中文版开源和云计算 - 大规模的按需、创新型 IT.pdf--Sun公司的WhitePaper

开源云计算产品咄咄逼人由于开源社区的创新活动非常活跃，开源产品在众多的细分市场中正蓄势待发。

由于在桌面操作系统领域已经打下了良好的基础，开源软件目前正在成为云计算领域中的一支重要力量。

开源软件还有很长的一段路要走，而云计算似乎是感受其深刻影响的最新市场潜力。

开源海洋中的第一波几年前，各种创业公司开始了第一波的开源云计算平台开发，其中众多的产品都是基于公共云计算的Amazon网络服务（AWS）的。

让我们来看看一些主要的开源云计算产品吧。

Eucalyptus系统公司源于2007年加州大学的一个研究项目，该公司从2009年就开始提供云计算技术了。

而Eucalyptus云计算平台包括了虚拟化IT基础设施以创建用于计算、网络和存储目的的云计算资源。

曾经是Amazon公司云计算团队一员的Chris Pinkham和Willem van Biljon在风险基金的支持下于2009年创建了Nimbula公司，这家公司也已成为了开源云计算市场中另一个知名的公司。

该公司开发了一个云计算操作系统，这个操作系统融公共云计算的可扩展性与操作高效性和企业数据中心的可靠性、安全性和可信性于一体。

这一方法能够很好地为某些类型的企业提供服务。

AWS开源解决方案很好地满足了超小型企业的需求，但是大部分的企业都在为他们的私有云计算寻找更为复杂的解决方案，451研究中心企业软件组的分析师Jay Lyman说。

很多替代产品也已出现。

云计算平台产品成为开源云计算产品的开路先锋Citrix系统公司在2011年七月收购了，后者推出了一套旨在帮助企业和云计算供应商部署和管理可扩展、安全和开放云计算服务的应用程序编程接口（API）。

最终，Citrix公司在Apache许可证2.0版本下将CloudPlatform API的控制移至Apache Foundation。

CloudPlatform走出了一条有别于其他公司、其他模式的路。

ISWest 公司是一家位于洛杉矶附近的区域性互联网服务供应商（ISP），它从1996年开始提供拨号互联网服务开始，发展到提供各种网络服务以及配套的应用解决方案，例如电子邮件托管。

开源PaaS技术手册开源PaaS技术手册开源业界向来不太平，关于诸多技术的开源未来足以让很多粉丝兴奋躁动起来。

商业软件开始揉进开源技术，开源技术也成为IT大佬们得基础架构，这一种趋势蔓延的缓慢有有力。

在广告漫天飞得云计算中，开源的分量有多重？是否走向云端就意味着走向开源？开源的PaaS如何选择？如何为开源项目现则PaaS厂商？哪些服务平台值得我们关注，下面我们一一来揭晓。

云计算架构综述如今，云计算结合了很多既有的分布式软件技术以及较新的面向Web架构。

在某种程度上，云可以被看作是以前很“火”的计算架构（比如网格计算和按需计算）的一个大规模可伸缩版本，尽管它更加依赖于现代的虚拟化技术。

下面我们来看看云计算的总体架构。

云计算架构综述：早期架构云计算架构综述：PaaS的发展和API走向云端意味着走向开源？开源PaaS在一个开源项目中，如果有一件事让志愿开发者讨厌，这件辛苦的任务就是：安装、维护、任何对于写代码造成分心的事情，那么如何缓解呢？平台即服务（PaaS）的开源选择同样也很让人头痛。

下面我们来看看如何选择合适的PaaS。

开源平台即服务（PaaS）知多少为开源项目寻求合适的PaaS选择PaaS提供商理解需求是关键iPaaS、和JBoss如果你还不熟悉“iPaaS”——集成平台即服务，最好花时间去学习一下。

因为它将会成为未来集成的一部分。

另外，在云计算平台即服务（PaaS）中独树一帜。

红帽JBoss World 2011会议上，云计算平台即服务（PaaS）和信息即服务（IaaS）产品有过多次探讨,此项运动展示了开源中间件公司努力的使其产品在云计算架构中更多地被提及。

Gartner：iPaaS粉墨登场平台开发初级指南中间件在路上：红帽的PaaS和IaaS之路云计算架构综述：早期架构如今，云计算结合了很多既有的分布式软件技术以及较新的面向Web架构。

