云安全策略的存储机制研究
|
摘要
云计算、云安全与云存储逐渐走进人们的生活,成为研究的热点,其相关技术已经逐步渗入计算机及其相关的行业。随着现代化信息社会的到来,数据的安全存储就变得日益重要。本文以传统的策略存储作为切入点,将其策略存储进行比较改进,以适应云安全策略存储的需求。
策略存储技术是用来存储用户创建的策略及其相关的策略信息。策略仓库能够在集中管理和处理多个策略及其相关信息。目前流行的策略仓库通常是关系型数据库策略存储或目录服务器策略存储,还可以是具有某种固定格式的文件,例如XML文件格式。
关系型数据库,是指借助实体关系模型来组织数据的数据库,采用数学概念和集合代数的方法来处理数据库中的各类关系和数据。LDAP是轻量级目录访问协议,现在已经成为网络中提供目录服务的一种IETF开放标准。
但以上两种策略存储都属于静态策略存储,而在实际使用中,策略之间存在着某种依赖关系,而且修改更新比较频繁,不适合用传统的方式存储。为了解决这类问题,从而引入了基于形式概念分析的动态策略存储。区别于静态策略,动态策略更能适应不断变化着的策略,能够实时的更新自己的策略仓库,以便适应云安全网络环境不断变化的客户要求,不断变化的策略组合,不断变化的本地策略和网络策略之间的冲突,本文设计了基于形式概念分析的策略存储模型。根据实际问题域定义符合这种情形的形式背景,根据该形式背景构造出所有节点和边,完成概念格的模型构造,从而得到对象及其属性之间的偏序关系,构造出符合实际情况的策略仓库。
Cloud computing, security and cloud storage came into people's lives gradually, become a hot research, and its related technologies have been gradually into the computer and related industries. With the advent of modern information society, the security of data storage becomes increasingly important. In this paper, the strategy of traditional storage as a starting point to compare the improvement of its storage strategy to meet the needs of cloud security storage strategy.
Policy storage technology is used to store user-created policies and related policy information. Strategy warehouse can centrally manage storage and processing of multiple strategies and related information. Popular strategy for storage is usually stored in a relational database or directory server storage policy strategy, it can be fixed with some file formats, such as XML file format.
Relational database using entity relationship model is to organize data in the database, using a collection of mathematical concepts and algebraic approach to the relationship between various types of database and data. LDAP is the Lightweight Directory Access Protocol, the network has now become a kind of directory services to provide open IETF standards.
However, the above two strategies are all stored in static storage strategies, and in actual use, there are a large number of policy updates and changes, the two static policies are stored on the show themselves were insufficient. To solve this problem, which introduces the formal concept analysis based on the dynamic storage strategies. Different from the static strategy, dynamic strategy can adapt to changing policy better, can update their strategies in real-time warehouse, in order to secure the network environment to adapt to the cloud changing customer requirements and constantly changing mix of strategies, changing the local policy and network conflict between policy, this paper design a strategy based on formal concept analysis storage model. Meet the definition of the problem domain based on the actual situation in the form of this background, the background is constructed according to the form of all the nodes and edges to complete the concept lattice model construction, resulting in objects and their partial order between attributes is constructed in line with the actual situation Strategy warehouse.
策略存储技术是用来存储用户创建的策略及其相关的策略信息。策略仓库能够在集中管理和处理多个策略及其相关信息。目前流行的策略仓库通常是关系型数据库策略存储或目录服务器策略存储,还可以是具有某种固定格式的文件,例如XML文件格式。
关系型数据库,是指借助实体关系模型来组织数据的数据库,采用数学概念和集合代数的方法来处理数据库中的各类关系和数据。LDAP是轻量级目录访问协议,现在已经成为网络中提供目录服务的一种IETF开放标准。
但以上两种策略存储都属于静态策略存储,而在实际使用中,策略之间存在着某种依赖关系,而且修改更新比较频繁,不适合用传统的方式存储。为了解决这类问题,从而引入了基于形式概念分析的动态策略存储。区别于静态策略,动态策略更能适应不断变化着的策略,能够实时的更新自己的策略仓库,以便适应云安全网络环境不断变化的客户要求,不断变化的策略组合,不断变化的本地策略和网络策略之间的冲突,本文设计了基于形式概念分析的策略存储模型。根据实际问题域定义符合这种情形的形式背景,根据该形式背景构造出所有节点和边,完成概念格的模型构造,从而得到对象及其属性之间的偏序关系,构造出符合实际情况的策略仓库。
Cloud computing, security and cloud storage came into people's lives gradually, become a hot research, and its related technologies have been gradually into the computer and related industries. With the advent of modern information society, the security of data storage becomes increasingly important. In this paper, the strategy of traditional storage as a starting point to compare the improvement of its storage strategy to meet the needs of cloud security storage strategy.
