結論與未來研究方向 - IP監測及檔案風險為基礎以設計可信任的雲端平台之研究

依Yang Cheng及Carl Almond等，在 “A Trusted Cloud Service Platform Architecture”中，有明確的提到：雲端服務提供商應該在背景做一些對租戶有幫助的偵測，比如說異常IP的偵測或重要檔案的偵測，並可以透過雲工程師，適時的提供客戶們一些有利的策略，以避免重要檔案遭到盜用，讓租戶的員工可以了解到雲端化的安全性，為了達到此一目的，我們提出了一個加值之安全的服務平台，稱之為 Trustworthy Cloud Platform (TWCP)。

本論文詳細研究可信任的監測平台的基本原理及相關應用模型，並在此基礎上，對雲端用戶關心的風險指標與改善方法，在可信任的監測平台上產出了每日的稽核報告，提供每日登入/登出的時間，記錄，來源 IP，開啟了什麼檔案等功能，提供給雲端平台的租用使用。整體的研究成果如下：

(1). 結合IP位址監測及檔案風險管理產生每日的異動檔案，以設計一個可信任的雲端平台

（TWCP, Trustworthy Cloud Platform），滿足一般客戶對 IaaS的安全與信任的需求。

(2). 經由檔案風險管理的研究，提出一個檔案風險值的演算法。

(3). 每天提供異動服務之稽核報表，並可連結至管理網站，讓租戶為調整或設定檔案的評分，

最後得出一個風險值，做為後續強化整體防護機制的一個參考值。

(4). 透過比對實驗組及對照組間的模擬實驗方法，提高雲端服務提供商的IP監測率(IMR)以及降低檔案存取風險值(FAR)，並進行實驗結果分析。

(5). 在IP監測及控管部份，透過本平台收集實驗組及對照組的日誌記錄，加以實驗統計三周後，發現經TWCP監控後，在IMR的部份，其受存取的次數實驗組僅為對照組的的55%，

在次數上也少了305,245次。

(6). 在檔案存取風險值部份，透過實驗組三周下來的日誌記錄統計，了解到為未監控的對照組，其永遠皆為危險等級1，而受監控的實驗組，其風險值在經過租戶的評分後，有提升至等級2，較為安全的等級，FAR部份受監控主機比未受監控主機低了的49%。

透過實驗法，對實驗結果的分析，再深入提供相關風險等級等加值服務，提供租戶一個

可信任的租用雲端環境，能夠提高租戶對系統服務商的依賴性，其主要優勢表現為下列方向：

(1). 提升 IP 的監測率，降低資訊系統被攻擊的機率。

(2). 針對特定的目錄，遭到任何人登入開啟檔案，可以更快、更有效地在短時間內回應。

(3). 就受監測的特定服務部份，可以產出每日稽核報表，供管理者檢查使用。

(4). 結合其他IPS或資安防護系統，當偵測到異常IP入侵存取時，可做快速地攔阻IP動作。

5.2 未來研究方向

本文僅針對Linux 檔案的風險值來做討論，就整個模組化的平台，可以再延升到常見的 Windows-Based 等平台的檔案風險值的監測，在 IP監測部份也僅就常見的80, 22, FTP Port 等做封包收集，若未來在儲存設備空間允許的情況下，可以就所有封包皆收集，並透過相關的資安設備來做分析、計算，其得到的IP值，將更為精確，再即時的回饋到前端的其他廠牌的防火牆，其即時性能大大的提升。在不影響現有的系統資源下，進行實作以節省CPU及記憶體等計算的資源。最後，本文所提出之TWCP平台可以應用在政府機關的官網或郵件伺服器等雲端應用與服務上。

參考文獻

[1] Almorsy Mohamed, Grundy John, Ibrahim Amani S., “Adaptable, Model-driven Security Engineering for SaaS Cloud-Based Applications”, Automated Software Engineering, Vol. 21, No. 2, pp. 187-224, April 2014.

[2] Andrej Schreiner, Gerd Balzer, “Risk Analysis of Distribution systems using Value at Risk methodology”, Probabilistic Methods Applied to Power Systems, 2008. PMAPS '08. In Proceedings of the 10th International Conference on Rincon, 25-29 May 2008.

