基于邻接点的VMM动态完整性度量方法

吴涛; 杨秋松; 贺也平

doi:10.11959/j.issn.1000-436x.2015210

您当前的位置：

首页 >

文章列表页 >

基于邻接点的VMM动态完整性度量方法

学术论文 | 更新时间：2024-06-05

- 基于邻接点的VMM动态完整性度量方法
- Method of dynamic integrity measurement for VMM based on adjacency data
- 通信学报 2015年36卷第9期页码：169-180
- 作者机构：
  
  1. 中国科学院软件研究所基础软件国家工程研究中心，北京 100190
  2. 中国科学院软件研究所计算机科学国家重点实验室，北京 100190
  3. 中国科学院大学，北京 100049
- 作者简介：
  
  [ "吴涛（1985-），男，河北保定人，中国科学院软件研究所博士生、工程师，主要研究方向为系统安全、数据安全、安全操作系统等。" ]
  [ "杨秋松（1977-），男，河北泊头人，博士，中国科学院软件研究所正高级工程师、博士生导师，主要研究方向为软件工程、系统安全、可信计算等。" ]
  [ "贺也平（1962-），男，甘肃兰州人，博士，中国科学院软件研究所研究员、博士生导师，主要研究方向为密码协议、安全操作系统、可信计算等。" ]
- 基金信息：
  
  国家科技重大专项基金资助项目(2012ZX01039-004);国家自然科学青年基金资助项目(61305054)
- DOI：10.11959/j.issn.1000-436x.2015210
  中图分类号： TP309
- 网络出版日期：2015-09，
  
  纸质出版日期：2015-09-25
- 稿件说明：
移动端阅览
吴涛, 杨秋松, 贺也平. 基于邻接点的VMM动态完整性度量方法[J]. 通信学报, 2015,36(9):169-180.

Tao WU, Qiu-song YANG, Ye-ping HE. Method of dynamic integrity measurement for VMM based on adjacency data[J]. Journal on communications, 2015, 36(9): 169-180.
吴涛, 杨秋松, 贺也平. 基于邻接点的VMM动态完整性度量方法[J]. 通信学报, 2015,36(9):169-180. DOI： 10.11959/j.issn.1000-436x.2015210.

Tao WU, Qiu-song YANG, Ye-ping HE. Method of dynamic integrity measurement for VMM based on adjacency data[J]. Journal on communications, 2015, 36(9): 169-180. DOI： 10.11959/j.issn.1000-436x.2015210.

摘要

对于虚拟机监控器的动态完整性度量，由于其位于特权层，且复杂多变，一直是领域内的研究难点。提出了一种基于邻接点的动态完整性度量方法，利用邻接点作为度量模块的宿主，通过面向内存页的完整性模型和评估算法，实现了动态完整性度量。实验表明，能够准确地检测到完整性受到破坏，且仅对计算密集型任务造成适中的性能损耗。

Abstract

Due to its high privilege and complicated runtime memory

dynamic integrity measurement for VMM (virtual machine monitor) was always a great difficulty in the current study.An innovative method based on the adjacency data was proposed

which used a neighbor as the host of a measurement module.According to an integrity model in memory page granularity and a new improved measurement algorithm

dynamic integrity measurement for VMM was imple-mented.Experimental data shows it could detect the integrity broken accurately

only causing a moderate performance loss for computing intensive tasks.

关键词

Keywords

references

MCCUNE J , PARNO B , PERRIG A , et al . Minimal TCB code execu-tion [A ] . Proc of IEEE Symposium on Security and Privacy [C ] . 2007 . 267 - 272 .

MCCUNE J , PARNO B , PERRIG A , et al . An execution infrastructure for TCB minimization [A ] . Proc of Eurosys [C ] . 2008 .

MCCUNE J , LI Y , QU N , et al . TrustVisor:efficient TCB reduction and attestation [A ] . Proc of IEEE Symposium on Security and Pri-vacy [C ] . 2010 . 143 - 158 .

SANDHU R S . On five definitions of data integrity [A ] . Proc of the 7th IFIP WG 11.3 Working Conference on Database Security [C ] . 1993 . 257 - 268 .

Department of Defense,USA . Trusted Computer System Evaluation Criteria,TCSEC [S ] . 1985 .

Trusted Computing Group . TPM Main Specification Level 2,Revision 116 [EB/OL ] . http://www.trustedcomputinggroup.org/resources/tpm_main_specification http://www.trustedcomputinggroup.org/resources/tpm_main_specification .

HOFMANN O , KIM S , DUNN A , et al . Inktag:secure applications on an untrusted operating system [A ] . Proc of the 18th International Con-ference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2013 [C ] . 2013 . 253 - 264 .

WANG Z , WU C , GRACE M , et al . Isolating commodity hosted hypervisors with hyperlock [A ] . Proc of Eurosys [C ] . 2010 . 127 - 140 .

CRISWELL J , DAUTENHAHN N , ADVE V . Virtual ghost:protecting applications from hostile operating systems [A ] . Proc of the 19th In-ternational Conference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2014 [C ] . 2014 . 81 - 96 .

SAILER R , ZHANG X , JAEGER T , VAN DOORN L . Design and implementation of a TCG-based integrity measurement architecture [A ] . Proc of the 13th USENIX Security Symposium [C ] . 2004 . 16 .

KIL C , SEZER E , AZAB A , NING P , ZHANG X . Remote attestation to dynamic system properties:towards providing complete system in-tegrity evidence [A ] . Proc of the 39th International Conference on De-pendable Systems and Networks [C ] . 2009 .

ZHANG F , CHEN H B . Security-preserving live migration of virtual machines in the cloud [J ] . Journal of Network and Systems Manage-ment , 2013 , 21 ( 4 ): 562 - 587 .

AZAB A , NING P , WANG Z , et al . HyperSentry:enabling stealthy in-context measurement of hypervisor integrity [A ] . Proc of the 17th Con-ference on Computer and Communications Security [C ] . 2010 . 38 - 49 .

AZAB A , NING P , SEZER E , et al . A hypervisor-based integrity measurement agent [A ] . Proc of the Annual Computer Security Appli-cations Conference [C ] . 2009 . 461 - 470 .

DAVI L , SADEGHI A , WINANDY M . Dynamic.integrity measure-ment and attestation:towards defense against return-oriented pro-gramming attacks [A ] . Proc of the 2009 ACM Workshop on Scalable Trusted Computing [C ] . 2009 . 49 - 54 .

LIU Z , LEE J , ZENG J , et al . CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM [A ] . Proc of The 40th In-ternational Symposium on Computer Architecture [C ] . 2013 . 392 - 403 .

SAILER R , ZHANG X , JAEGER T , et al . Design and implementation of a TCG-based integrity measurement architecture [A ] . Proc of the 13th Usenix Security Symposium [C ] . 2004 .

WANG Z , JIANG X X . Hypersafe:a lightweight approach to provide lifetime hypervisor control-flow integrity [A ] . Proc of IEEE Sympo-sium on Security and Privacy [C ] . 2010 .

CLARK C , FRASER K , HAND S , et al . Live migration of virtual machines [A ] . Proc of the 2nd Symposium on Networked Systems De-sign and Implementation [C ] . 2005 .

JO C , GUSTAFSSON E , SON J , et al . Efficient live migration of virtual machines using shared storage [A ] . Proc of the 9th Annual International Conference on Virtual Execution Environments [C ] . 2013 . 41 - 50 .

SONG X , SHI J C , LIU R , et al . Parallelizing live migration of virtual machines [A ] . Proc of the 9th Annual International Conference on Virtual Execution Environments [C ] . 2013 . 85 - 96 .

TAKEMURA C , CRAWFORD L . The Book of Xen:A Practical Guide for the System Administrator [A ] . No Starch Press , 2009 .

Xen Project .[EB/OL ] http://www.xenproject.org http://www.xenproject.org .

WANG Z , JIANG X X , CUI W D , et al . Countering kernel rootkits with lightweight hook protection [A ] . Proc of the 16th ACM Conference on Computer and Communications Security [C ] . 2009 .

浏览量

805

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于云计算平台的物联网加密数据比较方案

BLP模型的完整性增强研究

完整性条件下无干扰模型