Abstract
OBJECTIVE:
To maintain the stable operation of cloud computing-based power safety management software.
METHODS:
Through the analysis of cloud computing software, the paper proposes relevant improvement strategies based on the shortcomings of these software.
RESULTS AND ANALYSIS:
Through the TAO architecture for security services, safe communication is achieved to ensure stable operation.
CONCLUSION:
The security service structure designed in this paper has made two application modes possible, including the user-independent general security agent mode and the interface method-level fine security control mode, and the infrastructure improves the reliability of software operation and is worthy of promotion.
Introduction
With the development level of modern computer network technology, the cloud computing technology has been widely used, including the power industry. For power companies, the cloud computing technology can calculate the data required for intelligent power operation from big data, and thus can effectively help improve the accuracy and correctness of intelligent operation of power companies. However, regarding to the level of modern computer network technology, the majority of cloud-based power security management software still have a large potential for attack. If a technical system is damaged due to network supply, it may still cause major power accidents. Therefore, as to the related modern fields, the first and foremost problem is how to improve the operation of cloud computing power security management software.
This paper first analyzes the cloud computing power security management software to understand the common problems in the operation of the software, so as to provide the basis for follow-up researches. And then combined with the general data access servers, the high-speed data access servers, and the historical data access servers, etc., on the basis of actual security requirements of commonly used CIS servers in power system software based on IEC61970, and after a detailed analysis of the typical scenarios of the security services of the Cis server, a cloud computing-based Cis security service structure is developed, enabling users to utilize the user-independent universal safe agent and the interface method level fine security control these two application modes.
Literature review
Cloud computing is a new way of computing service. It applies its unique advantages, such as broadband interconnection, resource pool sharing, elastic configuration, on-demand service and quantity charging, in store security management. By delegating computing tasks and data to cloud providers, store managers greatly reduce the burden of managers’ computation and storage. At the same time, it also means that the managers have lost control of their computing tasks and data. Therefore, the security problem of cloud computing platform has become an important issue in the field of cloud computing.
As the influence of cloud computing becomes more and more extensive, the security problem in cloud computing has attracted more and more attention. Because of the large scale, high dynamic and high openness of cloud computing, it not only faces the common security problems, such as the security threats of the host system layer, network layer, transmission layer and application layer, but also faces the security risks caused by its inherent characteristics. In this regard, many individuals and organizations have conducted in-depth discussions. For instance, Abbas and other scholars illustrated the security and privacy of cloud computing [1]; Anjum and so on also discussed the security problems, requirements and challenges of cloud computing, and put forward a proposed security standard and management model [2]. In addition, Hassan Reza analysed the interests and risks of cloud computing, and proposed the suggestions to protect the security of information in the cloud [3]; Saad Khan and others discussed 13 topics for the security problems in cloud computing, gave a guiding proposal for users, and published the technical report of 10 major security threats [4]; while the RSA Information Security Industry Department of EMC discussed the security issues of cloud infrastructure from the bottom. At home, some colleagues also discussed cloud computing security issues. So far, many aspects of cloud computing security have been highly valued. Because of the general security problem in cloud computing, there are already mature products to be defended. The following is the analysis and summary of the unique security problems in the cloud environment with the most common concern.
This is mainly manifested in the following aspects: the first is the security problem caused by delegated computing service mode. In cloud computing, users delegate computing tasks and data to cloud providers, which means that users lose control of their computing tasks and data. Luna and so on pointed out that the platform provided by cloud service providers had many security risks, such as hacker attacks, inherent software defects, misconfiguration, and employee love, which are bound to cause users to worry about cloud service providers [5]. At the same time, cloud providers may also buy services provided by other cloud providers. This complex relationship will further enhance the security risk of cloud computing. The second is the security problem caused by virtualization technology. Virtualization is an important technical means for cloud computing to provide different levels of service, but it also brings its own security problems, as well as the security and management of virtual machines. A typical cloud computing platform is leased to different users by virtualization, and the virtual resources of different users may be bound to the same physical resources, so that different virtual machines may access the same physical device. The third is the security problem of cloud related management software. Cloud related management software includes cloud security management software, billing management software, cloud manager components and so on. They are an important component of cloud infrastructure and the security of the cloud directly affects the security of the cloud computing platform. For cloud security management software, they provide a variety of functions, such as authentication, authorization, access control, audit, and so on, to protect the user’s data and privacy from a number of angles. The fourth is the establishment of cloud computing security standards and evaluation system. The implementation of cloud computing security needs a security standard and evaluation system to measure the ability of cloud service providers to provide security services, and also as an important reference for security service providers to provide security services. The last is the establishment of a security supervision system for cloud computing. Science and technology is a double-edged sword. Cloud computing brings great value to users, but also brings great convenience to attackers. Therefore, increasing the supervision of cloud computing security has been widely looked forward to, but unfortunately, there is a general lack of an effective safety supervision system in the current cloud environment.