在某种程度上，云可以被看作是以前很“火”的计算架构（比如网格计算和按需计算）的一个大规模可伸缩版本——尽管它更加依赖于现代的虚拟化技术。

第一讲：云计算概述1 什么是云计算？云计算是一种能够将动态伸缩的虚拟化资源通过互联网以服务的方式提供给用户的计算模式。

根据云提供的服务类型，可以划分为基础设施云、平台云、应用云。

根据云的服务方式，可以划分为公有云、私有云、混合云。

2 云计算的优势？○1优化产业布局–成本关键由硬件成本转为电力成本、散热成本–分散的、高能耗模式转变为集中的、资源友好的模式–自给自足资源作坊转变为规模效应的工业化资源工厂○2推进专业分工–专业的大型云计算厂商–实力雄厚的科研技术团队推动硬件技术革新–具有丰富知识和经验的维护管理团队和配套软件–产业链中的新产业契机○3提升资源利用率–更加高效的解决常规业务–更好的应对突发任务或事件–更加平衡的资源分配和负载○4减少初期投资–更少的IT基础设施投入–更少的软件投入–更少的人力投入–更短的培训周期–更灵活的转型支持○5降低管理开销–服务化管理–无需自己建立维护管理团队–随需应变的解决方案–知识、经验更加丰富的管理队伍–通过业务模块的可配置提高系统的灵活性3 云计算的动因？○1芯片与硬件技术–硬件能力的激增、成本的大幅下降，使得独立运作的公司集中客观的硬件能力实现规模效益成为可能○2资源虚拟化–资源在云端，需要被统一的管理–异构硬件、兼容性问题–虚拟化技术○3应用需求○3面向服务的架构SOA–开放式数据模型–统一通信标准–更加丰富的服务–更加松散耦合、灵活的IT架构–转变了人们对IT系统的认识○4软件即服务SaaS–转变了人们使用服务的方式–使得终端用户熟悉服务的交互模式–改变了IT界的商业模式–实力雄厚的大公司负责基础设施，小企业通过创新挖掘充满潜力的市场–“长尾理论”○5互联网技术–基础设施–多种接入方式–更加广阔的覆盖–带宽和可靠性得到大幅提升–使得IT新模式的稳定性、可靠性、安全性、可用性、灵活性、可管理性、自动化程度、节能环保等得到保障○6Web2.0技术–用户从信息的获得者变成信息的贡献者–博客（微博）、内容聚合、百科全书（Wiki）、社交网络、对等网络（P2P）–富互联网应用（Rich Internet Application）成为网络应用发展的趋势–改变了人们的生活方式–为云计算提出了内在需求4 查找资料：业界主流的云计算产品典型的云计算应用补充：1 云计算特征是什么？○1硬件和软件都是资源○2资源可以根据需要进行动态扩展与配置○3按用计费、无需管理○4物理上分布式共享，逻辑上以单一整体呈现2 云计算的发展历程？○1超级计算机○2集群计算○3分布式计算○4网格计算○5效用计算○6云计算第二讲：云服务1云服务的基本层次？云计算的基本层次分为三层，依次为IaaS, PaaS和SaaS。

都提供三份副本，当单份数据损坏后可实现数据的自动拷贝。

具体原理图见下图：
云服务器是弹性计算产品的核心部分。

它主要为用户提供计算能力服务创建并启动一台
阿里云服务器控制面板管理界面：
●安全组统一防火墙设置，设置简单。

组内机器默认互通，组内机器数限制200，组
如上图：云服务器的整个生命周期，从云服务器的创建到释放。

远程管理方式
Linux 云服务器：通过ssh 公网IP 的方式连接云服务器； Windows 云服务器：通过远程桌面的方式连接云服务器； 操作系统选择
用户提交购买云服务器订单
资源套餐选择 带宽选择
操作系统选择
创建云服务器 查询可用公网IP
云服务器绑定公网IP
关闭云服务器 启动云服务器 重启云服务器 释放云服务器。

云计算外文翻译参考文献(文档含中英文对照即英文原文和中文翻译)原文:Technical Issues of Forensic Investigations in Cloud Computing EnvironmentsDominik BirkRuhr-University BochumHorst Goertz Institute for IT SecurityBochum, GermanyRuhr-University BochumHorst Goertz Institute for IT SecurityBochum, GermanyAbstract—Cloud Computing is arguably one of the most discussedinformation technologies today. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to the cloud. One of their main concerns is Cloud Security and the threat of the unknown. Cloud Service Providers(CSP) encourage this perception by not letting their customers see what is behind their virtual curtain. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. Cloud Forensics constitutes a new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed cloud environments. We contribute by assessing whether it is possible for the customer of cloud computing services to perform a traditional digital investigation from a technical point of view. Furthermore we discuss possible solutions and possible new methodologies helping customers to perform such investigations.I. INTRODUCTIONAlthough the cloud might appear attractive to small as well as to large companies, it does not come along without its own unique problems. Outsourcing sensitive corporate data into the cloud raises concerns regarding the privacy and security of data. Security policies, companies main pillar concerning security, cannot be easily deployed into distributed, virtualized cloud environments. This situation is further complicated by the unknown physical location of the companie’s assets. Normally,if a security incident occurs, the corporate security team wants to be able to perform their own investigation without dependency on third parties. In the cloud, this is not possible anymore: The CSP obtains all the power over the environmentand thus controls the sources of evidence. In the best case, a trusted third party acts as a trustee and guarantees for the trustworthiness of the CSP. Furthermore, the implementation of the technical architecture and circumstances within cloud computing environments bias the way an investigation may be processed. In detail, evidence data has to be interpreted by an investigator in a We would like to thank the reviewers for the helpful comments and Dennis Heinson (Center for Advanced Security Research Darmstadt - CASED) for the profound discussions regarding the legal aspects of cloud forensics. proper manner which is hardly be possible due to the lackof circumstantial information. For auditors, this situation does not change: Questions who accessed specific data and information cannot be answered by the customers, if no corresponding logs are available. With the increasing demand for using the power of the cloud for processing also sensible information and data, enterprises face the issue of Data and Process Provenance in the cloud [10]. Digital provenance, meaning meta-data that describes the ancestry or history of a digital object, is a crucial feature for forensic investigations. In combination with a suitable authentication scheme, it provides information about who created and who modified what kind of data in the cloud. These are crucial aspects for digital investigations in distributed environments such as the cloud. Unfortunately, the aspects of forensic investigations in distributed environment have so far been mostly neglected by the research community. Current discussion centers mostly around security, privacy and data protection issues [35], [9], [12]. The impact of forensic investigations on cloud environments was little noticed albeit mentioned by the authors of [1] in 2009: ”[...] to our knowledge, no research has been published on how cloud computing environments affect digital artifacts,and on acquisition logistics and legal issues related to cloud computing env ironments.” This statement is also confirmed by other authors [34], [36], [40] stressing that further research on incident handling, evidence tracking and accountability in cloud environments has to be done. At the same time, massive investments are being made in cloud technology. Combined with the fact that information technology increasingly transcendents peoples’ private and professional life, thus mirroring more and more of peoples’actions, it becomes apparent that evidence gathered from cloud environments will be of high significance to litigation or criminal proceedings in the future. Within this work, we focus the notion of cloud forensics by addressing the technical issues of forensics in all three major cloud service models and consider cross-disciplinary aspects. Moreover, we address the usability of various sources of evidence for investigative purposes and propose potential solutions to the issues from a practical standpoint. This work should be considered as a surveying discussion of an almost unexplored research area. The paper is organized as follows: We discuss the related work and the fundamental technical background information of digital forensics, cloud computing and the fault model in section II and III. In section IV, we focus on the technical issues of cloud forensics and discuss the potential sources and nature of digital evidence as well as investigations in XaaS environments including thecross-disciplinary aspects. We conclude in section V.II. RELATED WORKVarious works have been published in the field of cloud security and privacy [9], [35], [30] focussing on aspects for protecting data in multi-tenant, virtualized environments. Desired security characteristics for current cloud infrastructures mainly revolve around isolation of multi-tenant platforms [12], security of hypervisors in order to protect virtualized guest systems and secure network infrastructures [32]. Albeit digital provenance, describing the ancestry of digital objects, still remains a challenging issue for cloud environments, several works have already been published in this field [8], [10] contributing to the issues of cloud forensis. Within this context, cryptographic proofs for verifying data integrity mainly in cloud storage offers have been proposed,yet lacking of practical implementations [24], [37], [23]. Traditional computer forensics has already well researched methods for various fields of application [4], [5], [6], [11], [13]. Also the aspects of forensics in virtual systems have been addressed by several works [2], [3], [20] including the notionof virtual introspection [25]. In addition, the NIST already addressed Web Service Forensics [22] which has a huge impact on investigation processes in cloud computing environments. In contrast, the aspects of forensic investigations in cloud environments have mostly been neglected by both the industry and the research community. One of the first papers focusing on this topic was published by Wolthusen [40] after Bebee et al already introduced problems within cloud environments [1]. Wolthusen stressed that there is an inherent strong need for interdisciplinary work linking the requirements and concepts of evidence arising from the legal field to what can be feasibly reconstructed and inferred algorithmically or in an exploratory manner. In 2010, Grobauer et al [36] published a paper