A. Shraer, C. Cachin, Asaf Cidon, I. Keidar, Yan Michalevsky, Dani Shaket
This paper presents Venus, a service for securing user interaction with untrusted cloud storage. Specifically, Venus guarantees integrity and consistency for applications accessing a key-based object store service, without requiring trusted components or changes to the storage provider. Venus completes all operations optimistically, guaranteeing data integrity. It then verifies operation consistency and notifies the application. Whenever either integrity or consistency is violated, Venus alerts the application. We implemented Venus and evaluated it with Amazon S3 commodity storage service. The evaluation shows that it adds no noticeable overhead to storage operations.
{"title":"Venus: verification for untrusted cloud storage","authors":"A. Shraer, C. Cachin, Asaf Cidon, I. Keidar, Yan Michalevsky, Dani Shaket","doi":"10.1145/1866835.1866841","DOIUrl":"https://doi.org/10.1145/1866835.1866841","url":null,"abstract":"This paper presents Venus, a service for securing user interaction with untrusted cloud storage. Specifically, Venus guarantees integrity and consistency for applications accessing a key-based object store service, without requiring trusted components or changes to the storage provider. Venus completes all operations optimistically, guaranteeing data integrity. It then verifies operation consistency and notifies the application. Whenever either integrity or consistency is violated, Venus alerts the application. We implemented Venus and evaluated it with Amazon S3 commodity storage service. The evaluation shows that it adds no noticeable overhead to storage operations.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122527486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security incident handling, an integral part of security management, treats detection and analysis of security incidents as well as the subsequent response (i.e., containment, eradication, and recovery.) Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. This paper examines, how the changes introduced by cloud computing influence the incident handling process. It identifies problems that cloud customers encounter in each of the incident handling steps and provides possible approaches and corresponding challenges. The identified approaches provide guidance for cloud customers and cloud service providers towards effective incident handling in the cloud; the identified challenges may serve as basis for a research agenda in cloud incident handling.
{"title":"Towards incident handling in the cloud: challenges and approaches","authors":"Bernd Grobauer, T. Schreck","doi":"10.1145/1866835.1866850","DOIUrl":"https://doi.org/10.1145/1866835.1866850","url":null,"abstract":"Security incident handling, an integral part of security management, treats detection and analysis of security incidents as well as the subsequent response (i.e., containment, eradication, and recovery.) Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. This paper examines, how the changes introduced by cloud computing influence the incident handling process. It identifies problems that cloud customers encounter in each of the incident handling steps and provides possible approaches and corresponding challenges. The identified approaches provide guidance for cloud customers and cloud service providers towards effective incident handling in the cloud; the identified challenges may serve as basis for a research agenda in cloud incident handling.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129930792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Timing side-channels represent an insidious security challenge for cloud computing, because: (a) massive parallelism in the cloud makes timing channels pervasive and hard to control; (b) timing channels enable one customer to steal information from another without leaving a trail or raising alarms; (c) only the cloud provider can feasibly detect and report such attacks, but the provider's incentives are not to; and (d) resource partitioning schemes for timing channel control undermine statistical sharing efficiency, and, with it, the cloud computing business model. We propose a new approach to timing channel control, using provider-enforced deterministic execution instead of resource partitioning to eliminate timing channels within a shared cloud domain. Provider-enforced determinism prevents execution timing from affecting the results of a compute task, however large or parallel, ensuring that a task's outputs leak no timing information apart from explicit timing inputs and total compute duration. Experiments with a prototype OS for deterministic cloud computing suggest that such an approach may be practical and efficient. The OS supports deterministic versions of familiar APIs such as processes, threads, shared memory, and file systems, and runs coarse-grained parallel tasks as efficiently and scalably as current timing channel-ridden systems.
