云计算环境下可信虚拟机管理模型

周振吉; 吴礼发; 洪征; 赖海光; 郑成辉

doi:10.3969/j.issn.1000-436x.2014.z2.013

您当前的位置：

首页 >

文章列表页 >

云计算环境下可信虚拟机管理模型

学术论文 | 更新时间：2024-06-05

- 云计算环境下可信虚拟机管理模型
- Trusted virtual machine management model for cloud computing
- 通信学报 2014年35卷第Z2期页码：94-105
- 作者机构：
  
  解放军理工大学指挥信息系统学院，江苏南京210007
- 作者简介：
  
  [ "周振吉（1985-），男，江苏连云港人，解放军理工大学博士生，主要研究方向为虚拟化安全，云计算安全。" ]
  [ "吴礼发（1968-），男，湖北蕲春人，博士，解放军理工大学教授、博士生导师，主要研究方向为网络安全。" ]
  [ "洪征（1979-），男，江西南昌人，博士，解放军理工大学副教授，主要研究方向为网络安全。" ]
  [ "赖海光（1975-），男，贵州平坝人，博士，解放军理工大学副教授，主要研究方向为网络安全。" ]
  [ "郑成辉（1977-），男，河南光山人，硕士，解放军理工大学讲师，主要研究方向为网络安全。" ]
- 基金信息：
  
  江苏省自然科学基金资助项目(BK20131069);江苏省自然科学基金资助项目(BK2011115)
- DOI：10.3969/j.issn.1000-436x.2014.z2.013
  中图分类号： TP393.08
- 网络出版日期：2014-11，
  
  纸质出版日期：2014-11-30
- 稿件说明：
移动端阅览
周振吉, 吴礼发, 洪征, 等. 云计算环境下可信虚拟机管理模型[J]. 通信学报, 2014,35(Z2):94-105.

Zhen-ji ZHOU, Li-fa WU, Zheng HONG, et al. Trusted virtual machine management model for cloud computing[J]. Journal on communications, 2014, 35(Z2): 94-105.
周振吉, 吴礼发, 洪征, 等. 云计算环境下可信虚拟机管理模型[J]. 通信学报, 2014,35(Z2):94-105. DOI： 10.3969/j.issn.1000-436x.2014.z2.013.

Zhen-ji ZHOU, Li-fa WU, Zheng HONG, et al. Trusted virtual machine management model for cloud computing[J]. Journal on communications, 2014, 35(Z2): 94-105. DOI： 10.3969/j.issn.1000-436x.2014.z2.013.

摘要

为了解决云计算环境下虚拟机管理存在的管理域特权过于集中和用户策略易被恶意篡改等问题，提出了一种可信虚拟机管理模型。模型首先对虚拟机管理域进行了细粒度的划分，赋予管理员和用户不同的管理特权，防止管理员随意访问用户的数据；利用可信计算技术建立可信通道分发用户策略，防止管理员恶意篡改用户策略。安全性分析与实验测试表明，该模型可以有效保护用户数据和用户策略的安全性。

Abstract

For virtual machine in cloud computing

the authorization of manager domain is too centralized to be secure

and the strategies of tenants can be easily falsified.In view of the two problems

a trusted virtual machine management Model for cloud computing infrastructure is proposed.The model provides fine grained manager domain of virtual machine in which both managers and tenants are strictly constrained when they operate on other tenant domains.The sensitive code and data in tenant virtual machine cannot be accessed or falsified without permission.The model creates a trustable tunnel between tenant and system domain

and distributes tenant strategies using the tunnel in a secure way.Security analysis and experimental results show the model ensures the security of tenant data and tenant strategies effectively.

关键词

Keywords

references

冯登国 , 张敏 , 张妍 , 等 . 云计算安全研究 [J ] . 软件学报 , 2011 , 22 ( 1 ): 71 - 83 .

FENG D G , ZHANG M , ZHANG Y , et al . Study on cloud computing security [J ] . Journal of Software , 2011 , 22 ( 1 ): 71 - 83 .

黄瑛 , 石文昌 . 云基础设施安全性研究综述 [J ] . 计算机科学 , 2011 , 38 ( 7 ): 24 - 30 .

HUANG Y , SHI W C . Survey of research on cloud infrastructure security [J ] . Computer Science , 2011 , 38 ( 7 ): 24 - 30 .

SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing [A ] . Proc of the Workshop on Hot Topics in Cloud Computing [C ] . 2009 .

Architecture for Managing Clouds [EB/OL ] . http://www.dmtf.org/sites/default/ files/standards/documents/DSP-IS0102_1.0.0.pdf http://www.dmtf.org/sites/default/ files/standards/documents/DSP-IS0102_1.0.0.pdf .

ABBADI I , RUAN A . Towards trustworthy resouce scheduling in clouds [J ] . Information Forensics and Security,IEEE Transactions on , 2013 , 8 ( 6 ): 973 - 984 .

JOSHUA S , THOMAS M , HAYAWARDH V , et al . Seeding Clouds with Trust Anchors [R ] . Network and Security Research Center , 2010 .

Trusted Computing Group-TCG Architecture Overview,Version 1.4 [EB/OL ] . http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14 http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14 .

GARFINKEL T , PFAFF B , CHOW J , et al . Terra:a virtual machine-based platform for trusted computing [J ] . ACM SIGOPS Operating Systems Review , 2003 , 37 ( 5 ): 193 - 206 .

怀进鹏 , 李沁 , 胡春明 . 基于虚拟机的虚拟计算环境研究与设计 [J ] . 软件学报 , 2007 , 18 ( 8 ): 2016 - 2026 .

HUAI J P , LI Q , HU C M . Research and design on hypervisor based virtual computing enviroment [J ] . Journal of Software , 2007 , 18 ( 8 ): 2016 - 2026 .

BERGER S , CACERES R , PENDARAKIS D E , et al . TVDc:managing security in the trusted virtual datacenter [J ] . Operating Systems Review , 2008 , 42 ( 1 ): 40 - 47 .

KELLER E , SZEFER J , REXFORD J , et al . NoHype:virtualized cloud infrastructure without the virtualization [A ] . Proc of the 37th Annual International Symposium on Computer Architecture [C ] . 2010 .

VMware GSX server [EB/OL ] . https://www.vmware.com/products/gsx/ https://www.vmware.com/products/gsx/ .

GRIFFIN J , JAEGER T , PEREZ R , et al . Trusted virtual domains:toward secure distributed services [A ] . Proc of the First Workshop on Hot Topics in Systems Dependability [C ] . 2005 .

BUSSANI A , GRIFFIN J , JANSEN B , et al . Trusted Virtual Domains:Secure Foundations for Business and It Services [R ] . IBM Research , 2005 .

ABADI M , TUTTLE M R . A semantics for a logic of authentication [A ] . Proc of the Tenth Annual ACM Symposium on Principles of Distributed Computing [C ] . 1991 .

BARHAM P , DRAGOVIC B , FRASER K , et al . Xen and the art of virtualization [A ] . Proc of the Nineteenth ACM Symposium on Operating Systems Principles , 2003 .

ZHOU Z J , WU L F , HONG Z . Context-aware access control model for cloud computing [J ] . Journal of Grid and Distributed Computing , 2013 , 6 ( 6 ): 1 - 12 .

ZHOU Z J , WU L F , HONG Z , et al . DTSTM:dynamic tree style trust measurement model for cloud computing [J ] . KSII Transactions on Internet and Information Systems , 2014 , 8 ( 1 ): 305 - 325 .

Openstack open source cloud computing software [EB/OL ] . https://www.openstack.org/ https://www.openstack.org/ .

KAUFMAN L M . Can public cloud security meet its unique challenges [J ] . IEEE Security and Privacy , 2010 , 8 ( 4 ): 55 - 57 .

Dm-crypt:a device-mapper crypto target [EB/OL ] . http://www.saout.de/misc/dm-crypt/ http://www.saout.de/misc/dm-crypt/ .

Help protect your files using Bitlocker drive encryption [EB/OL ] . http:// windows.microsoft.com/en-us/windows/protect-files-bitlockerdrive-encryption/ http:// windows.microsoft.com/en-us/windows/protect-files-bitlockerdrive-encryption/ .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

可信云平台技术综述

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

理性安全的公平两方比较协议

基于强化学习的在线离线混部云环境下的调度框架