政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/56890
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113392/144379 (79%)
造訪人次 : 51208416      線上人數 : 888
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    政大機構典藏 > 資訊學院 > 資訊科學系 > 學位論文 >  Item 140.119/56890
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/56890


    題名: 雲端運算環境下檔案更新管理之安全性研究
    A study on the security of patch management in a cloud computing environment
    作者: 簡禎儀
    貢獻者: 左瑞麟
    簡禎儀
    關鍵詞: 雲端安全
    虛擬主機映像檔
    更新檔管理
    Cloud security
    Virtual machine image
    Patch management
    日期: 2012
    上傳時間: 2013-02-01 16:53:39 (UTC+8)
    摘要: 隨著雲端運算盛行,企業採用大量虛擬主機來取代實體機器,虛擬主
    機有效率的模擬實體機器達到企業減少能源耗損與提高成本效率目
    標。 文中提及虛擬主機映像檔目錄系統(VMIC)主要讓使用者能有效
    率搜尋期望的檔案並獲得下載的實體位置,故本論文研究重點著重在
    改進安全性在原 VMIC 系統,應用 Pakiti 監控系統來掌握更新檔狀況
    於實體機器或虛擬機器環境,使資安人員能在短期間內獲得正確資
    訊,及時升級更新檔避免攻擊災害發生。
    As cloud computing techniques advance, Virtual Machines (VM)
    seems to be an appropriate solution than physical machine deployment. Having multiple instances of virtual machines cause more efficient use of computing resources to achieve the aim of energy consumption and cost effectiveness. In this thesis, Virtual Machine Image Catalogue (VMIC) is designed for helping users search and acquire expected virtual machine images promptly. Nevertheless, security of VMIC is also a crucial task to keep systems up-to-date and defends against security attacks. Pakiti is adopted to monitor patch status of physical and virtual machines, and
    schedules the warning information to remind security staffs to update the patches.
    參考文獻: [1] Cloud computing. http://en.wikipedia.org/wiki/Cloud_computing.
    [2] M. Armbrust, A. Fox, R. Griffith, and et al. 2009. Above the Clouds: A Berkeley View of Cloud Computing.
    http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html.
    [3] I. Foster, Y. Zhao, I. Raicu, S. Lu. 2008. Cloud Computing and Grid Computing 360-Degree Compared. Grid Computing Environment Workshop.
    [4] P. Mell, T. Grance. 2011. Effectively and Security Using the Cloud Computing Paradigm. The National Institute of Standards and Technology.
    [5] Cloud computing security.http://en.wikipedia.org/wiki/Cloud_computing_security.
    [6] Virtualization . http://en.wikipedia.org/wiki/Virtualization.
    [7] 陳瀅(2010)。雲端策略。 台北:天下。
    [8] Gerald J. Popek. 1974. Formal Requirements for Virtualizable Third Generation Architectures. Magazine Communications of the ACM Volume 17 Issue 7, Pages 412-421.
    [9] Virtual Machine. http://en.wikipedia.org/wiki/Virtual_machine.
    [10] KVM. http://www.linux-kvm.org/page/Main_Page.
    [11] Kernel based Virtual Machine.
    http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine.
    [12] Oracle VM VirtualBox. https://www.virtualbox.org/.
    [13] Oracle VM VirtualBox. http://en.wikipedia.org/wiki/VirtualBox.
    [14] VMWare. http://www.vmware.com/.
    [15] VMWare. http://en.wikipedia.org/wiki/VMware.
    [16] Xen. http://en.wikipedia.org/wiki/Xen.
    [17] XEN. http://www.xen.org/.
    [18] R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, U. Schwickerath. 2009. Image Distribution Mechanisms in Large Scale Cloud Providers. 2nd IEEE International Conference on Cloud Computing Technology and Science.
    [19] Academia Sinica Grid Center (ASGC). http://www.twgrid.org/en/.
    [20] Distributed Cloud of ASGC. 2012. The International Symposium on Grid Computing.
    [21] The High Energy Physics Unix Information Exchange. https://www.hepix.org/.
    [22] The HEPiX Virtualisation Working Group. http://w3.hepix.org/virtualization/.
    [23] StratusLab. http://stratuslab.eu/doku.php/start.