{"title":"Determinating timing channels in compute clouds","authors":"Amittai Aviram, Sen Hu, B. Ford, R. Gummadi","doi":"10.1145/1866835.1866854","DOIUrl":"https://doi.org/10.1145/1866835.1866854","url":null,"abstract":"Timing side-channels represent an insidious security challenge for cloud computing, because: (a) massive parallelism in the cloud makes timing channels pervasive and hard to control; (b) timing channels enable one customer to steal information from another without leaving a trail or raising alarms; (c) only the cloud provider can feasibly detect and report such attacks, but the provider's incentives are not to; and (d) resource partitioning schemes for timing channel control undermine statistical sharing efficiency, and, with it, the cloud computing business model. We propose a new approach to timing channel control, using provider-enforced deterministic execution instead of resource partitioning to eliminate timing channels within a shared cloud domain. Provider-enforced determinism prevents execution timing from affecting the results of a compute task, however large or parallel, ensuring that a task's outputs leak no timing information apart from explicit timing inputs and total compute duration. Experiments with a prototype OS for deterministic cloud computing suggest that such an approach may be practical and efficient. The OS supports deterministic versions of familiar APIs such as processes, threads, shared memory, and file systems, and runs coarse-grained parallel tasks as efficiently and scalably as current timing channel-ridden systems.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126863588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a design for a file system that provides a secure file storage service for Web 2.0 applications. Currently, each Web application stores its own user data. This not only burdens the applications with storing, managing, and securing user data but also deprives users from controlling their own data. With recent proposals of secure client-side cross-domain communication mechanisms, we can provide an independent file system service to Web applications. This service returns the control over user data back to the users, where users can share or restrict access to their files as they wish, and relieves web application servers from the contractual or regulatory obligation of safeguarding user data.
{"title":"Secure file system services for web 2.0 applications","authors":"F. Hsu, Hao Chen","doi":"10.1145/1655008.1655011","DOIUrl":"https://doi.org/10.1145/1655008.1655011","url":null,"abstract":"We present a design for a file system that provides a secure file storage service for Web 2.0 applications. Currently, each Web application stores its own user data. This not only burdens the applications with storing, managing, and securing user data but also deprives users from controlling their own data. With recent proposals of secure client-side cross-domain communication mechanisms, we can provide an independent file system service to Web applications. This service returns the control over user data back to the users, where users can share or restrict access to their files as they wish, and relieves web application servers from the contractual or regulatory obligation of safeguarding user data.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114472472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a one-year period. Unlike common delivery of email spam, the spammers did not use bots, but took advantage of an official Chinese site as a relay. Based on our analysis of TrackBack misuse found in the wild, we propose an authenticated TrackBack mechanism that defends against TrackBack spam even if attackers use a very large number of different source addresses and generate unique URLs for each TrackBack blog.
{"title":"TrackBack spam: abuse and prevention","authors":"Elie Bursztein, Peifung E. Lam, John C. Mitchell","doi":"10.1145/1655008.1655010","DOIUrl":"https://doi.org/10.1145/1655008.1655010","url":null,"abstract":"Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a one-year period. Unlike common delivery of email spam, the spammers did not use bots, but took advantage of an official Chinese site as a relay. Based on our analysis of TrackBack misuse found in the wild, we propose an authenticated TrackBack mechanism that defends against TrackBack spam even if attackers use a very large number of different source addresses and generate unique URLs for each TrackBack blog.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132491041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Biddle, P. V. Oorschot, Andrew S. Patrick, J. Sobey, Tara Whalen
There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.
