关键词: 云计算平台, 安全能力, 评估体系, 评估指标, 评估方法, IaaS

Abstract: As the basic support platform for providing cloud services, cloud computing platform not only bears important security functions and unlimited data value, but also means that cloud computing platform has become the main target of attack and faces huge security risks. How to evaluate the security capability of cloud computing platform is an important issue that needs to be solved urgently. Compared with the traditional information system, the cloud computing platform has its own characteristics and particularity. The traditional evaluation methods can not accurately evaluate the security capability of the cloud computing platform. At present, there is no feasible evaluation system to evaluate the security capability of the cloud computing platform. Based on the summary of practical experience, this paper constructs the security capability evaluation system of cloud computing platform from three aspects of dynamic security evaluation, performance efficiency evaluation and static compliance verification, constructs the security capability evaluation system of cloud computing platform, designs scientific and reasonable evaluation indexes and methods, which can comprehensively test the actual security capability of cloud computing platform and can horizontally compare each other The actual security capability of the cloud computing platform can support the assessment institutions to carry out the assessment of the security capability of the cloud computing platform, and also help the cloud service providers to improve the security service capability against risk issues.

Key words: cloud computing platform, security capability, Evaluation system, evaluating indicator , Evaluation method, IaaS