    [24] M. Vlieta , A. Agarwala , M. Andersona , P. Armstronga , A. Charbonneaub ,
    K. Franshama b , I. Gablea , D. Harrisa , R. Impeyb , C. Leavett-Browna , M. Patersona , W.Podaimab , R.J. Sobiea. 2011. Repoman: A Simple RESTful X.509 Virtual MAchine Image Repository. International Symposium on Grid and Clouds and Open Grid Forum 31.
    [25] EGI European Grid Infrastructure. http://www.egi.eu/.
    [26] EGI Strategy and Policy. http://www.egi.eu/about/policy/index.html.
    [27] Security Policy For The Endorsement and Operation of Virtual Machine Images. https://documents.egi.eu/document/771
    [28] L. Zhang, D. Zhang et al., 2010. Live Digital Forensics in a Virtual Machine. International Conference on Computer Application and System Modeling.
    [29] HEPiX Virtualsation Working Group report.
    [30] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning. 2009. Managing Security of Virtual Machine Images in a Cloud Environment. CCSW.
    [31] Wayne A. Jansen, NIST. 2011. Cloud Hooks: Security and Privacy Issues in Cloud Computing. The 44th Hawaii International Conference on System Sciences.
    [32] Scientific Linux CERN6. http://linux.web.cern.ch/linux/scientific6/.
    [33] OpenStack. http://www.openstack.org/.
    [34] U. Schwickerath, B. Moreira, J. Chien, V. Sharma. 2011. CloudMan and VMIC projects overview. HEPiX Fall.
    [35] DESY. http://www.desy.de/index_eng.html.
    [36] BitTorrent. http://en.wikipedia.org/wiki/BitTorrent.
    [37] Keystone. http://docs.openstack.org/developer/keystone/.
    [38] D. Hyde. 2009. A Survey on the Security of Virtual Machines.
    [39] Patch (computing). http://en.wikipedia.org/wiki/Patch_(computing).
    [40] M. Prochazka, D. Kouril, R. Wartel, C. Kanellopoulos, C. Triantafyllidis. 2011. A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster than Attackers, in Proceedings of Science (PoS). International Symposium on Grid and Clouds. [41] Pakiti. http://pakiti.sourceforge.net/.
    [42] The MITRE Corporation, “Open Vulnerability and Assessment Language”. http://oval.mitre.org/language/.
    [43] MITRE. http://www.mitre.org/.
    [44] Common Vulnerabilities and Exposures , CVE. http://cve.mitre.org/.
    [45] M. Ma, M. Prochazka, D. Kouril et al. 2012. EGI Security Monitoring, in Proceedings of Science (PoS). International Symposium on Grid and Clouds.
    [46] Nagios. http://www.nagios.org/.
    [47] W. Zhou, P. Ning, X. Zhang et al. 2010. Always Up-to-date-Scalable Offline Patch of VM Images in a Compute Cloud. ACSAC.
    [48] Chroot. http://en.wikipedia.org/wiki/Chroot.
    [49] Horizon. http://docs.openstack.org/developer/horizon/.
    [50] B.Ross, C. Jackson et al. 2005. Stronger Password Authentication Using browser extensions.
    [51] A. Choudhury, P. Kumar et al. 2011. A Strong User Authentication Framework for Cloud Computing. IEEE Asia-Pacific Services Computing Conference.
    [52] R. Warschofsky, M. Menzel, C. Meinel. 2011. Automated Security Service Orchestration for the Identity Management in Web Service based Systems. IEEE Asia-Pacific Services Computing Conference.
    [53] S. Luo, J. Hu and Z. Chen. 2009. An Identity-Based One-Time Password Scheme with Anonymous Authentication. International Conference on Networks Security, Wireless Communications and Trusted Computing.
    [54] L. Jin, H. Takabi, J. Joshi . 2010. Security and Privacy Risks of Using E-mail Address as an Identity pp.906-913. IEEE International Conference on Social Computing.
    [55] Reeder, R.W. 2011. When the Password Doesn`t Work Secondary Authentication for Websites Volume: 9, Issue: 2, Page43- 49. The IEEE Computer and Reliability Societies.
    [56] S. Schechter, S.Egelman, R. Reeder. 2009. It’s Not What You Know, But Who You Know - A social approach to last-resort authentication, CHI.
    描述: 碩士
    國立政治大學
    資訊科學學系
    98971018
    101
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G0989710181
    資料類型: thesis
    顯示於類別:[資訊科學系] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    018101.pdf3016KbAdobe PDF2871檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