面对各种攻击,人们对SSL证书和浏览器接口提供的安全性失去了信心。作为一种回应,随着扩展验证(EV) SSL证书的引入,基本SSL服务器证书被降级为二等证书。不幸的是,EV SSL证书可能会使有效地向普通用户传递证书信息这一已经很困难的设计挑战复杂化。本研究探讨了在最广泛部署的浏览器(Internet Explorer 7)中与SSL证书相关的界面,提出了一组可选择的界面对话框,并通过涉及40名参与者的用户研究比较了它们的有效性。研究发现,替代界面在信心、查找信息的便利性和理解便利性方面提供了统计上显著的改进。通过适度的重新设计所得到的结果表明,目前浏览器的用户界面还有很大的改进空间。这项工作促使人们进一步研究EV SSL证书是否为提高互联网信任提供了坚实的基础,还是进一步损害了普通用户的可用安全性。
{"title":"Browser interfaces and extended validation SSL certificates: an empirical study","authors":"R. Biddle, P. V. Oorschot, Andrew S. Patrick, J. Sobey, Tara Whalen","doi":"10.1145/1655008.1655012","DOIUrl":"https://doi.org/10.1145/1655008.1655012","url":null,"abstract":"There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127712312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weichao Wang, Zhiwei Li, Rodney Owens, B. Bhargava
Providing secure and efficient access to large scale outsourced data is an important component of cloud computing. In this paper, we propose a mechanism to solve this problem in owner-write-users-read applications. We propose to encrypt every data block with a different key so that flexible cryptography-based access control can be achieved. Through the adoption of key derivation methods, the owner needs to maintain only a few secrets. Analysis shows that the key derivation procedure using hash functions will introduce very limited computation overhead. We propose to use over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. We design mechanisms to handle both updates to outsourced data and changes in user access rights. We investigate the overhead and safety of the proposed approach, and study mechanisms to improve data access efficiency.
{"title":"Secure and efficient access to outsourced data","authors":"Weichao Wang, Zhiwei Li, Rodney Owens, B. Bhargava","doi":"10.1145/1655008.1655016","DOIUrl":"https://doi.org/10.1145/1655008.1655016","url":null,"abstract":"Providing secure and efficient access to large scale outsourced data is an important component of cloud computing. In this paper, we propose a mechanism to solve this problem in owner-write-users-read applications. We propose to encrypt every data block with a different key so that flexible cryptography-based access control can be achieved. Through the adoption of key derivation methods, the owner needs to maintain only a few secrets. Analysis shows that the key derivation procedure using hash functions will introduce very limited computation overhead. We propose to use over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. We design mechanisms to handle both updates to outsourced data and changes in user access rights. We investigate the overhead and safety of the proposed approach, and study mechanisms to improve data access efficiency.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127871409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xinwen Zhang, Joshua Schiffman, S. Gibbs, A. Kunjithapatham, Sangoh Jeong
Cloud computing provides elastic computing infrastructure and resources which enable resource-on-demand and pay-as-you-go utility computing models. We believe that new applications can leverage these models to achieve new features that are not available for legacy applications. In our project we aim to build elastic applications which augment resource-constrained platforms, such as mobile phones, with elastic computing resources from clouds. An elastic application consists of one or more weblets, each of which can be launched on a device or cloud, and can be migrated between them according to dynamic changes of the computing environment or user preferences on the device. This paper overviews the general concept of this new application model, analyzes its unique security requirements, and presents our design considerations to build secure elastic applications. As first steps we propose a solution for authentication and secure session management between weblets running device side and those on the cloud. We then propose secure migration and how to authorize cloud weblets to access sensitive user data such as via external web services. We believe some principles in our solution can be applied in other cloud computing scenarios such as application integration between private and public clouds in an enterprise environment.