discussing the issues of incident response in cloud environments - unfortunately no specific issues and solutions of cloud forensics have been proposed which will be done within this work.III. TECHNICAL BACKGROUNDA. Traditional Digital ForensicsThe notion of Digital Forensics is widely known as the practice of identifying, extracting and considering evidence from digital media. Unfortunately, digital evidence is both fragile and volatile and therefore requires the attention of special personnel and methods in order to ensure that evidence data can be proper isolated and evaluated. Normally, the process of a digital investigation can be separated into three different steps each having its own specificpurpose:1) In the Securing Phase, the major intention is the preservation of evidence for analysis. The data has to be collected in a manner that maximizes its integrity. This is normally done by a bitwise copy of the original media. As can be imagined, this represents a huge problem in the field of cloud computing where you never know exactly where your data is and additionallydo not have access to any physical hardware. However, the snapshot technology, discussed in section IV-B3, provides a powerful tool to freeze system states and thus makes digital investigations, at least in IaaS scenarios, theoretically possible.2) We refer to the Analyzing Phase as the stage in which the data is sifted and combined. It is in this phase that the data from multiple systems or sources is pulled together to create as complete a picture and event reconstruction as possible. Especially in distributed system infrastructures, this means that bits and pieces of data are pulled together for deciphering the real story of what happened and for providing a deeper look into the data.3) Finally, at the end of the examination and analysis of the data, the results of the previous phases will be reprocessed in the Presentation Phase. The report, created in this phase, is a compilation of all the documentation and evidence from the analysis stage. The main intention of such a report is that it contains all results, it is complete and clear to understand. Apparently, the success of these three steps strongly depends on the first stage. If it is not possible to secure the complete set of evidence data, no exhaustive analysis will be possible. However, in real world scenarios often only a subset of the evidence data can be secured by the investigator. In addition, an important definition in the general context of forensics is the notion of a Chain of Custody. This chain clarifies how and where evidence is stored and who takes possession of it. Especially for cases which are brought to court it is crucial that the chain of custody is preserved.B. Cloud ComputingAccording to the NIST [16], cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal CSP interaction. The new raw definition of cloud computing brought several new characteristics such as multi-tenancy, elasticity, pay-as-you-go and reliability. Within this work, the following three models are used: In the Infrastructure asa Service (IaaS) model, the customer is using the virtual machine provided by the CSP for installing his own system on it. The system can be used like any other physical computer with a few limitations. However, the additive customer power over the system comes along with additional security obligations. Platform as a Service (PaaS) offerings provide the capability to deploy application packages created using the virtual development environment supported by the CSP. For the efficiency of software development process this service model can be propellent. In the Software as a Service (SaaS) model, the customer makes use of a service run by the CSP on a cloud infrastructure. In most of the cases this service can be accessed through an API for a thin client interface such as a web browser. Closed-source public SaaS offers such as Amazon S3 and GoogleMail can only be used in the public deployment model leading to further issues concerning security, privacy and the gathering of suitable evidences. Furthermore, two main deployment models, private and public cloud have to be distinguished. Common public clouds are made available to the general public. The corresponding infrastructure is owned by one organization acting as a CSP and offering services to its customers. In contrast, the private cloud is exclusively operated for an organization but may not provide the scalability and agility of public offers. The additional notions of community and hybrid cloud are not exclusively covered within this work. However, independently from the specific model used, the movement of applications and data to the cloud comes along with limited control for the customer about the application itself, the data pushed into the applications and also about the underlying technical infrastructure.C. Fault ModelBe it an account for a SaaS application, a development environment (PaaS) or a virtual image of an IaaS environment, systems in the cloud can be affected by inconsistencies. Hence, for both customer and CSP it is crucial to have the ability to assign faults to the causing party, even in the presence of Byzantine behavior [33]. Generally, inconsistencies can be caused by the following two reasons:1) Maliciously Intended FaultsInternal or external adversaries with specific malicious intentions can cause faults on cloud instances or applications. Economic rivals as well as former employees can be the reason for these faults and state a constant threat to customers and CSP. In this model, also a malicious CSP is included albeit he isassumed to be rare in real world scenarios. Additionally, from the technical point of view, the movement of computing power to a virtualized, multi-tenant environment can pose further threads and risks to the systems. One reason for this is that if a single system or service in the cloud is compromised, all other guest systems and even the host system are at risk. Hence, besides the need for further security measures, precautions for potential forensic investigations have to be taken into consideration.2) Unintentional FaultsInconsistencies in technical systems or processes in the cloud do not have implicitly to be caused by malicious intent. Internal communication errors or human failures can lead to issues in the services offered to the costumer(i.e. loss or modification of data). Although these failures are not caused intentionally, both the CSP and the customer have a strong intention to discover the reasons and deploy corresponding fixes.IV. TECHNICAL ISSUESDigital investigations are about control of forensic evidence data. From the technical standpoint, this data can be available in three different states: at rest, in motion or in execution. Data at rest is represented by allocated disk space. Whether the data is stored in a database or in a specific file format, it allocates disk space. Furthermore, if a file is deleted, the disk space is de-allocated for the operating system but the data is still accessible since the disk space has not been re-allocated and overwritten. This fact is often exploited by investigators which explore these de-allocated disk space on harddisks. In case the data is in motion, data is transferred from one entity to another e.g. a typical file transfer over a network can be seen as a data in motion scenario. Several encapsulated protocols contain the data each leaving specific traces on systems and network devices which can in return be used by investigators. Data can be loaded into memory and executed as a process. In this case, the data is neither at rest or in motion but in execution. On the executing system, process information, machine instruction and allocated/de-allocated data can be analyzed by creating a snapshot of the current system state. In the following sections, we point out the potential sources for evidential data in cloud environments and discuss the technical issues of digital investigations in XaaS environmentsas well as suggest several solutions to these problems.A. Sources and Nature of EvidenceConcerning the technical aspects of forensic investigations, the amount of potential evidence available to the investigator strongly diverges between thedifferent cloud service and deployment models. The virtual machine (VM), hosting in most of the cases the server application, provides several pieces of information that could be used by investigators. On the network level, network components can provide information about possible communication channels between different parties involved. The browser on the client, acting often as the user agent for communicating with the cloud, also contains a lot of information that could be used as evidence in a forensic investigation. Independently from the used model, the following three components could act as sources for potential evidential data.1) Virtual Cloud Instance: The VM within the cloud, where i.e. data is stored or processes are handled, contains potential evidence [2], [3]. In most of the cases, it is the place where an incident happened and hence provides a good starting point for a forensic investigation. The VM instance can be accessed by both, the CSP and the customer who is running the instance. Furthermore, virtual introspection techniques [25] provide access to the runtime state of the VM via the hypervisor and snapshot technology supplies a powerful technique for the customer to freeze specific states of the VM. Therefore, virtual instances can be still running during analysis which leads to the case of live investigations [41] or can be turned off leading to static image analysis. In SaaS and PaaS scenarios, the ability to access the virtual instance for gathering evidential information is highly limited or simply not possible.2) Network Layer: Traditional network forensics is knownas the analysis of network traffic logs for tracing events that have occurred in the past. Since the different ISO/OSI network layers provide several information on protocols and communication between instances within as well as with instances outside the cloud [4], [5], [6], network forensics is theoretically also feasible in cloud environments. However in practice, ordinary CSP currently do not provide any log data from the network components used by the customer’s instances or applications. For instance, in case of a malware infection of an IaaS VM, it will be difficult for the investigator to get any form of routing information and network log datain general which is crucial for further investigative steps. This situation gets even more complicated in case of PaaS or SaaS. So again, the situation of gathering forensic evidence is strongly affected by the support the investigator receives from the customer and the CSP.3) Client System: On the system layer of the client, it completely depends on the used model (IaaS, PaaS, SaaS) if and where potential evidence could beextracted. In most of the scenarios, the user agent (e.g. the web browser) on the client system is the only application that communicates with the service in the cloud. This especially holds for SaaS applications which are used and controlled by the web browser. But also in IaaS scenarios, the administration interface is often controlled via the browser. Hence, in an exhaustive forensic investigation, the evidence data gathered from the browser environment [7] should not be omitted.a) Browser Forensics: Generally, the circumstances leading to an investigation have to be differentiated: In ordinary scenarios, the main goal of an investigation of the web browser is to determine if a user has been victim of a crime. In complex SaaS scenarios with high client-server interaction, this constitutes a difficult task. Additionally, customers strongly make use of third-party extensions [17] which can be abused for malicious purposes. Hence, the investigator might want to look for malicious extensions, searches performed, websites visited, files downloaded, information entered in forms or stored in local HTML5 stores, web-based email contents and persistent browser cookies for gathering potential evidence data. Within this context, it is inevitable to investigate the appearance of malicious JavaScript [18] leading to e.g. unintended AJAX requests and hence modified usage of administration interfaces. Generally, the web browser contains a lot of electronic evidence data that could be used to give an answer to both of the above questions - even if the private mode is switched on [19].B. Investigations in XaaS EnvironmentsTraditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered [11]. In a distributed infrastructure organization like the cloud computing environment, investigators are confronted with an entirely different situation. They have no longer the option of seizing physical data storage. Data and processes of the customer are dispensed over an undisclosed amount of virtual instances, applications and network elements. Hence, it is in question whether preliminary findings of the computer forensic community in the field of digital forensics apparently have to be revised and adapted to the new environment. Within this section, specific issues of investigations in SaaS, PaaS and IaaS environments will be discussed. In addition, cross-disciplinary issues which affect several environments uniformly, will be taken into consideration. We also suggest potential solutions to the mentioned problems.1) SaaS Environments: Especially in the SaaS model, the customer does notobtain any control of the underlying operating infrastructure such as network, servers, operating systems or the application that is used. This means that no deeper view into the system and its underlying infrastructure is provided to the customer. Only limited userspecific application configuration settings can be controlled contributing to the evidences which can be extracted fromthe client (see section IV-A3). In a lot of cases this urges the investigator to rely on high-level logs which are eventually provided by the CSP. Given the case that the CSP does not run any logging application, the customer has no opportunity to create any useful evidence through the installation of any toolkit or logging tool. These circumstances do not allow a valid forensic investigation and lead to the assumption that customers of SaaS offers do not have any chance to analyze potential