[1]周振吉,吴礼发,洪征,等.云计算环境下的虚拟机可信度量模型[J].东南大学学报(自然科学版),2014,44(1):45-50.[doi:10.3969/j.issn.1001-0505.2014.01.009]
 Zhou Zhenji,Wu Lifa,Hong Zheng,et al.Trustworthiness measurement model of virtual machine for cloud computing[J].Journal of Southeast University (Natural Science Edition),2014,44(1):45-50.[doi:10.3969/j.issn.1001-0505.2014.01.009]
点击复制

云计算环境下的虚拟机可信度量模型()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
44
期数:
2014年第1期
页码:
45-50
栏目:
计算机科学与工程
出版日期:
2014-01-18

文章信息/Info

Title:
Trustworthiness measurement model of virtual machine for cloud computing
作者:
周振吉吴礼发洪征徐明飞
解放军理工大学指挥信息系统学院, 南京 210007
Author(s):
Zhou Zhenji Wu Lifa Hong Zheng Xu Mingfei
Institute of Command Information System, PLA University of Science and Technology, Nanjing 210007, China
关键词:
云计算 可信计算 可信度量 虚拟机
Keywords:
cloud computing trusted computing trustworthiness measurement virtual machine
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2014.01.009
摘要:
为了解决云计算环境下虚拟机可信度量方法存在的并发性和安全性问题,提出了一种树形可信度量模型.根据云计算环境的特点将度量过程分离,一方面采用基于完整性的方式来度量管理域的可信性,另一方面采用基于系统行为的方式来度量用户域的可信性,解决了传统度量模型难以并发度量的问题,提高了度量模型的可扩展性.结合系统调用截获和虚拟机内省技术,实现了可信度量原型系统,并通过实验评测系统的有效性和相关性能.实验结果表明,树形可信度量模型能够有效验证虚拟机的可信度.
Abstract:
In order to solve the concurrency and security problem of a virtual machine’s trustworthiness measurement for cloud computing, a tree-style trustworthiness measurement model(TSTM)is proposed. The traditional process of trustworthiness measurement is separated according to the characteristics of cloud computing. The trustworthiness measurement of the system domain is based on integrity, while the trustworthiness measurement of the user domain is based on system behaviors. TSTM solves the concurrency problem of conventional measurement models and enhances the extensibility. A TSTM prototype system for virtual machine is implemented based on system call interceptor(SCI)and virtual machine introspection(VMI)technology. The effectiveness and the performance of the TSTM are evaluated by comprehensive experiments. The experimental results show that the TSTM achieves effective trustworthiness measurement.

参考文献/References:

[1] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011, 22(1):71-83.
  Feng Dengguo, Zhang Min, Zhang Yan, et al. Study on cloud computing security [J]. Journal of Software, 2011, 22(1): 71-83.(in Chinese)
[2] Santos N, Gummadi K, Rodrigues R. Towards trusted cloud computing[C]//Proceedings of 2009 USENIX Association Workshop on Hot Topics in Cloud Computing. San Diego, CA, USA, 2009: 14-19.
[3] Schiffman J, Moyer T, Vijayakumar H, et al. Seeding clouds with trust anchors[C]//Proceedings of 2010 ACM Workshop on Cloud Computing Security Workshop. New York, USA, 2010: 43-46.
[4] Neisse R, Holling D, Pretschner A. Implementing trust in cloud infrastructures[C]//Proceedings of 2011 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. Newport Beach, CA, USA, 2011: 524-533.
[5] Butt S, Lagar C, Srivastava A, et al. Self-service cloud computing[C]//Proceedings of 2012 ACM Conference on Computer and Communications Security. New York, USA, 2012: 253-264.
[6] Trusted Computing Group. TCG specification architecture overview, version 1.4 [EB/OL].(2007-08-02)[2013-04-22]. https://www.trustedcomputinggroup.org/resource/tcg_architecture_overview_version_14.
[7] Berger S, Caceres R, Goldman K, et al. vTPM: virtualizing the trusted platform module[C]//Proceedings of 2006 USENIX Security Symposium. Vancouver, Canada, 2006: 305-320.
[8] Reiner S, Zhang X, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture[C]//Proceedings of 2004 USENIX Security Symposium. San Diego, CA, USA, 2004: 16-32.
[9] 冯登国, 秦宇. 可信计算环境证明方法研究[J]. 计算机学报, 2008, 31(9): 1640-1652.
  Feng Dengguo, Qin Yu. Research on attestation method for trust computing environment [J]. Chinese Journal of Computers, 2008, 31(9): 1640-1652.(in Chinese)
[10] 赵波, 张焕国, 李晶, 等. 可信PDA计算平台系统结构与安全[J]. 计算机学报, 2010, 33(1): 82-93.
  Zhao Bo, Zhang Huanguo, Li Jing, et al. The system architecture and security structure of trusted PDA [J]. Chinese Journal of Computers, 2010, 33(1): 82-93.(in Chinese)
[11] Garfinkel T, Rosemblum M. A virtual machine introspection based architecture for intrusion detection [C]//Proceedings of 2003 Network and Distributed Systems Security Symposium. San Diego, CA, USA, 2003: 191-206.
[12] Dinaburg A, Royal P, Sharif M, et al. Ether: malware analysis via hardware virtualization extensions [C]//Proceedings of 2008 ACM Conference on Computer and Communication Security. Alexandria, VA, USA, 2008: 51-62.
[13] Shapeless. Poison ivy-remote administration tool [EB/OL].(2008-11-20)[2013-04-22]. http://www.poisonivy-rat.com/.
[14] Holy F. Hacker defender [EB/OL].(2005-02-04)[2013-04-22]. http://www.xfocus.net/tools/200502/994.html.
[15] Lord S. Linux rootkit 5 [EB/OL].(2007-02-02)[2013-04-22]. http://packstormsecurity.com/files/10533/.
[16] Stealth. Adore-ng rootkit [EB/OL].(2007-02-02)[2013-04-22]. http://stealth.openwall.net/rootkits/.

相似文献/References:

[1]徐小龙,熊婧夷,程春玲.基于云端计算架构的恶意代码联合防御机制[J].东南大学学报(自然科学版),2011,41(2):220.[doi:10.3969/j.issn.1001-0505.2011.02.002]
 Xu Xiaolong,Xiong Jingyi,Cheng Chunling.Joint defense mechanism of malicious code based on cloud and client computing architecture[J].Journal of Southeast University (Natural Science Edition),2011,41(1):220.[doi:10.3969/j.issn.1001-0505.2011.02.002]
[2]周振吉,吴礼发,洪征,等.云计算环境下基于信任的虚拟机可信证明模型[J].东南大学学报(自然科学版),2015,45(1):31.[doi:10.3969/j.issn.1001-0505.2015.01.006]
 Zhou Zhenji,Wu Lifa,Hong Zheng,et al.Trust based trustworthiness attestation model of virtual machines for cloud computing[J].Journal of Southeast University (Natural Science Edition),2015,45(1):31.[doi:10.3969/j.issn.1001-0505.2015.01.006]
[3]王旭阳,胡爱群,方昊.基于LWE的单层同态云计算方案[J].东南大学学报(自然科学版),2016,46(5):945.[doi:10.3969/j.issn.1001-0505.2016.05.008]
 Wang Xuyang,Hu Aiqun,Fang Hao.Single-layer homographic cloud computing scheme based on LWE[J].Journal of Southeast University (Natural Science Edition),2016,46(1):945.[doi:10.3969/j.issn.1001-0505.2016.05.008]

备注/Memo

备注/Memo:
收稿日期: 2013-06-23.
作者简介: 周振吉(1985—),男,博士生;吴礼发(联系人),男,博士,教授,博士生导师,wulifa@vip.163.com.
基金项目: 江苏省自然科学基金资助项目(BK2011115, BK20131069)、军用网络技术实验室创新开放基金资助项目.
引用本文: 周振吉,吴礼发,洪征,等.云计算环境下的虚拟机可信度量模型[J].东南大学学报:自然科学版,2014,44(1):45-50. [doi:10.3969/j.issn.1001-0505.2014.01.009]
更新日期/Last Update: 2014-01-20