{"title":"Securing elastic applications on mobile devices for cloud computing","authors":"Xinwen Zhang, Joshua Schiffman, S. Gibbs, A. Kunjithapatham, Sangoh Jeong","doi":"10.1145/1655008.1655026","DOIUrl":"https://doi.org/10.1145/1655008.1655026","url":null,"abstract":"Cloud computing provides elastic computing infrastructure and resources which enable resource-on-demand and pay-as-you-go utility computing models. We believe that new applications can leverage these models to achieve new features that are not available for legacy applications. In our project we aim to build elastic applications which augment resource-constrained platforms, such as mobile phones, with elastic computing resources from clouds. An elastic application consists of one or more weblets, each of which can be launched on a device or cloud, and can be migrated between them according to dynamic changes of the computing environment or user preferences on the device. This paper overviews the general concept of this new application model, analyzes its unique security requirements, and presents our design considerations to build secure elastic applications. As first steps we propose a solution for authentication and secure session management between weblets running device side and those on the cloud. We then propose secure migration and how to authorize cloud weblets to access sensitive user data such as via external web services. We believe some principles in our solution can be applied in other cloud computing scenarios such as application integration between private and public clouds in an enterprise environment.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129232620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, P. Ning
Cloud computing is revolutionizing how information technology resources and services are used and managed but the revolution comes with new security problems. Among these is the problem of securely managing the virtual-machine images that encapsulate each application of the cloud. These images must have high integrity because the initial state of every virtual machine in the cloud is determined by some image. However, as some of the enefits of the cloud depend on users employing images built by third parties, users must also be able to share images safely.� This paper explains the new risks that face administrators and users (both image publishers and image retrievers) of a cloud's image repository. To address those risks, we propose an image management system that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations. Filters and scanners achieve efficiency by exploiting redundancy among images; an early implementation of the system shows that this approach scales better than a naive approach that treats each image independently.
{"title":"Managing security of virtual machine images in a cloud environment","authors":"Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, P. Ning","doi":"10.1145/1655008.1655021","DOIUrl":"https://doi.org/10.1145/1655008.1655021","url":null,"abstract":"Cloud computing is revolutionizing how information technology resources and services are used and managed but the revolution comes with new security problems. Among these is the problem of securely managing the virtual-machine images that encapsulate each application of the cloud. These images must have high integrity because the initial state of every virtual machine in the cloud is determined by some image. However, as some of the enefits of the cloud depend on users employing images built by third parties, users must also be able to share images safely.\u0000 This paper explains the new risks that face administrators and users (both image publishers and image retrievers) of a cloud's image repository. To address those risks, we propose an image management system that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations. Filters and scanners achieve efficiency by exploiting redundancy among images; an early implementation of the system shows that this approach scales better than a naive approach that treats each image independently.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115381079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Himanshu Raj, Ripal Nathuji, Abhishek Singh, P. England
The cloud infrastructure provider (CIP) in a cloud computing platform must provide security and isolation guarantees to a service provider (SP), who builds the service(s) for such a platform. We identify last level cache (LLC) sharing as one of the impediments to finer grain isolation required by a service, and advocate two resource management approaches to provide performance and security isolation in the shared cloud infrastructure - cache hierarchy aware core assignment and page coloring based cache partitioning. Experimental results demonstrate that these approaches are effective in isolating cache interference impacts a VM may have on another VM. We also incorporate these approaches in the resource management (RM) framework of our example cloud infrastructure, which enables the deployment of VMs with isolation enhanced SLAs.
{"title":"Resource management for isolation enhanced cloud services","authors":"Himanshu Raj, Ripal Nathuji, Abhishek Singh, P. England","doi":"10.1145/1655008.1655019","DOIUrl":"https://doi.org/10.1145/1655008.1655019","url":null,"abstract":"The cloud infrastructure provider (CIP) in a cloud computing platform must provide security and isolation guarantees to a service provider (SP), who builds the service(s) for such a platform. We identify last level cache (LLC) sharing as one of the impediments to finer grain isolation required by a service, and advocate two resource management approaches to provide performance and security isolation in the shared cloud infrastructure - cache hierarchy aware core assignment and page coloring based cache partitioning. Experimental results demonstrate that these approaches are effective in isolating cache interference impacts a VM may have on another VM. We also incorporate these approaches in the resource management (RM) framework of our example cloud infrastructure, which enables the deployment of VMs with isolation enhanced SLAs.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133712467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: