浏览全部资源
扫码关注微信
基于SGX的虚拟机动态迁移安全增强方法
Security-enhanced live migration based on SGX for virtual machine
- 通信学报 2017年38卷第9期 页码:65-75
- 作者机构:
1. 武汉大学计算机学院,湖北 武汉 430072
2. 武汉大学空天信息安全与可信计算教育部重点实验室,湖北 武汉 430072
- 作者简介:
[ "石源(1991-),男,江西九江人,武汉大学博士生,主要研究方向为信息安全和可信计算。" ]
[ "张焕国(1945-),男,河北元氏人,武汉大学教授、博士生导师,主要研究方向为信息安全、可信计算、容错计算与计算机应用等。" ]
[ "赵波(1972-),男,山东青岛人,武汉大学教授、博士生导师,主要研究方向为信息安全、可信计算、嵌入式体系结构等。" ]
[ "于钊(1991-),男,河南郑州人,武汉大学硕士生,主要研究方向为信息安全和可信计算。" ]
- 基金信息:国家自然科学基金资助项目(61332019);国家重点基础研究发展计划(“973”计划)基金资助项目(2014CB340600);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016002)
DOI:10.11959/j.issn.1000-436x.2017183
中图分类号: TP391-
网络出版日期:2017-09,
纸质出版日期:2017-09-25
- 稿件说明:
移动端阅览
石源, 张焕国, 赵波, 等. 基于SGX的虚拟机动态迁移安全增强方法[J]. 通信学报, 2017,38(9):65-75.
Yuan SHI, Huan-guo ZHANG, Bo ZHAO, et al. Security-enhanced live migration based on SGX for virtual machine[J]. Journal on communications, 2017, 38(9): 65-75.
石源, 张焕国, 赵波, 等. 基于SGX的虚拟机动态迁移安全增强方法[J]. 通信学报, 2017,38(9):65-75. DOI: 10.11959/j.issn.1000-436x.2017183.
Yuan SHI, Huan-guo ZHANG, Bo ZHAO, et al. Security-enhanced live migration based on SGX for virtual machine[J]. Journal on communications, 2017, 38(9): 65-75. DOI: 10.11959/j.issn.1000-436x.2017183.
摘要
针对虚拟机动态迁移面临的虚拟机信息泄露的安全问题,引入内存动态保护技术SGX,基于KVM虚拟化环境,提出一种动态迁移安全增强方法。在迁移两端构建以 SGX 技术为核心的硬件隔离的安全执行环境,保障加密、完整性度量等安全操作和秘密数据的安全。通过迁移双方的安全执行环境之间的远程证明,建立一个用于传输迁移数据的加密信道,并在此基础之上实现迁移双方的平台完整性的相互验证。最后分析该方法的安全增强效果,并通过实验验证了SGX技术的引入不会对迁移造成过多的性能损耗。
Abstract
The virtual machine may face the problem of information leakage in live migration.Therefore
a dynamic memory protection technique SGX was introduced and a security enhancement live migration method based on KVM environment was proposed.Firstly
on both sides of migration
a hardware-isolated secure execution environment centered SGX was built.It guaranteed the security of operations like encryption and integrity measurement and also ensured the security of private data.An encrypted channel to transfer migration data based on the remote attestation between the secure execution environments of both migration sides was constructed.And the mutual authentication of both sides’ platform integrity was realized.Finally
the security enhancement effect and did the experiment was analyzed.The results shows that the introduction of SGX won’t cause much negative effect to the migration performance.
关键词
Keywords
references
邹庆欣 , 郝志宇 , 云晓春 . 基于运行阶段特征的虚拟机实时迁移技术 [J ] . 通信学报 , 2016 , 37 ( 1 ): 170 - 179 .
ZOU Q X , HAO Z Y , YUN X C . Live migration based on the characteristics of operation stages for virtual machine [J ] . Journal on Communications , 2016 , 37 ( 6 ): 170 - 179 .
ZHANG H G , HAN W B , LAI X J , et al . Survey on cyberspace security [J ] . Science China Information Sciences , 2015 , 58 ( 11 ): 1 - 43 .
OBERHEIDE J , COOKE E , JAHANIAN F . Empirical exploitation of live virtual machine migration [C ] // BlackHat DC convention . 2008 .
VAN C A , PIETERS W , WIERINGA R . Security implications of virtualization:a literature study [C ] // IEEE International Conference on Computational Science and Engineering (CES) . 2009 : 353 - 358 .
YAMUNADEVI L , ARUNA P , DEVI D S , et al . Security in virtual machine live migration for KVM [C ] // International Conference on Process Automation,Control and Computing (PACC) . 2011 : 1 - 6 .
CHEN X , GAO X , WAN H , et al . Application-transparent live migration for virtual machine on network security enhanced hypervisor [J ] . China Communications , 2011 , 8 ( 3 ): 32 - 42 .
NAGIN K , HADAS D , DUBITZKY Z , et al . Inter-cloud mobility of virtual machines [C ] // International Conference on Systems and Storage . 2011 : 1 - 12 .
PATIL V P , PATIL G A . Migrating process and virtual machine in the cloud:load balancing and security perspectives [J ] . International Journal of Advanced Computer Science & Information Technology , 2012 , 1 ( 1 ): 11 - 19 .
BIN S N A , MASUDA H . Evaluation of a secure live migration of virtual machines using IPSEC implementation [C ] // IEEE International Conference on Advanced Applied Informatics . 2014 : 687 - 693 .
范伟 , 孔斌 , 张珠君 , 等 . KVM 虚拟化动态迁移技术的安全防护模型 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1402 - 1416 .
FAN W , KONG B , ZHANG Z J , et al . Security protection model on live migration for KVM virtualization [J ] . Journal of Software , 2016 , 27 ( 6 ): 1402 - 1416 .
WANG W , ZHANG Y , LIN B , et al . Secured and reliable VM migration in personal cloud [C ] // International Conference on Computer Engineering and Technology . 2010 : 705 - 709 .
ASLAM M , GEHRMANN C , BJORKMAN M . Security and trust preserving VM migrations in public clouds [C ] // IEEE International Conference on Trust,Security and Privacy in Computing and Communications . 2012 : 869 - 876 .
ANATI I , GUERON S , JOHNSON S , et al . Innovative technology for CPU based attestation and sealing [C ] // International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) . 2013 .
HOEKSTRA M , LAL R , PAPPACHAN P , et al . Using innovative instructions to create trustworthy software solutions [C ] // International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) . 2013 .
Mckeen F , ALEXANDROVICH I , BERENZON A , et al . Innovative instructions and software model for isolated execution [C ] // International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) . 2013 .
BERGER S , CACERES R , et al . vTPM:virtualizing the trusted platform module [C ] // The 15th conference on USENIX Security Symposium . 2006 : 305 - 320 .
SHI Y , ZHAO B , YU Z , et al . A security-improved scheme for virtual TPM based on KVM [J ] . Wuhan University Journal of Natural Sciences , 2015 , 20 ( 6 ): 505 - 511 .
FAN P R , ZHAO B , SHI Y . An improved vTPM-VM live migration protocol [J ] . Wuhan University Journal of Natural Sciences , 2015 , 20 ( 6 ): 512 - 520 .
0
浏览量
2172
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151733 今日访问量:2