incidences.a) Data Provenance: The notion of Digital Provenance is known as meta-data that describes the ancestry or history of digital objects. Secure provenance that records ownership and process history of data objects is vital to the success of data forensics in cloud environments, yet it is still a challenging issue today [8]. Albeit data provenance is of high significance also for IaaS and PaaS, it states a huge problem specifically for SaaS-based applications: Current global acting public SaaS CSP offer Single Sign-On (SSO) access control to the set of their services. Unfortunately in case of an account compromise, most of the CSP do not offer any possibility for the customer to figure out which data and information has been accessed by the adversary. For the victim, this situation can have tremendous impact: If sensitive data has been compromised, it is unclear which data has been leaked and which has not been accessed by the adversary. Additionally, data could be modified or deleted by an external adversary or even by the CSP e.g. due to storage reasons. The customer has no ability to proof otherwise. Secure provenance mechanisms for distributed environments can improve this situation but have not been practically implemented by CSP [10]. Suggested Solution: In private SaaS scenarios this situation is improved by the fact that the customer and the CSP are probably under the same authority. Hence, logging and provenance mechanisms could be implemented which contribute to potential investigations. Additionally, the exact location of the servers and the data is known at any time. Public SaaS CSP should offer additional interfaces for the purpose of compliance, forensics, operations and security matters to their customers. Through an API, the customers should have the ability to receive specific information suchas access, error and event logs that could improve their situation in case of aninvestigation. Furthermore, due to the limited ability of receiving forensic information from the server and proofing integrity of stored data in SaaS scenarios, the client has to contribute to this process. This could be achieved by implementing Proofs of Retrievability (POR) in which a verifier (client) is enabled to determine that a prover (server) possesses a file or data object and it can be retrieved unmodified [24]. Provable Data Possession (PDP) techniques [37] could be used to verify that an untrusted server possesses the original data without the need for the client to retrieve it. Although these cryptographic proofs have not been implemented by any CSP, the authors of [23] introduced a new data integrity verification mechanism for SaaS scenarios which could also be used for forensic purposes.2) PaaS Environments: One of the main advantages of the PaaS model is that the developed software application is under the control of the customer and except for some CSP, the source code of the application does not have to leave the local development environment. Given these circumstances, the customer obtains theoretically the power to dictate how the application interacts with other dependencies such as databases, storage entities etc. CSP normally claim this transfer is encrypted but this statement can hardly be verified by the customer. Since the customer has the ability to interact with the platform over a prepared API, system states and specific application logs can be extracted. However potential adversaries, which can compromise the application during runtime, should not be able to alter these log files afterwards. Suggested Solution:Depending on the runtime environment, logging mechanisms could be implemented which automatically sign and encrypt the log information before its transfer to a central logging server under the control of the customer. Additional signing and encrypting could prevent potential eavesdroppers from being able to view and alter log data information on the way to the logging server. Runtime compromise of an PaaS application by adversaries could be monitored by push-only mechanisms for log data presupposing that the needed information to detect such an attack are logged. Increasingly, CSP offering PaaS solutions give developers the ability to collect and store a variety of diagnostics data in a highly configurable way with the help of runtime feature sets [38].3) IaaS Environments: As expected, even virtual instances in the cloud get compromised by adversaries. Hence, the ability to determine how defenses in the virtual environment failed and to what extent the affected systems havebeen compromised is crucial not only for recovering from an incident. Also forensic investigations gain leverage from such information and contribute to resilience against future attacks on the systems. From the forensic point of view, IaaS instances do provide much more evidence data usable for potential forensics than PaaS and SaaS models do. This fact is caused throughthe ability of the customer to install and set up the image for forensic purposes before an incident occurs. Hence, as proposed for PaaS environments, log data and other forensic evidence information could be signed and encrypted before itis transferred to third-party hosts mitigating the chance that a maliciously motivated shutdown process destroys the volatile data. Although, IaaS environments provide plenty of potential evidence, it has to be emphasized that the customer VM is in the end still under the control of the CSP. He controls the hypervisor which is e.g. responsible for enforcing hardware boundaries and routing hardware requests among different VM. Hence, besides the security responsibilities of the hypervisor, he exerts tremendous control over how customer’s VM communicate with the hardware and theoretically can intervene executed processes on the hosted virtual instance through virtual introspection [25]. This could also affect encryption or signing processes executed on the VM and therefore leading to the leakage of the secret key. Although this risk can be disregarded in most of the cases, the impact on the security of high security environments is tremendous.a) Snapshot Analysis: Traditional forensics expect target machines to be powered down to collect an image (dead virtual instance). This situation completely changed with the advent of the snapshot technology which is supported by all popular hypervisors such as Xen, VMware ESX and Hyper-V.A snapshot, also referred to as the forensic image of a VM, providesa powerful tool with which a virtual instance can be clonedby one click including also the running system’s mem ory. Due to the invention of the snapshot technology, systems hosting crucial business processes do not have to be powered down for forensic investigation purposes. The investigator simply creates and loads a snapshot of the target VM for analysis(live virtual instance). This behavior is especially important for scenarios in which a downtime of a system is not feasible or practical due to existing SLA. However the information whether the machine is running or has been properly powered down is crucial [3] for the investigation. Live investigations of running virtual instances become more common providing evidence data that。

