Concerning the secondary attack problem of virus in cloud computing， data center and other virtual network-based environments， the virus propagation and immune mechanism under the background of dynamic platform defense was studied， and a heterogeneous backup based network virus defense method was proposed. Firstly， the process of secondary attack of redundant backup was analyzed， and the law of virus action was summarized. At the same time， combined with the idea of dynamic platform defense， the heterogeneous platform state node was introduced， and a Susceptible-Escaped-Infected-Removed-Heterogeneous-Susceptible （SEIRHS） virus propagation model was proposed. Secondly， the local stability at the equilibrium point of the model was proved by using the Routh-Hurwitz stability criterion， and the basic reproductive number was solved. Finally， the proposed model was compared with the traditional Susceptible-Infected-Removed （SIR） and Susceptible-Escaped-Infected-Removed （SEIR） models through simulation analysis， the stability of the model was verified， and the effect of virus propagation influencing factors on virus spread scale was discussed. The simulation results show that the proposed model can objectively reflect the propagation law of virus in the network， and effectively improve the network’s defense effect against the virus by reducing the node degree， increasing the Infected-Heterogeneous （I-H） state transition probability， and reducing the probability of being hidden by the virus during backup， etc.

Concerning the data's confidentiality when being stored in the untrusted cloud storage, a new encryption algorithm based on the Proxy Re-Encryption (PRE) was proposed, and applied in the access control scheme for the cloud storage. The scheme had partial ciphertexts stored in the cloud storage for sharing, and the others sent to users directly. It was proven that the scheme can ensure the confidentiality of the sensitive data stored in the cloud storage under the third untrusted open environment. By contrast, the experimental results show the transmission of ciphertexts can be controlled by the sender. The scheme used the properties of the proxy re-encryption. The number of ciphertexts' operation and storage did not increase linearly with the increase of the users. It decreased the data computation cost, interactive cost, and the space of the data storage effectively. The scheme achieves sharing securely and efficiently when the sensitive data is stored in the cloud.