[3] Daiki Chiba, Kazuhiro Tobe, Tatsuya Mori† and Shigeki Goto, "Detecting Malicious Websites by Learning IP Address Features", 2012 IEEE/IPSJ, In Proceedings of the 12th International Symposium on Applications and the Internet, pp.29 – 39, July 2012.

[4] Fernandes Diogo A. B., Soares Liliana F. B., Gomes Joao V., Freire Mario M., Inacio Pedro R. M., “Security Issues in Cloud Environments: A Survey”, International Journal of Information Security, Vol. 13, No. 2, pp. 113-170, Sep.

2014.

[5] Gustavo Zurita, Nelson Baloian, Jonathan Frez, “Using the Cloud to Develop Applications Supporting Geo-Collaborative Situated Learning”, Future Generation Computer Systems-The International Journal of Grid Computing and Science, Vol. 34, pp. 124-137, May 2014.

[6] Haibo He, Garcia Edwardo A, “Learning from Imbalanced Data”, IEEE Transactions on Knowledge and Data Engineering, Vol. 21, No. 9, pp. 1263-1284, June 2009.

[7] Mansouri Dou El Kefel, Benyettou Mohamed, “Risk Management in Cloud Computing”, In Proceedings of Innovative Computing Technology （INTECH）, 2013 Third International Conference on, Aug. 2013.

[8] Oscar Diez, Silva Andres, “Resilience of Cloud Computing in Critical Systems”, Quality and Reliability Engineering International, Vol. 30, No. 3, pp. 397-412, April 2014.

[9] Rezaei Reza, Chiew Thiam, Kian Lee, Sai Peck; Aliee Zeinab Shams, “A Semantic Interoperability Framework for Software as a Service Systems In Cloud Computing Environments”, Expert Systems with Applications, Vol. 41, No.

13, pp. 5751-5770, Oct. 2014.

[10] Shigeaki Tanimoto, Manami Hiramoto, Motoi Iwashita, Hiroyuki SATO, Atsushi Kanai, “Risk Management on the Security Problem in Cloud Computing”, In Proceedings of the First ACIS/JNU International Conference on Computers, Networks, Systems, and Industrial Engineering, Vol. 82, pp. 147-152, May 2011.

[11] Tianri Wang, Shunsheng Guo, Chi-Guhn Lee, “Manufacturing Task Semantic Modeling and Description in Cloud Manufacturing System”, International Journal of Advanced Manufacturing Technology, Vol. 71, No. 9-12, pp.

2017-2031, April 2014.

[12] WeiTek Tsai, XiaoYing Bai, Yu Huang, “Software-as-a-Service （SaaS）: Perspectives and Challenges”, Science China-Information Sciences, Vol. 57, No. 5, May 2014.

[13] Xuan Zhang, Nattapong Wuwong, Hao Li, Xuejie Zhang, “Information Security Risk Management Framework for the Cloud Computing Environments”, In Proceedings of the 10th IEEE International Conference on Computer and Information Technology （CIT 2010）, pp. 1328-1334, June 29 ~ July 1, 2010.

[14] Yamada Hiroshi, Tonosaki Shuntaro, Kono Kenji, “Efficient Update Activation for Virtual Machines in IaaS Cloud Computing Environments”, In Proceedings of IEICE Transactions On Information And Systems, Vol. 97, No. 3, pp.

469-479, March 2014.

[15] Yang Cheng,Xiao-Yong Li, Ming-Qing Ling, “A Trusted Cloud Service Platform Architecture” In Proceedings of the Information Science and Applications （ICISA）, 2012 International Conference on Suwon, 23-25 May 2012.

[16] Zdziarski, Jonathan, “Identifying Back Doors, Attack Points, and Surveillance Mechanisms in IOS Devices”, Digital Investigation, Vol. 11, No. 1, pp. 3-19, March 2014.

[17] Philip Jorion, MeGraw- Hill, Value at Risk 2e, 2005.

[18] The Most Fit Assesement usiing Special VaR, BOT taiwan, Vol. 61, No. 3, pp.243-261, March 2011.

[19] HTTPs://www.isaca.org/Pages/default.aspx, 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA, RiskIT_FW_30June2010_Research.pdf, 2010.

[20] HTTPs://www4.symantec.com/mktginfo/whitepaper/ISTR/21347931_GA-internet-security-threat-report-volume-20-2015-appendices.pdf.

define('TEXT_Login_ERROR', '<font color="#ff0000"><b>錯誤：</b></font> 錯誤的帳號或密碼！');

define('TEXT_FORGOTTEN_ERROR', '<font color="#ff0000"><b>錯誤：</b></font> 帳號與密碼不符！');

define('TEXT_AUTHORITY_ERROR', '<font color="#ff0000"><b>錯誤：</b></font> 該帳號沒有後台Login權限！');

define('TEXT_CANCEL_ERROR', '<font color="#ff0000"><b>錯誤：</b></font> 該帳號已被停用！');

/************

參數設定：結束

*************/

if (isset($_GET['action']) && ($_GET['action'] == 'process')) { $username = db_prepare_input($_POST['username']);

$password = db_prepare_input($_POST['password']);

// 確認使用者帳號是否存在

$db->query("select pk as Login_id, name as Login_name, password as

Login_password,rolegroupid as rolegroups_id, updtime as Login_modified, lastvisitDate as Login_logdate, status as Login_status from " . TABLE_ADMIN . " where user = '" .

db_input($username) . "'");

if (!$db->get_num_rows()) { $_GET['Login'] = 'fail';

} else {

$check_admin = $db->fetch_array();

// Check that password is good

if (!validate_password($password, $check_admin['Login_password'])) {

$_GET['Login'] = 'fail';

} else {

$level = $check_admin['level'];

$Login_status = $check_admin['Login_status'];

if ($Login_status!='Y') {

$_GET['Login'] = 'fail3';

} else {

if (is_session_registered('password_forgotten')) { is_session_unregister('password_forgotten');

}

$rolegroups_id = $check_admin[rolegroups_id];

$Login_id = $check_admin['Login_id'];

$Login_name = $check_admin['Login_name'];

$Login_status = $check_admin['Login_status'];

fn_session_register('Login_id');

fn_session_register('rolegroups_id');

fn_session_register('Login_name');

$admin_title = 'LOG';

fn_session_register('admin_title');

$db->query("update " . TABLE_ADMIN . " set lastvisitDate = now(), activation = activation+1 where pk = '" . $Login_id . "'");

fn_redirect(href_link('index.php'));

} } } }

<html>

<head>

function FocusOnInput() {

document.getElementById("username").focus();

}

</script>

<style>

.btn-orange { color: #ffffff;

background-color: #ff9600;

border-color: #ff9600;

.open .dropdown-toggle.btn-orange { color: #ffffff;

background-color: #d67e00;

border-color: #c27200;

}

.btn-orange:active, .btn-orange.active,

.open .dropdown-toggle.btn-orange { background-image: none;

.btn-orange[disabled].active,

fieldset[disabled] .btn-orange.active { background-color: #ff9600;

border-color: #ff9600;

}

.btn-orange .badge { color: #ff9600;

background-color: #ffffff;

}

.btn-orange > .caret { border-top-color: #ffffff;

border-bottom-color: #ffffff !important;

}

.btn-orange.dropdown-toggle { border-left-color: #db8100;

}

.btn-orange.btn-icon i { background-color: #d67e00;

padding: 6px 6px;

font-size: 15px;

line-height: 1.42857143;

border-radius: 3px;

-webkit-background-clip: padding-box;

-moz-background-clip: padding;

background-clip: padding-box;

-webkit-border-radius: 0 3px 3px 0;

.btn-orange.btn-icon.icon-left i { float: left;

right: auto;

left: 0;

-webkit-background-clip: padding-box;

-moz-background-clip: padding;

background-clip: padding-box;

-webkit-border-radius: 3px 0 0 3px !important;

-moz-border-radius: 3px 0 0 3px !important;

.btn-orange.btn-icon.btn-lg i { padding: 10px 10px;

.btn-orange.btn-icon.btn-sm i { padding: 5px 6px;

.btn-orange.btn-icon.btn-xs i { padding: 2px 6px;

outline: 5px auto -webkit-focus-ring-color;

outline-offset: -2px;

}

.btn:hover,

fieldset[disabled] .btn { cursor: not-allowed;

</ul>

<tr>

<td align="center" valign="middle"><table width="350" border="0" cellpadding="1"

cellspacing="0" bgcolor="#BEBEBE">

<tr>

<tr>

<?php echo draw_form('Login', 'Login.php', 'action=process','post'); ?>

<?php

if ($_GET['Login'] == 'fail') {

$info_message = TEXT_Login_ERROR;

} else if ($_GET['Login'] == 'fail2') {

$info_message = TEXT_AUTHORITY_ERROR;

} else if ($_GET['Login'] == 'fail3') {

$info_message = TEXT_CANCEL_ERROR;

}

if (isset($info_message)) { echo $info_message;

}

<td><input type="text" id="username" name="username"

style="width:12em;"></td></tr>

<tr>

<td><input type="password" name="password" maxlength="30"

style="width:12em;"></td></tr>

onClick="chk_submit(this.form); return false;">Login</button>-->

</td></tr>

</td>

</tr>

</table>

</body>

</html>

程式編號： 002

程式檔名： Logout.php 程式用途：登出頁面。

程式說明：登出頁面，清除基本資料。

程式碼片段：

<?php

require('includes/common.php');

define('HEADING_TITLE', '登出');

define('NAVBAR_TITLE', '登出');

define('TEXT_MAIN', '已從<b>管理區</b>登出，你可以放心離開或按回上頁重新Login');

define('TEXT_RELogin', '重新Login');

//fn_session_destroy();

is_session_unregister('Login_id');

is_session_unregister('Login_name');

is_session_unregister('Login_groups_id');

header('Location: Login.php');

if (isset($_GET['moduleid'])) {

$moduleid = $_GET['moduleid'];

} else {

$moduleid = 0;

}

//1:列表 / 2:新增 / 3:修改 / 4:刪除 if (isset($_GET['error'])) {

$error = $_GET['error'];

} else {

$error = 0;

}

$strHtmlTitle = $thisMenuTitle.' > '.$sSiteName;

<!DOCTYPE html>

<head>

href="http://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic">

<!--[if lt IE 9]>

<![endif]-->

/* By defining CKFinderFrame, you are able to customize the CKFinder frame style */

.CKFinderFrame {

border: solid 2px #e3e3c7;

background-color: #f1f1e3;

}

</style>

// This is a sample function which is called when a file is selected in CKFinder.

function ShowFileInfo( fileUrl, data ) {

var msg = 'The selected URL is: ' + fileUrl + '\n\n';

// Display additional information available in the "data" object.

// For example, the size of a file (in KB) is available in the data["fileSize"] variable.

if ( fileUrl != data['fileUrl'] )

msg += 'File url: ' + data['fileUrl'] + '\n';

msg += 'File size: ' + data['fileSize'] + 'KB\n';

msg += 'Last modified: ' + data['fileDate'];

alert( msg );

}

</script>

</head>

<div class="page-container"><!-- add class "sidebar-collapsed" to close sidebar by default,

"chat-visible" to make chat appear always -->

<a href="<?php echo HTTP_SERVER_ADMIN; ?>index.php">

<h4 style="color:#FFFFFF;"><?php echo $_SESSION['admin_title']; ?></h4>

<h4 style="color:#FFFFFF;">後台管理系統</h4>

</a>

</div>

<a href="#" class="sidebar-collapse-icon with-animation"><!-- add class

"with-animation" if you want sidebar to have animation during expanding/collapsing transition -->

</a>

</div>

</a>

</div>

</header>

<?php require(DIR_TEMPLATES . 'sidebar.php'); ?>

</div>

<?php require(DIR_TEMPLATES . 'header.php'); ?>

<i class="entypo-home"></i>後台管理系統</li>

</ol>

</div>

</div>

<!--<footer class="main">

</footer>-->

</div>

在文檔中 IP監測及檔案風險為基礎以設計可信任的雲端平台之研究 (頁 47-175)