IBM云计算1 概述1.1什么是云？我们将云计算定义为是一个全面解决方案，在此解决方案中，所有的计算资源（硬件、软件、网络、存储等)均可根据命令指示快速提供给用户。

可以管理所提供的资源或服务，以确保可用性、安全和质量等。

这些解决方案的关键因素是它们能够扩展和收缩，使用户能够获取正好适合他们需求的资源:既不多也不少。

简而言之，云计算解决方案使IT 能够作为服务提供.1.2为什么要使用云？首先，云计算可以减少与提供IT 服务相关的成本。

通过仅在需要资源时获取资源并仅为所需的资源付费，可以减少资本和运营成本。

此外,通过减轻整个企业中与管理各种资源相关的某些负担，您的关键人员可以将工作重点更多地放在创造价值和业务创新上。

最后，云计算模型可提供业务灵活性.由于可以通过扩展或收缩整个IT 基础结构来满足要求,所以公司可以更加轻松地满足快速改变的市场需求，确保能够让其客户处于领先地位。

1.3云剖析有了可接受的云计算定义支持，现在我们看一下云的各个层。

图1 概括了云模型的三种规则组件。

该图精确地反映了IT 数量与成本、物理空间要求、维护、管理、管理监督和陈旧化相关的比例.另外，这些层不但可以表示云剖析,而且还表示一般的IT 剖析。

图1。

云剖析构成云的各层包括：应用程序服务日常Web 用户可能最熟悉该层。

该应用程序服务层驻留着适合SaaS 模型的应用程序.它们是一些运行在云中的应用程序，并按需求作为服务提供给用户。

有时这些服务是免费的，提供商从网络广告之类的项目中生成收入，有时应用程序提供商直接从使用服务中创造收入。

是不是听起来有些耳熟？可能如此,因为我们大家几乎都用过它们。

如果您用Turbo Tax 在线报过税，用GMail 或Yahoo Mail 查阅过您的邮件,或者用Google Calendar 安排过约会，则一定熟悉云的顶层。

它们只是这些类型的应用程序中的两个示例。

从实际记录上看有数千种SaaS 应用程序，使用Web 2.0 技术后，该数量还在日益增长。

中国云计算发展白皮书目录一、云计算产业发展概况 (1)（一）全球云计算市场稳定增长，我国公有云规模首超私有云 (1)（二）我国IaaS发展成熟，PaaS增长高速，SaaS潜力巨大 (3)（三）云技术不断推陈出新，云原生采纳率持续攀升 (5)（四）云计算使用率持续提升，分布式云初露头角 (6)（五）安全能力备受关注，原生云安全理念兴起 (7)（六）降本增效显著，云计算成数字化转型关键要素 (7)（七）利好政策不断加码，云计算成新基建重要组成 (9)二、云原生技术体系日臻成熟，构建数字中台底座 (10)（一）云原生重塑中间件产品 (10)（二）云原生如何更好的服务上层应用成焦点 (11)（三）云原生助力数字中台建设 (12)三、SaaS市场开始加速，将成企业上云重要抓手 (14)（一）国外SaaS市场模式成熟，国内SaaS蓄势待发 (14)（二）疫情推动SaaS服务迎来发展新机遇 (16)（三）SaaS直击企业痛点，加速中小企业应用上云 (18)（四）深耕行业，SaaS服务向平台化、智能化发展 (19)四、分布式云成云计算新形态，助力行业转型升级 (21)（一）云计算从中心向边缘延伸 (21)（二）云边协同成为分布式云的核心 (22)（三）云边协同助力行业应用转型升级 (25)五、原生云安全理念兴起，推动安全与云深度融合 (30)（一）云原生重塑IT架构，端到端安全风险引关注 (30)（二）原生云安全推动安全与云深度融合 (33)六、数字化转型旨在提高生产力，云化能力是关键 (40)（一）数字化转型核心是提高生产力，传统信息基础设施亟待升级 (40)（二）云计算加速数字化转型，显著提升企业生产力 (43)（三）IT云化管理平台作用凸显，技术服务助力企业转型升级 (45)七、云定位从基础资源向基建操作系统扩展，提升算力与网络水平 (48)（一）新基建概念明确，云计算既是基础资源也是操作系统 (48)（二）云计算加速网络变革，推动通信网络基础设施优化升级 (53)（三）云计算加强多种算力统一调度，提高算力基础设施资源利用率 (56)八、云计算发展展望 (58)图目录图1 全球云计算市场规模及增速 (2)图2 中国公有云市场规模及增速 (2)图3 中国私有云市场规模及增速 (3)图4 中国公有云细分市场规模及增速 (4)图5 2019年中国公有云IaaS市场份额占比 (4)图6 云计算技术成熟度曲线 (5)图7 中国云计算使用率情况 (6)图8 边缘计算应用情况 (6)图9 私有云安全投入占IT系统的比例 (7)图10 企业使用云计算降低的IT成本 (8)图11 企业应用云计算带来的效果 (8)图12 数字中台架构图 (14)图13 可信云企业级SaaS评估领域分布情况 (15)图14 分布式云架构图 (22)图15 视频云行业图谱 (26)图16 原生云安全架构 (33)图17 可信研发运营安全体系 (35)图18 云服务安全性重点关注方向 (37)图19 企业数字基础设施云化管理示意图 (46)图20 新基建的三方面 (49)图21 云计算在新基建中的作用 (50)图22 信息基础设施与计算机系统的类比 (51)图23 云计算对5G网络架构改造示意 (54)图24 多个数据中心之间的网络联接 (56)图25 云计算对算力基础设施的资源整合与分配 (56)表目录表1 传统安全与云原生体系安全的主要区别 (31)云计算自2006年提出至今，大致经历了形成阶段、发展阶段和应用阶段。