Since all aspects of cloud computing security have aroused people’s concern, people have put forward corresponding solutions to these problems. In the field of cloud computing security standards and evaluation systems, Reza and Sonawane studied the compliance management methods under the cloud environment, and proposed the use of regional specific languages and compliance hierarchical protocols to determine the compliance requirements for security, privacy and trusted [6]; Luna discussed the content requirements of service level agreement (SLA), and proposed the recommendations for standardization of SLA; Kannisto and so on further summed up the content of security service hierarchy protocol. These research results played a very important role in enhancing the trust of users in cloud providers [7].
To sum up, the above research works mainly build a secure, efficient and universal trusted cloud computing platform (TCCP) based on trusted computing base (TCB) from the perspective of cloud infrastructure security. In addition, the paper makes a further study of the security architecture of the trusted cloud computing platform, the integrity measurement and protection of the trusted cloud computing platform, the remote proof of trusted cloud computing platform, and unified identity authentication of trusted cloud computing platform cloud users 4 aspects. Therefore, based on the above research status, this paper mainly focuses on power safety management software based on cloud computing. Based on trusted computing and virtual machine technology, a trusted cloud computing platform is built, and a trusted cloud environment is established in the real sense, which provides a guarantee for store managers to truly enjoy the value of cloud computing. The research results of this paper not only provide support for the research of the power security management software based on cloud computing, but also provide some reference for the research direction of the security technology based on trusted computing.
Method
The operation problems of cloud computing power safety management software
In the cloud computing power security management software, the entity can be either a human user or an independently operated software entity. If an entity wants to access or use a certain security system, it must first obtain the corresponding power. “An entity proves its identity to obtain its power of using the security system, and one method of proving its identity can be claiming ‘who they are’, and then providing evidence that it is the claimed entity. “Each entity has at least one identity and can also have multiple identities”. For example, an entity owns an identity to access the system, which is called access and recorded as entity, and it has another identity representing the same entity in the system audit recording, which is called audit and recorded as entityo. The entity can also have other privileges to further quantify its power in the system. Identities are called identity attributes, and privileges are called privilege attributes. “Multiple mechanisms can be used to authenticate the entities. The mechanism used by a particular system can be an integrated component or not. A security system may rely on the external mechanisms to authenticate the entities, such as a login program which uses the operating system”. The important thing is that this security model does not have specific methods of authenticating entities, but leaves it to the other organizations, such as a designer who achieves cloud computing security or even another OMG specification.
Authorization of attributes
Assume such a scenario, as shown in Fig. 1. Object A performs an operation on the behalf of object C and needs to call a method on another object Q. “In a system without security services, this situation is quite normal and will not cause any problems”. However, in a secure system, C-)A is a safe call, and one problem occurs that whose credential is used when A invokes the call on Q.
Hypothesis scenario.
A target object (such as A) acts as an intermediate object of another entity (such as C) to start an operation, and the target object is called the initiating body or the initial body. Another subject (such as Q) may provide its own identity and privilege, and may also provide the identity and privilege of the initiating body. “In the first case, the intermediate object uses the role of the initial body to interact with the new target subject, which is like the situation when an agent temporarily adopts the power of the agent”. In the second case, the intermediate subject is actually the intermediary between the initial body and the new target subject.” The security strategies implemented on the new target subject is based on the identity and privilege attributes provided by the intermediate subject.
System functions
The system can perform the following functions: entry of equipment defects, determination of the defect nature, limited-time processing of defects, alarm prompts when defects are exceeded, statistical analysis of defects, classified query of defects, accident analysis query, and statistics recording of defect deficiencies.
System operation mode
The main logic module program of the system is loaded on the microcomputers of each production floor network, and the business flow is implemented on the computer according to the system flowchart. The equipment defects are entered by the operating personnels, and the information of defect management system is distributed to leaders and the maintenance personnel on the internet through certain levels of confidentiality, so that relevant personnel on the network can browse and search through the browser.
