKey內(nèi)置的芯片中,并且內(nèi)置常用密碼算法,每次采用不同的密碼并結(jié)合證書這兩個因子對用戶身份進(jìn)行驗證,既具有傳統(tǒng)的基于用戶名和密碼認(rèn)證方式的簡單性,也避免了身份信息經(jīng)過內(nèi)存,使得企圖通過內(nèi)存掃描和網(wǎng)絡(luò)監(jiān)聽方式獲取認(rèn)證信息的方法失效。在資源使用態(tài)勢監(jiān)控方面,首先通過加州伯克利分校發(fā)起開發(fā)的開源數(shù)據(jù)中心監(jiān)控系統(tǒng)ganglia獲取每個主機(jī)節(jié)點的運行狀態(tài)信息,然后采用二元線性回歸模型,基于歷史數(shù)據(jù),獲取主機(jī)節(jié)點當(dāng)前估計值,最后在圖形化顯示時,根據(jù)事先設(shè)置的正常閥值,對超過閥值的時刻給出報警信息,并用特殊顏色顯示,以提醒管理員給予相應(yīng)的重視,能夠一定程度上幫助管理員發(fā)現(xiàn)系統(tǒng)性能瓶頸和安全隱患。Ganglia在穩(wěn)定性和可擴(kuò)展性方面的優(yōu)勢,使得整個方案能夠應(yīng)用到分布式大規(guī)模場景中。
[Abstract]:With the continuous improvement of computer computing power, cloud computing technology with its scalability and improve the ability to share resources, OpenStack is an open source project which aims to provide software for the construction and management of public and private cloud. It simplifies the deployment process of cloud platform and brings good scalability. Cloud platform technology is being widely used in commercial, military, academic and other fields, which makes the whole cloud platform identity authentication and resource situation monitoring is particularly important. From the user's point of view, it is necessary to ensure the legitimacy of the user identity of requesting access to the platform resource and prevent the platform resource from being obtained illegally by the user. From the server point of view, to ensure the server identity of the service to prevent the disclosure of legitimate users. In order to understand the running state of the system, it is necessary to give the real-time feedback of the system resource usage situation to the administrator, thus providing the administrator with a guide to maintain and solve the problem. In the existing identity authentication schemes for OpenStack, there is no comprehensive protection scheme, so this paper proposes a three-layer authentication mechanism to ensure the access control of cloud platform. Through the open source distributed monitoring system (ganglia) to obtain the relevant information of the host node, a binary linear regression model is established, and the system resource usage situation is analyzed and graphically displayed. Compared with the existing cloud platform security technology, the three-layer identity authentication mechanism overcomes the shortcomings of the single authentication mode of the existing technology, and not only ensures the legitimacy of the user and server identity under the cloud platform from three levels. Also avoid the abuse of virtual machine resources, to some extent prevent the implementation of DoS. In the authentication mode, this paper adopts USBKey technology, which writes the key and the digital certificate issued by CA to the embedded chip of USBKey through software, and the common cipher algorithm is built in. Each time, the user identity is verified by different password and certificate, which is not only simple based on user name and password authentication, but also avoids identity information passing through memory. The method that attempts to obtain authentication information through memory scanning and network monitoring is invalidated. In the aspect of resource usage situation monitoring, the open source data center monitoring system (ganglia) developed by Berkeley, California, firstly obtains the running state information of each host node, and then adopts a binary linear regression model based on historical data. Get the current estimate of the host node, finally, according to the pre-set normal threshold value, give the alarm information for the time exceeding the threshold value, and display the special color in order to remind the administrator to pay attention to it. To a certain extent, it can help administrators find the system performance bottlenecks and security vulnerabilities. Ganglia has the advantages of stability and extensibility, so that the whole scheme can be applied to distributed large-scale scenarios.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.09;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 閻光,劉鎮(zhèn);可移動式身份認(rèn)證機(jī)制[J];華東船舶工業(yè)學(xué)院學(xué)報(自然科學(xué)版);2002年05期

2 諸曄;秦芳;顧健;;流行的身份認(rèn)證機(jī)制淺析[J];電腦學(xué)習(xí);2008年05期

3 田麗麗;韓慧蓮;;身份認(rèn)證機(jī)制的對比與研究[J];機(jī)械管理開發(fā);2008年01期

4 王秦;支芬和;;移動商務(wù)身份認(rèn)證評價指標(biāo)體系研究[J];技術(shù)經(jīng)濟(jì)與管理研究;2012年04期

5 黎成兵,洪帆;分布式環(huán)境下的身份認(rèn)證機(jī)制研究[J];微型機(jī)與應(yīng)用;2005年03期

6 趙杰;門國尊;王珊;;電子檔案網(wǎng)絡(luò)化管理中的身份認(rèn)證機(jī)制[J];蘭臺世界;2006年02期

7 楊娜娜;王楊;陳付龍;黃亞坤;鄧琨;;基于移動agent的云計算身份認(rèn)證機(jī)制研究[J];計算機(jī)應(yīng)用研究;2012年10期

8 周福才,高克寧,曹光輝,張冠宇;基于混沌理論的身份認(rèn)證機(jī)制及其安全性分析[J];小型微型計算機(jī)系統(tǒng);2003年12期

9 鄭貴德;陳明;;計算集成身份認(rèn)證機(jī)制[J];現(xiàn)代電子技術(shù);2012年17期

10 王秦;敖靜海;;移動商務(wù)環(huán)境下身份認(rèn)證機(jī)制的研究[J];北京聯(lián)合大學(xué)學(xué)報(自然科學(xué)版);2011年03期

相關(guān)重要報紙文章 前3條

1 ;彩虹天地有安全才可行[N];中國計算機(jī)報;2003年

2 ;聯(lián)想：塑造新標(biāo)準(zhǔn)[N];電腦商報;2003年

3 ;WebST保護(hù)應(yīng)用[N];網(wǎng)絡(luò)世界;2003年

相關(guān)博士學(xué)位論文 前1條

1 朱麗;認(rèn)知無線網(wǎng)絡(luò)密鑰協(xié)商及身份認(rèn)證機(jī)制研究[D];武漢大學(xué);2010年

相關(guān)碩士學(xué)位論文 前10條

1 任海;面向OpenStack的多層身份認(rèn)證機(jī)制和資源態(tài)勢監(jiān)控[D];西安電子科技大學(xué);2014年

2 丁敏;一種基于數(shù)字簽名的動態(tài)身份認(rèn)證機(jī)制研究與設(shè)計[D];河北工業(yè)大學(xué);2014年

3 董澤浩;電子商務(wù)中基于哈希算法的身份認(rèn)證機(jī)制[D];合肥工業(yè)大學(xué);2002年

4 曹U，

本文編號：1845134