Transcript 基于社区云的互联网安全威胁监测与应急响应体系 诸葛建伟 2010

基于社区云的互联网安全威胁
监测与应急响应体系
诸葛建伟
2010-7
云计算的NIST定义
• 公有云(Public Cloud)
• 私有云(Private Cloud)
• 混合云(Hybrid Cloud)
• 社区云(Community Cloud)
互联网安全威胁监测与应急响应
• 依赖于安全社区合作
– 没有一个角色能够完成所有事情
• 监测
– CERT、安全公司、研究机构
• 应急响应协调
– CERT
• 应急处置
– ISP、User、Police
Why 安全社区云?
• 云计算并不是炒作，而是技术发展潮流
– 安全社区要跟上潮流云安全
– SaaS另解: Security as a Service
• 安全社区云
–
–
–
–
私有云：网站挂马监测“私有云”
公有云：威胁分析、追踪公共服务进入公有云
混合云：私有云+公有云的数据交互与任务流程
社区云：多方合作，能力的集成多方混合云
（社区云）
• GSoC’10 HoneyCloud proposed idea: but no
student apply
How - Hybrid Cloud
• Public Cloud: Google AppEngine, MS Azore
–
–
–
–
–
–
Google/baidu Searching: Google SB, defacement, suspicious websites
Community Blacklist Tracking: XBL, …
Honeypot & Malware Collection: dienaeo, 2-stage collection, Honeynet
Community Analysis Service: virustotal, cwsandbox, wepawet, …
BotNet Tracking: IRC/HTTP
DNS/IP Tracking: DNS->IP->Location->Whois
• Private Cloud: VMware vSphere, MS open sourced ???
– Threat Detection: web-based malware detection (MwSandbox,
MwDetector, ...)
– Malware Analysis: MwSandbox, PHoneyC, …
– Threat Data Center + Data API + Work Flow API
• Hybrid Cloud = Public Cloud + Private Cloud
– Threat Data Flow and Work Flow
How - Community Cloud
• Threat Data  End User
– Private Cloud: Threat Data Center / Email subscribe
• Use current public community threat data/services
– Public Cloud: wrapper
• Other CERT/Security Companies/Research Institutes
– Threat Data API: Threat Data Exchange
– Build the measurement, analysis, tracking solutions
together: Combine Multiple Hybrid/Public/Private Cloud