Query of equipment defects
The system can implement query statistics of all the equipment defect conditions, the equipment defect processing, and the query statistics of logs, in order to help supervisors and the maintenance personnel understand the equipment defects and take corresponding measures.
Design of CIS security service structure
Requirement analysis of CIS security service structure
There is the main scenario for exchanging CIM data between power information system applications that use cloud computing security services. In this scenario:
The server ORB initializes, establishing a context for security services. The cloud computing object is created. To launch the cloud computing object references through a certain way, which contains a series of security-related information. The client application obtains cloud computing object references through a certain approach. The client application ORB initializes. The client application analyzes the security information in the cloud computing object reference, loads its own security certificate, and authorizes the client application ORB to establish a secure connection. The client application ORB uses the security certificate provided by the client application to negotiate with the server ORB to establish a secure connection. After the security connection is established, the corresponding security context information is modified. In addition to the main application scenario in which the client application uses secure connection to exchange data with the server cloud computing objects, there are other scenarios related to security management, such as administrators creating users, administrators deleting users, users modifying passwords, administrators creating a security object, administrators adding a privilege to a certain security object, and administrators giving a user a privilege of a security object. Analyzing these scenarios can generate a CIS security service framework.
For example, the apply_update method of oDAResoureeupdateserviee approach realizes the adding and deleting of resources and modifying semantics. The security control for this method cannot be simply defined as whether it could have the access right to the method to achieve the purposes of respectively controlling whether users have an Add! Delete! Modify! and other rights.
In this paper, three open source cloud computing products are selected, and they a re 1, AO, Othacus and Jac0RB. However, due to time limit, the test which is centered on 0ORB (client/server) and based on CPP language is emphasized. The Othacus and Jac0RB, which are both based on Java language, are mainly used as client terminals to verify the security interoperability between different ORBs. Both the server and client terminal adopt 1, AO security services to perform one level of application testing respectively.
Security policy controlling Application: This application sets the security policy to control the protection level of the object system to the application; however, in the policy implementation process, the application does not have the responsibility to play an active role, but listens to the object system itself. The levels of information protection could be determined by setting SecurityLeve12::Qoppoliey, the levels of call trust could be determined by setting SecurityLeve12::EstablishTrustpoliey, and the security context could be changed by setting Se”urityLeve13::C”ntextEStablishmentPoliey. This test separately verifies that the protection level of the application could be changed by setting the values of these three policies in the operation process.
Results and analysis
Fine control of security services
The TAO architecture for security services is shown in Fig. 2. In line with the OMG specification, the TAO architecture uses SSL as its underlying security technology. “SSUOP is a secure communication protocol, which uses SSL to establish a secure connection and provide information protection”. The security context information could be obtained through the following objects.
TAO architecture for security services.
The data storage structure of the security service center.
The security management related to cloud computing service method implementation logic cannot use public security agents, and security management code! must be inserted by programmers in the method implementation of cloud computing services to realize more fine-grained control. “Fine control at the interface method level could control all aspects related to security services”. For example, the apply_update() method of the ResoureeUpdateservice in the GDA (Universal Data Access) Cls of the IEC 61970-based power system automation software achieves the Add! Delete! of resources and semantics Modify!, and the security control for this method cannot simply be defined as whether there is an access right to the method to achieve the purpose of separately controlling whether the user has rights of adding, deleting, and modifying, etc.
Data storage function
The secure data of the security service center is stored in the format of an XML file. The schema information of this XML file is stored in the SXD file (see Appendix D). “The root element of the XML file is
Core (a).
Core (b).
Core (c).
Conclusion
In the era of big data and cloud computing, how to enhance the application of cloud computing in the power industry is an important direction for the development of power companies. However, the operation of technical software will inevitably be affected by various aspects, and therefore power companies should pay more attention to the operational safety of technical software before cloud computing development. This paper first studies a series of security problems faced by distributed systems and the OMG cloud computing standards as one of the mainstream standards for distributed processing to address these security issues. Then, based on a careful study of the cloud computing security infrastructure, such as cloud computing security service specifications and security reference models, combined with the actual security requirements of general data access (GDA) servers, high-speed data access (HSDA) servers, historical data access (TSDA) servers and other common Cis servers based on IEC61970 power system software, as well as a detailed analysis of typical scenarios of the security requirements of Cis servers, this paper designed a Cis architecture for security services, to achieve the user-independent universal security agent and interface method-level fine security control these two application modes.
