学术信息资源云存储安全保障架构及防控措施研究  被引量：12

作　　者：仇蓉蓉[1] 胡昌平[1] 冯亚飞 Qiu Rongrong;Hu Changping;Feng Yafei(School of Information Management,Wuhan University,Wuhan 43007)

机构地区：[1]武汉大学信息管理学院,武汉430072

出　　处：《图书情报工作》2018年第23期106-112,共7页Library and Information Service

基　　金：国家社会科学重大基金项目"云环境下国家数字学术资源信息安全保障体系研究"(项目编号:14ZDB168)研究成果之一

摘　　要：[目的/意义]信息安全是学术信息资源云存储的重要影响因素,有效的信息安全保障架构和防控措施可以为云存储服务商改进其存储服务提供建议,也可以为用户选择云存储服务平台提供参考。[方法/过程]在对学术信息资源云存储进行安全需求分析的基础上,构建学术信息资源云存储安全部署架构和安全运行架构,并从应用安全保障、内容安全保障、数据安全保障、虚拟化安全保障、基础设施安全保障5个方面对学术信息资源云存储安全防控措施进行研究。其中,应用安全保障包括用户身份认证、用户身份管理、访问控制、应用程序和接口安全4个方面;内容安全保障包括内容安全检测、内容安全控制2个方面;数据安全保障包括数据加密、数据完整性验证、数据确定性删除、数据容灾备份与恢复、数据迁移5个方面;虚拟化安全保障包括安全域隔离、用户数据隔离、多租户管理3个方面;基础设施安全保障包括云存储设施安全、物理环境安全、网络安全3个方面。[结果/结论]安全部署架构为学术信息资源云存储的安全部署提供参考,安全运行架构揭示学术信息资源云存储的安全保障要素和安全保障流程,安全防控措施为学术信息资源云存储提供安全保障技术策略。[Purpose/significance] Information security is an important factor for cloud storage of academic information resources to store in the cloud. Effective information security assurance framework and control measures can provide recommendations for cloud storage service providers to improve their storage services, and it can also offer references for users to choose cloud storage service platforms. [ Method/process ] Based on the security requirement analysis of academic information resources stored in the cloud,this paper built a security deployment framework and a security operation framework for academic information resources to store in cloud. Then, this paper researched the protection and control measures for academic information resources to store in the cloud from five aspects of application security assurance, virtualization security assurance, and infrastructure security assurance, data security assurance, and content security assurance. Application security assurance includes user identity authentication, user identity management, access control, application program and interface security. Virtualization security assurance includes security domain isolation, user data isolation and multi-tenant management. The infrastructure security assurance includes cloud storage facility security, physical environment security and network security. Data security assurance includes data encryption, data integrity verification, data assured deletion, data backup and recovery and data migration. Content security assurance includes content security detection and content security control. [ Result/conclusion ] The security deployment framework can provide a reference for the security deployment of the academic information resource to store in the cloud. The security operation framework reveales the security assurance elements and security process for the academic information resources to storage in the cloud. The security prevention and control measures provide the security technology strategy for academic information resou

关 键 词：学术信息资源 云存储 安全保障架构 安全防控措施 

分 类 号：G251[文化科学—图书馆学]