Policy storage technology is used to store user-created policies and related policy information. Strategy warehouse can centrally manage storage and processing of multiple strategies and related information. Popular strategy for storage is usually stored in a relational database or directory server storage policy strategy, it can be fixed with some file formats, such as XML file format.
Relational database using entity relationship model is to organize data in the database, using a collection of mathematical concepts and algebraic approach to the relationship between various types of database and data. LDAP is the Lightweight Directory Access Protocol, the network has now become a kind of directory services to provide open IETF standards.
However, the above two strategies are all stored in static storage strategies, and in actual use, there are a large number of policy updates and changes, the two static policies are stored on the show themselves were insufficient. To solve this problem, which introduces the formal concept analysis based on the dynamic storage strategies. Different from the static strategy, dynamic strategy can adapt to changing policy better, can update their strategies in real-time warehouse, in order to secure the network environment to adapt to the cloud changing customer requirements and constantly changing mix of strategies, changing the local policy and network conflict between policy, this paper design a strategy based on formal concept analysis storage model. Meet the definition of the problem domain based on the actual situation in the form of this background, the background is constructed according to the form of all the nodes and edges to complete the concept lattice model construction, resulting in objects and their partial order between attributes is constructed in line with the actual situation Strategy warehouse.
引文
[1]胡慧,王辉.云计算技术现状与发展趋势分析[J].软件导刊,2009,(09)
[2]阮立志,许凌云.一种基于网格计算环境的安全实现研究,2009(05).
[3]桂小笋.云计算猜想,2009,(04).
[4]方杰浅.谈云安全[期刊论文]-信息系统工程,2009,(08).
[5]马骏.概念格及其可视化研究,河南大学硕士学位论文,2005.
[6]郭军,基于概念格的查询扩展系统及建格算法研究,北京邮电大学,2008.
[7]胡可云,陆玉昌,石纯一.概念格及其应用进展[J]清华大学学报(自然科学版)2000,(09).
[8]胡学钢,王昕娅.基于概念格的决策表约简算法,计算机应用,2008(11).
[9]马骏.概念格及其可视化研究,河南大学硕士学位论文,2005.
[10]王旭,马垣.基本概念格的关联规则挖掘算法[J].鞍山科技大学学报,2006,(01).
[11]胡晓墩.概念格上面向内涵的Rough集合[J].中国矿业,2005,(03).
[12]Godin R, Mis saoui R, Alaui H. Incremental concept formation algorithm based on Galois(concept) lattice[J]. Computational Intelligence,1995,11(2):246-26.
[13]姜广.基于概念格的决策规则获取方法研究[D]山西大学,2006.
[14]谢润.概念格建格算法研究,西南交通大学,2006.
[15]韩道军Godin算法的改进和FCA在智能搜索引擎中的应用,计算机研究与发展,2005(5).
[16]胡海艳.基于概念格的动态策略存取模型.吉林大学硕士学位论文.2009,4.
[17]IETF Network Working Group's RFC 2251, "Lightweight Directory Access Protocol (v3)", Wahl, Howes& Kille, Dec.1997,www.ietf.org/rfc/rfc2251.txt.
[18]张靖,马丁.LDAP目录服务在PKI中的应用[J].河南科技学院学报(自然科学版)2006,(01).
[19]Umakant Mishra, "Inventions on LDAP:A study based on US Patents", published in http://www.trizsite.com/articles/, July 2006.
[20]US Patent 6609121, "Lightweight directory access protocol interface to directory assistance systems ", Invented by Ambrosini, et al., Assigned by IBM, August 2003.
[21]US Patent 7076488, "XML-LDAP adapters and methods therefore",Invented by Bollich, Assigned by Hewlett-Packard Development Company, L.P., Issued in July 2006.
[22]US Patent 6356892, "Efficient implementation of lightweight directory access protocol (LDAP) search queries with structured query language (SQL)", Invented by Corn, et al., Assigned by IBM, Issued in March 2002.
[23]陈小弟,李长河,张熙,杜江杰.基于LDAP的Internet分布式目录服务的分析与实现[J].计算机工程,2002,(08).
[24]Ho TB. Incremental conceptual clustering in the framework of Galois lattice [A]. KDD:Techniques and Applications [C]. World Scientific,1997,49-64.
[25]US Patent 6633872, "Extendible access control for lightweight directory access protocol", Invented by Ambrosini, et al., Assigned by IBM, Issued in October 2003.
[26]GODIN R, MISSAOUI R. An incremental concept formation approach for leaning from databases[J]. Theoretical Computer Science,1994,133(2):387-419.
[27]Valtchev P,Missaoui R,Lebrun P. A Partitorr based approach towards constructing Galois(concept) Lattices[J]. Discrete Mathematics,2002(256):801-829.
[28]EKLUNDP,COLER. A knowledge representation for information filtering using formal concept analysis[DB/OL]. http://citeseer.ist.psu.edu/396364.html.
[29]M.Wahl,T.Howes,S.Kille. "Lightweight Directory Access Protocol(v3),RFC2251, December 1997.
[30]Hong Qi,Da-you Liu,Cheng-quan Hu,Ming Lu,Liang Zhao. Searching for Closed Itemset with Formal Concept Analysis.Proceedings of 2004 International Conference on Machin Learning and Cybernetices(ICMLC 2004).August 26-29,2004, Shanghai, China,1238-1243.
[31]Huaiguo F,EngelbertM N. A Parallel algorithm to generate formal concept for large data. In:Second International Conference on Formal Concept Analysis(ICFCA2004), Sydney,2004:394-401.
[32]唐俊.基于概念格的个性化信息检索研究,四川,西华大学,2005.
[33]胡可云,陆玉昌,石纯一.概念格及其应用进展[J]清华大学学报(自然科学版)2000,(09).
[34]姜广.基于概念格的决策规则获取方法研究[D]山西大学,2006.
[35]IETF Network Working Group's RFC 2251,"Lightweight Directory Access Protocol (v3)", Wahl, Howes& Kille, Dec.1997,www.ietf.org/rfc/rfc2251.txt.
[36]魏雁平.基于有向图覆盖关系的安全策略冲突检测模型.四川大学硕士学位论文2006,4,26.
[37]N.Dunlop. Dynamic Policy-Based Management in Open Distributed Environments. Ph.D.Thesis,University of Queensland, Brisbane, Australia.2002,9.
[38]J.S.Deogun,V.V.Taghavan,and H.Sever. Formal concept analysis and applications[R]. Lincoln:University Of Nebraska at Lincoln,the Department of Computer Science: 1998.
[39]T.Tourwe,K.Mens.Mining Aspectual Views using formal Concept Analysis[A].Iin Source Code Analysis and Manlipulition Workshop (SCAM 2004) [C].Chicago, IL,USA:IEEE Computer Society,2004:1-10.
[40]Frank Buchli. Detecting Software Patterns using Formal Concept Analysis[Z]. University Bern:Institute for Information and Mathematic,2003/10.
[2]阮立志,许凌云.一种基于网格计算环境的安全实现研究,2009(05).
[3]桂小笋.云计算猜想,2009,(04).
[4]方杰浅.谈云安全[期刊论文]-信息系统工程,2009,(08).
[5]马骏.概念格及其可视化研究,河南大学硕士学位论文,2005.
[6]郭军,基于概念格的查询扩展系统及建格算法研究,北京邮电大学,2008.
[7]胡可云,陆玉昌,石纯一.概念格及其应用进展[J]清华大学学报(自然科学版)2000,(09).
[8]胡学钢,王昕娅.基于概念格的决策表约简算法,计算机应用,2008(11).
[9]马骏.概念格及其可视化研究,河南大学硕士学位论文,2005.
[10]王旭,马垣.基本概念格的关联规则挖掘算法[J].鞍山科技大学学报,2006,(01).
[11]胡晓墩.概念格上面向内涵的Rough集合[J].中国矿业,2005,(03).
[12]Godin R, Mis saoui R, Alaui H. Incremental concept formation algorithm based on Galois(concept) lattice[J]. Computational Intelligence,1995,11(2):246-26.
[13]姜广.基于概念格的决策规则获取方法研究[D]山西大学,2006.
[14]谢润.概念格建格算法研究,西南交通大学,2006.
[15]韩道军Godin算法的改进和FCA在智能搜索引擎中的应用,计算机研究与发展,2005(5).
[16]胡海艳.基于概念格的动态策略存取模型.吉林大学硕士学位论文.2009,4.
[17]IETF Network Working Group's RFC 2251, "Lightweight Directory Access Protocol (v3)", Wahl, Howes& Kille, Dec.1997,www.ietf.org/rfc/rfc2251.txt.
[18]张靖,马丁.LDAP目录服务在PKI中的应用[J].河南科技学院学报(自然科学版)2006,(01).
[19]Umakant Mishra, "Inventions on LDAP:A study based on US Patents", published in http://www.trizsite.com/articles/, July 2006.
[20]US Patent 6609121, "Lightweight directory access protocol interface to directory assistance systems ", Invented by Ambrosini, et al., Assigned by IBM, August 2003.
[21]US Patent 7076488, "XML-LDAP adapters and methods therefore",Invented by Bollich, Assigned by Hewlett-Packard Development Company, L.P., Issued in July 2006.
[22]US Patent 6356892, "Efficient implementation of lightweight directory access protocol (LDAP) search queries with structured query language (SQL)", Invented by Corn, et al., Assigned by IBM, Issued in March 2002.
[23]陈小弟,李长河,张熙,杜江杰.基于LDAP的Internet分布式目录服务的分析与实现[J].计算机工程,2002,(08).
[24]Ho TB. Incremental conceptual clustering in the framework of Galois lattice [A]. KDD:Techniques and Applications [C]. World Scientific,1997,49-64.
[25]US Patent 6633872, "Extendible access control for lightweight directory access protocol", Invented by Ambrosini, et al., Assigned by IBM, Issued in October 2003.
[26]GODIN R, MISSAOUI R. An incremental concept formation approach for leaning from databases[J]. Theoretical Computer Science,1994,133(2):387-419.
[27]Valtchev P,Missaoui R,Lebrun P. A Partitorr based approach towards constructing Galois(concept) Lattices[J]. Discrete Mathematics,2002(256):801-829.
[28]EKLUNDP,COLER. A knowledge representation for information filtering using formal concept analysis[DB/OL]. http://citeseer.ist.psu.edu/396364.html.
[29]M.Wahl,T.Howes,S.Kille. "Lightweight Directory Access Protocol(v3),RFC2251, December 1997.
[30]Hong Qi,Da-you Liu,Cheng-quan Hu,Ming Lu,Liang Zhao. Searching for Closed Itemset with Formal Concept Analysis.Proceedings of 2004 International Conference on Machin Learning and Cybernetices(ICMLC 2004).August 26-29,2004, Shanghai, China,1238-1243.
[31]Huaiguo F,EngelbertM N. A Parallel algorithm to generate formal concept for large data. In:Second International Conference on Formal Concept Analysis(ICFCA2004), Sydney,2004:394-401.
[32]唐俊.基于概念格的个性化信息检索研究,四川,西华大学,2005.
[33]胡可云,陆玉昌,石纯一.概念格及其应用进展[J]清华大学学报(自然科学版)2000,(09).
[34]姜广.基于概念格的决策规则获取方法研究[D]山西大学,2006.
[35]IETF Network Working Group's RFC 2251,"Lightweight Directory Access Protocol (v3)", Wahl, Howes& Kille, Dec.1997,www.ietf.org/rfc/rfc2251.txt.
[36]魏雁平.基于有向图覆盖关系的安全策略冲突检测模型.四川大学硕士学位论文2006,4,26.
[37]N.Dunlop. Dynamic Policy-Based Management in Open Distributed Environments. Ph.D.Thesis,University of Queensland, Brisbane, Australia.2002,9.
[38]J.S.Deogun,V.V.Taghavan,and H.Sever. Formal concept analysis and applications[R]. Lincoln:University Of Nebraska at Lincoln,the Department of Computer Science: 1998.
[39]T.Tourwe,K.Mens.Mining Aspectual Views using formal Concept Analysis[A].Iin Source Code Analysis and Manlipulition Workshop (SCAM 2004) [C].Chicago, IL,USA:IEEE Computer Society,2004:1-10.
[40]Frank Buchli. Detecting Software Patterns using Formal Concept Analysis[Z]. University Bern:Institute for Information and Mathematic,2003/10.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |