基于改进期望值决策法的虚拟机可信审计方法

田俊峰; 张永超

doi:10.11959/j.issn.1000-436x.2018110

您当前的位置：

首页 >

文章列表页 >

基于改进期望值决策法的虚拟机可信审计方法

学术论文 | 更新时间：2024-06-05

- 基于改进期望值决策法的虚拟机可信审计方法
- Trusted auditing method of virtual machine based on improved expectation decision method
- 通信学报 2018年39卷第6期页码：52-63
- 作者机构：
  
  1. 河北大学网络空间安全与计算机学院，河北保定 071002
  2. 河北省高可信信息系统重点实验室，河北保定 071002
- 作者简介：
  
  [ "田俊峰（1965-），男，河北保定人，河北大学教授、博士生导师，主要研究方向为信息安全与分布式计算。" ]
  [ "张永超（1991-），男，河北晋州人，河北大学硕士生，主要研究方向为信息安全与分布式计算。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)
- DOI：10.11959/j.issn.1000-436x.2018110
  中图分类号： TP309
- 网络首发：2018-06，
  
  纸质出版：2018-06-25
- 稿件说明：
移动端阅览
田俊峰, 张永超. 基于改进期望值决策法的虚拟机可信审计方法[J]. 通信学报, 2018,39(6):52-63.

Junfeng TIAN, Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method[J]. Journal on Communications, 2018, 39(6): 52-63.
田俊峰, 张永超. 基于改进期望值决策法的虚拟机可信审计方法[J]. 通信学报, 2018,39(6):52-63. DOI： 10.11959/j.issn.1000-436x.2018110.

Junfeng TIAN, Yongchao ZHANG. Trusted auditing method of virtual machine based on improved expectation decision method[J]. Journal on Communications, 2018, 39(6): 52-63. DOI： 10.11959/j.issn.1000-436x.2018110.

摘要

虚拟机运行环境是否可信是云计算推广和有效使用的关键因素，为此将风险决策方法中的期望值决策法加以改进，重新定义了它的使用场景，将审计方案的成本、收益数值化，提出一种基于改进期望值决策法的虚拟机可信审计方法。该方案为用户虚拟机提供几种安全保护级别，根据用户为虚拟机选用的安全保护级别，自主选取最优的审计方案。采用虚拟机自省（VMI

virtual machine introspection）技术获取需要审计的虚拟机信息；采用设计的加密机制保护用户选用安全保护级别的安全性，从而保证审计方案的安全性。最后，仿真实验结果表明了方案具有较好的性能和有效性。

Abstract

Whether the cloud computing environment is credible is the key factor in the promotion and effective use of cloud computing.For this reason

the expected value decision method in risk decision-making was improved.The usage scenarios was redefined

the cost and benefit of audit scheme was digitized

and a virtual machine trusted auditing strategy based on improved expectation decision method was proposed.Several levels of security protection for the user virtual machine was provided

and the optimal audit scheme was selected autonomously according to the security protection level chosen by the user for the virtual machine.The virtual machine introspection (VMI) technology was used to obtain the virtual machine information that needs to be audited.The designed encryption mechanism was used to protect the security of users selected security protection level

so as to ensure the security of user virtual machine selection audit strategy.Finally

the simulation results show that the scheme has good performance and validity.

关键词

Keywords

references

ALI M , KHAN S U , VASILAKOS A V . Security in cloud computing:opportunities and challenges [J ] . Information Sciences , 2015 , 305 : 357 - 383 .

ABDELBAKI N , RADWAN T , AZER M A . Cloud computing security:challenges and future trends [J ] . International Journal of Computer Applications in Technology , 2017 , 55 ( 2 ):158.

KO R K L , JAGADPRAMANA P , MOWBRAY M , et al . TrustCloud:a framework for accountability and trust in cloud computing [C ] // IEEE World Congress on Services . 2011 : 584 - 588 .

KHALIL I , KHREISHAH A , AZEEM M . Cloud computing security:a survey [J ] . Computers , 2014 , 3 ( 1 ): 1 - 35 .

KATZ G , ELOVICI Y , SHAPIRA B . CoBAn:a context based model for data leakage prevention [J ] . Information Sciences , 2014 , 262 ( 3 ): 137 - 158 .

JANSEN W , GRANCE T . Guidelines on security and privacy in public cloud computing [J ] . Journal of E-Governance , 2011 , 34 ( 3 ): 149 - 151 .

赵新泉 , 彭勇行 . 管理决策分析 [M ] . 北京 : 科学出版社 , 2008 .

ZHANG X Q , PENG Y X . Management decision analysis [M ] . Beijing : Science PressPress , 2008 .

MICHAEL J B . Trusted computing:an elusive goal [J ] . Computer , 2015 , 48 ( 3 ): 99 - 101 .

BERGER S , GOLDMAN K A , PEREZ R , et al . vTPM:virtualizing the trusted platform module [C ] // Conference on Usenix Security Symposium . 2006 :21.

刘川意 , 王国峰 , 林杰 , 等 . 可信的云计算运行环境构建和审计 [J ] . 计算机学报 , 2016 , 39 ( 2 ): 339 - 350 .

LIU C Y , WANG G F , LIN J , et al . Practical construction and audit for trusted cloud execution environment [J ] . Chinese Journal of Computers , 2016 , 39 ( 2 ): 339 - 350 .

KURSAWE K , SCHELLEKENS D . Flexible muTPMs through disembedding [C ] // ACM Symposium on Information,Computer and Communications Security . 2009 : 116 - 124 .

STUMPF F , ECKERT C . Enhancing trusted platform modules with hardware-based virtualization techniques [C ] // Second International Conference on Emerging Security Information,Systems and Technologies . 2008 : 1 - 9 .

ENGLAND P , LOESER J . Para-virtualized TPM sharing [C ] // International Conference on Trusted Computing and Trust in Information Technologies:Trusted Computing-Challenges and Applications . 2008 : 119 - 132 .

林杰 , 刘川意 , 方滨兴 . IVirt:基于虚拟机自省的运行环境完整性度量机制 [J ] . 计算机学报 , 2015 , 38 ( 1 ): 191 - 203 .

LIN J , LIU C Y , FANG B X . IVirt:runtime environment integrity measurement mechanism based on virtual machine introspection [J ] . Chinese Journal of Computers , 2015 , 38 ( 1 ): 191 - 203 .

SAILER R , ZHANG X , JAEGER T , et al . Design and implementation of a TCG-based integrity measurement architecture [C ] // Conference on Usenix Security Symposium . 2004 :16.

杜瑞忠 , 王少泫 , 田俊峰 . 基于封闭环境加密的云存储方案 [J ] . 通信学报 , 2017 , 38 ( 7 ): 1 - 10 .

DU R Z , WANG S X , TIAN J F . Cloud storage scheme based on closed-box encryption [J ] . Journal on Communications , 2017 , 38 ( 7 ): 1 - 10 .

郭晓勇 , 付安民 , 况博裕 , 等 . 基于收敛加密的云安全去重与完整性审计系统 [J ] . 通信学报 , 2017 , 38 ( S2 ): 156 - 163 .

GUO X Y , FU A M , KUANG B Y , et al . Secure deduplication and integrity audit system based on convergent encryption for cloud storage [J ] . Journal on Communications , 2017 , 38 ( S2 ): 156 - 163 .

王惠峰 , 李战怀 , 张晓 , 等 . 云存储中数据完整性自适应审计方法 [J ] . 计算机研究与发展 , 2017 , 54 ( 1 ): 172 - 183 .

WANG H F , LI Z H , ZHANG X , et al . A self-adaptive audit method of data integrity in the cloud storage [J ] . Journal of Computer Research and Development , 2017 , 54 ( 1 ): 172 - 183 .

KOLHAR M ABU-ALHAJ M M EL-ATTY S M A . Cloud data auditing techniques with a focus on privacy and security [J ] . IEEE Security ＆ Privacy , 2017 , 15 ( 1 ): 42 - 51 .

RODRIGUEZ A , ORTEGA P , CONCEPCION R . An intuitionistic method for the selection of a risk management approach to information technology projects [J ] . Information Sciences , 2017 , 375 : 202 - 218 .

张玉清 , 王晓菲 , 刘雪峰 . 云计算环境安全综述 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1328 - 1348 .

ZHANG Y Q , WANG X F , LIU X F . Survey on cloud computing security [J ] . Journal of Software , 2016 , 27 ( 6 ): 1328 - 1348 .

叶厚元 . 统计学原理与分析 [M ] . 武汉 : 武汉理工大学出版社 , 2012 .

YE H Y . Statistical principle and analysis [M ] . Wuhan : University of Technology PressPress , 2012 .

李保珲 , 徐克付 , 张鹏 . 虚拟机自省技术研究与应用进展 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1384 - 1401 .

LI B H , XU K F , ZHANG P . Research and application progress of virtual machine introspection technology [J ] . Journal of Software , 2016 , 27 ( 6 ): 1384 - 1401 .

YU P , XIA M , LIN Q , et al . Real-time enhancement for Xen hypervisor [C ] // IEEE . 2010 .

HOLIK F , HORALEK J , MARIK O , et al . Effective penetration testing with metasploit framework and methodologies [C ] // IEEE,International Symposium on Computational Intelligence and Informatics . 2015 : 237 - 242 .

ABBOTT M L , FISHER M T . The art of scalability:scalable Web architecture,processes,and organizations for the modern enterprise [M ] . Addison-Wesley Professional . 2009 .

浏览量

1299

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

理性安全的公平两方比较协议

可信云平台技术综述

基于标签的vTPM私密信息保护方案

基于TPA云联盟的数据完整性验证模型

虚拟平台环境中一种新的可信证书链扩展方法