基于Shamir的虚拟机放置策略

田俊峰; 王子龙; 何欣枫; 李珍

doi:10.11959/j.issn.1000-436x.2019141

您当前的位置：

首页 >

文章列表页 >

基于Shamir的虚拟机放置策略

学术论文 | 更新时间：2024-06-05

- 基于Shamir的虚拟机放置策略
- Shamir-based virtual machine placement policy
- 通信学报 2019年40卷第10期页码：90-100
- 作者机构：
  
  河北大学网络空间安全与计算机学院，河北保定 071002
- 作者简介：
  
  [ "田俊峰（1965- ），男，河北保定人，博士，河北大学教授、博士生导师，主要研究方向为信息安全与分布式计算。" ]
  [ "王子龙（1995- ），男，河北石家庄人，河北大学硕士生，主要研究方向为云安全、同驻攻击等。" ]
  [ "何欣枫（1976- ），男，天津人，河北大学博士生，主要研究方向为云计算安全、可信计算等。" ]
  [ "李珍（1981- ），女，河北保定人，河北大学副教授，主要研究方向为软件安全、可信计算。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61802106)
- DOI：10.11959/j.issn.1000-436x.2019141
  中图分类号： TP309.5
- 网络出版日期：2019-10，
  
  纸质出版日期：2019-10-25
- 稿件说明：
移动端阅览
田俊峰, 王子龙, 何欣枫, 等. 基于Shamir的虚拟机放置策略[J]. 通信学报, 2019,40(10):90-100.

Junfeng TIAN, Zilong WANG, Xinfeng HE, et al. Shamir-based virtual machine placement policy[J]. Journal on communications, 2019, 40(10): 90-100.
田俊峰, 王子龙, 何欣枫, 等. 基于Shamir的虚拟机放置策略[J]. 通信学报, 2019,40(10):90-100. DOI： 10.11959/j.issn.1000-436x.2019141.

Junfeng TIAN, Zilong WANG, Xinfeng HE, et al. Shamir-based virtual machine placement policy[J]. Journal on communications, 2019, 40(10): 90-100. DOI： 10.11959/j.issn.1000-436x.2019141.

摘要

为减轻云环境下同驻攻击的危害，提出了基于 Shamir 的虚拟机放置策略，并设计了与其相适应的虚拟机放置框架，通过区块链保证了所提放置策略中关键数据的安全性。该虚拟机放置策略可以有效提升虚拟机的安全性和云环境的负载均衡能力，减少资源浪费。最后通过仿真实验证明了方案的有效性。

Abstract

In order to alleviate the harm of co-location attack in cloud environment

a virtual machine placement strategy based on Shamir was proposed

and a virtual machine placement framework was designed.The security of key data was ensured by the blockchain in the proposed placement strategy.The virtual machine placement policy could effectively improve the security of the virtual machine and the load balancing capability of the cloud environment

and reduce resource waste.Finally

the effectiveness of the scheme is proved by simulation experiments.

关键词

Keywords

references

RISTENPART T , TROMER E , SHACHAM H , et al . Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds [C ] // ACM Conference on Computer and Communications Security . 2009 : 199 - 112 .

ZHANG Y , JUELS A , REITER M K , et al . Cross-VM side channels and their use to extract private keys [C ] // ACM Conference on Computer and Communications Security . 2012 : 305 - 316 .

LIU F , YAROM Y , GE Q , et al . Last-level cache side-channel attacks are practical [C ] // IEEE Symposium on Security and Privacy . 2015 : 605 - 622 .

YOUNIS Y A , KIFAYAT K , SHI Q , et al . A new prime and probe cache side-channel attack for cloud computing [C ] // The 13th IEEE International Conference on Dependable,Autonomic and Secure Computing (DASC-2015) . 2015 : 1718 - 1724 .

INCI M S , GÜLMEZOGLU B , APECECHEA G I , et al . Seriously,get off my cloud! Cross-VM RSA key recovery in a public cloud [J ] . IACR Cryptology ePrint Archive , 2015 , 2015 : 1 - 15 .

CHEN K , SHEN Q , LI C , et al . Sift -an efficient method for co-residency detection on Amazon EC2 [C ] // International Conference on Information Systems Security and Privacy . 2016 : 423 - 431 .

BATES A , MOOD B , PLETCHER J , et al . On detecting co-resident cloud instances using network flow watermarking techniques [J ] . International Journal of Information Security , 2014 , 13 ( 2 ): 171 - 189 .

ZHANG Y , LI M , BAI K , et al . Incentive compatible moving target defense against VM-colocation attacks in clouds [C ] // IFIP International Information Security Conference . Springer , 2012 : 388 - 399 .

AZAR Y , KAMARA S , MENACHE I , et al . Co-location-resistant clouds [C ] // The 6th Edition of the ACM Workshop on Cloud Computing Security . 2014 : 9 - 20 .

HAN Y , CHAN J , ALPCAN T , et al . Using virtual machine allocation policies to defend against co-resident attacks in cloud computing [J ] . IEEE Transactions on Dependable ＆ Secure Computing , 2017 , 14 ( 1 ): 95 - 108 .

AFOULKI Z , BOUSQUET A ， ROUZAUD-CORNABAS J , et al . A security-aware scheduler for virtual machines on IaaS clouds [J ] . Rapport de Recherche , 2011 , 8 : 1 - 12 .

BERRIMA M , NASR A K , BEN R N , et al . Co-location resistant strategy with full resources optimization [C ] // The 2016 ACM on Cloud Computing Security Workshop . 2016 : 3 - 10 .

BARROWCLOUGH J P , ASIF R . Securing cloud hypervisors:a survey of the threats,vulnerabilities,and countermeasures [J ] .,2018 (2018):1681908:1-1681908:20. Security and Communication Networks , 2018 ( 2018 ): 1681908:1 - 1681908::20 .

NEZARAT A , SHAMS Y . A game theoretic-based distributed detection method for VM-to-hypervisor attacks in cloud environment [J ] . Journal of Super Computing , 2017 , 73 ( 2 ): 1 - 21 .

WANG C , MA S , ZHANG X , et al . A hypervisor level provenance system to reconstruct attack story caused by kernel malware [C ] // International Conference on Security and Privacy in Communication Systems . 2017 : 778 - 792 .

LIU L , WANG A , ZANG W Y , et al . Empirical evaluation of the hypervisor scheduling on side channel attacks [C ] // 2018 IEEE International Conference on Communications . IEEE , 2018 : 1 - 6 .

SZEFER J , KELLER E , LEE R B , et al . Eliminating the hypervisor attack surface for a more secure cloud [C ] // The 18th ACM conference on Computer and Communications Security . ACM , 2011 : 401 - 412 .

石勇 , 郭煜 , 刘吉强 , 等 . 一种透明的可信云租户隔离机制研究 [J ] . 软件学报 , 2016 , 27 ( 6 ): 1538 - 1548 .

SHI Y , GUO W , LIU J Q , et al . Research on a transparent trusted cloud tenant isolation mechanism [J ] . Journal of Software , 2016 , 27 ( 6 ): 1538 - 1548 .

VARADARAJAN V , ZHANG Y , RISTENPART T , et al . A placement vulnerability study in multi-tenant public clouds [C ] // USENIX Security Symposium . 2015 : 913 - 928 .

JANSEN R , BRENNER P R . Energy efficient virtual machine allocation in the cloud [C ] // Green Computing Conference and Workshops . 2011 : 1 - 8 .

金顺福 , 郝闪闪 , 王宝帅 . 融合双速率和工作休眠的虚拟机调度策略及参数优化 [J ] . 通信学报 , 2017 , 38 ( 12 ): 10 - 20 .

JIN S F , HAO S S , WANG B S . Virtual machine scheduling strategy based on dual-speed and work vacation mode and its parameter optimization [J ] . Journal on Communications , 2017 , 38 ( 12 ): 10 - 20 .

李湘 , 陈宁江 , 杨尚林 , 等 . 感知应用特征与网络带宽的虚拟机在线迁移优化策略 [J ] . 通信学报 , 2017 , 38 ( Z2 ): 147 - 155 .

LI X , CHEN N J , YANG S L , et al . Optimization strategy of virtual machine online migration with awareness of application characteristics and network bandwidth migration [J ] . Journal on Communications , 2017 , 38 ( Z2 ): 147 - 155 .

崔勇 , 林予松 , 李润知 , 等 . 基于合作博弈的多虚拟机实时迁移带宽分配机制 [J ] . 通信学报 , 2016 , 37 ( 4 ): 149 - 158 .

CUI Y , LIN Y S , LI R Z , et al . Cooperative game based bandwidth allocation mechanism live migration of multiple virtual machines [J ] . Journal on Communications , 2016 , 37 ( 4 ): 149 - 158 .

荣辉桂 , 莫进侠 , 常炳国 , 等 . 基于Shamir秘密共享的密钥分发与恢复算法 [J ] . 通信学报 , 2015 , 36 ( 3 ): 64 - 73 .

RONG H G , MO J X , CHANG B G , et al . Key distribution and recovery algorithm based on Shamir secret sharing [J ] . Journal on Communications , 2015 , 36 ( 3 ): 64 - 73 .

CALHEIROS R N , RANJAN R , BELOGLAZOV A , et al . CloudSim:a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms [J ] . Software Practice ＆ Experience , 2011 , 41 ( 1 ): 23 - 50 .

ALBDOUR L . Comparative study for different provisioning policies for load balancing in cloudsim [J ] . International Journal of Cloud Applications and Computing (IJCAC) , 2017 , 7 ( 3 ): 76 - 86 .

浏览量

608

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无等待与时隙映射复用结合的时间触发流调度方法

基于决策性能评估的多波束低地球轨道卫星网络资源分配算法

面向非地面网络多QoS保障的低地球轨道卫星星座设计

基于分层强化学习的中继卫星网络任务动态调度方法

基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案