大数据环境下密码资源池多租户安全隔离研究-《计算机技术与发展》

文章信息/Info

Title:: Research on Multi-tenant Security Isolation of Cryptographic Resource Pool in Big Data Environment

Author(s):: GAO Xiu-wu; LIU Wen-li; GAO Heng-zhen; LIU Ming-da; Jiangnan Institute of Computing Technology,Wuxi 214083,China

Keywords:: big data environment; cryptographic resource pool; multi-tenant isolation; VxLAN

摘要:: 大数据与云计算的快速发展,共同创造了一种数据规模极大、计算存储高效、资源共享的大数据环境。大数据环境下隐私数据保护、多租户模式等对密码服务的需求发生改变,促使密码技术向“密码资源池化”发展。在研究了大数据环境下密码资源池组成结构与应用场景的基础上,分析了大数据环境下多租户密码服务整个生命周期的安全隔离需求, 同时研究了 OpenFlow 软件定义网络技术以及 VxLAN 网络虚拟化技术。针对大数据环境下密码资源池多租户密码服务安全隔离问题,提出一种将密码服务请求与密码任务执行相分离的服务机制,基于 VxLAN 技术实现网络隔离的密码资源池多租户安全隔离模型,实现租户密码资源与租户业务环境同属于一个安全域,从而确保大数据环境下密码资源池多租户密码服务的安全隔离。

Abstract:: The rapid development of big data and cloud computing has jointly created a kind of big data environment with large data scale,efficient computing storage and resource sharing. In the big data environment,privacy data protection,multi-tenant and other issues change the cryptographic service requirements,which promotes the development of password technology to “cryptographic resource pool”. Based on the study of the structure and application scenarios of the resource pool under the large data environment,we analyze the security isolation requirements of the multi-tenant cryptographic service. At the same time we study the OpenFlow software definition network technology and the VxLAN network virtualization technology. Aiming at the security isolation of the multi-tenant cryptographic service of the cryptographic resource pool in the big data environment,we put forward a service mechanism of separating cryptographic service request and cryptographic task execution and realize a multi-tenant network isolation model of cryptographic resource pool based on VxLAN technology to achieve network isolation. The implementation of tenant cryptographic resource and tenant working environment belongs to the same security domain,ensuring security isolation of multi-tenant cryptographic service in the big data environment.