研发运营安全白皮书（2020年）云计算开源产业联盟OpenSource Cloud Alliance for industry，OSCAR2020年7月版权声明本白皮书版权属于云计算开源产业联盟，并受法律保护。

转载、摘编或利用其它方式使用本调查报告文字或者观点的，应注明“来源：云计算开源产业联盟”。

违反上述声明者，本联盟将追究其相关法律责任。

前言近年来，安全事件频发，究其原因，软件应用服务自身存在代码安全漏洞，被黑客利用攻击是导致安全事件发生的关键因素之一。

随着信息化的发展，软件应用服务正在潜移默化的改变着生活的各个方面，渗透到各个行业和领域，其自身安全问题也愈发成为业界关注的焦点。

传统研发运营模式之中，安全介入通常是在应用系统构建完成或功能模块搭建完成之后，位置相对滞后，无法完全覆盖研发阶段的安全问题。

在此背景下，搭建整体的研发运营安全体系，强调安全左移，覆盖软件应用服务全生命周期安全，构建可信理念是至关重要的。

本白皮书首先对于研发运营安全进行了概述，梳理了全球研发运营安全现状，随后对于信通院牵头搭建的研发运营安全体系进行了说明，归纳了研发运营安全所涉及的关键技术。

最后，结合当前现状总结了研发运营安全未来的发展趋势，并分享了企业组织研发运营安全优秀实践案例以供参考。

参与编写单位中国信息通信研究院、华为技术有限公司、深圳市腾讯计算机系统有限公司、阿里云计算有限公司、浪潮云信息技术股份公司、京东云计算（北京）有限公司、北京金山云网络技术有限公司、深圳华大生命科学研究院、奇安信科技集团股份有限公司、杭州默安科技有限公司、新思科技（上海）有限公司主要撰稿人吴江伟、栗蔚、郭雪、耿涛、康雪婷、徐毅、章可镌、沈栋、郭铁涛、张祖优、马松松、黄超、伍振亮、祁景昭、朱勇、贺进、宋文娣、张娜、蔡国瑜、张鹏程、张玉良、董国伟、周继玲、杨国梁、肖率武、薛植元目录一、研发运营安全概述 (1)（一）研发层面安全影响深远，安全左移势在必行 (1)（二）覆盖软件应用服务全生命周期的研发运营安全体系 (4)二、研发运营安全发展现状 (5)（一）全球研发运营安全市场持续扩大 (5)（二）国家及区域性国际组织统筹规划研发运营安全问题 (7)（三）国际标准组织及第三方非盈利组织积极推进研发运营安全共识 (12)（四）企业积极探索研发运营安全实践 (14)（五）开发模式逐步向敏捷化发展，研发运营安全体系随之向敏捷化演进 (19)三、研发运营安全关键要素 (21)（一）覆盖软件应用服务全生命周期的研发运营安全体系 (22)（二）研发运营安全解决方案同步发展 (31)四、研发运营安全发展趋势展望 (41)附录：研发运营安全优秀实践案例 (43)（一）华为云可信研发运营案例 (43)（二）腾讯研发运营安全实践 (50)（三）国家基因库生命大数据平台研发运营安全案例 (58)图目录图1 Forrester外部攻击对象统计数据 (2)图2研发运营各阶段代码漏洞修复成本 (3)图3 研发运营安全体系 (4)图4 Cisco SDL体系框架图 (16)图5 VMware SDL体系框架图 (17)图6 微软SDL流程体系 (20)图7 DevSecOps体系框架图 (21)图8 研发运营安全解决方案阶段对应图 (32)表目录表1 2019-2020全球各项安全类支出及预测 (6)表2 2019-2020中国各项安全类支出及预测 (7)表3 重点国家及区域性国际组织研发运营安全相关举措 (12)表4 国际标准组织及第三方非营利组织研发运营安全相关工作 (14)表5 企业研发运营安全具体实践 (19)表6 SDL与DevSecOps区别对照 (21)一、研发运营安全概述（一）研发层面安全影响深远，安全左移势在必行随着信息化的发展，软件应用服务正在潜移默化的改变着生活的各个方面，渗透到各个行业和领域，软件应用服务的自身安全问题也愈发成为业界关注的焦点。