云环境面向虚拟域的安全状态一致性保障机制研究

doi:10.11959/j.issn.2096-109x.2016.00103

Abstract

Abstract:

The traditional trusted computing architecture was suffering from the cloud uncertainty and dynamics caused by VM rollback or migration,which was a fatal threat to the cloud security.following investigations were conducted.Secure cloud virtual domain basic architecture; Time state consistence and collection mechanism.Cyber state consistence and collection mechanism.This study guaranteed security state consistence of virtual domain and improved the security and efficiency of the online service platform for both government institutions and companies.

Key words: cloud computing, trusted computing, virtual domain, virtual machine rollback, state consistency

CLC Number:

TP309.2

Wei-qi DAI,De-qing ZOU,Hai JIN,Yan XIA. Research on consistency protection mechanism for secure states of virtual domain in cloud environment[J]. Chinese Journal of Network and Information Security, 2016, 2(10): 48-57.

Figures/Tables 7

References 32

[1]	[EB/OL].. 2016.
[2]	SAILER R , ZHANG X , JAEGER T ,et al. Design and implementation of a TCG-based integrity measurement architecture[C]// Proceedings of USENIX Security Symposium. 2004: 223-238.
[3]	MCCUNE J , PARNO B , PERRIG A ,et al. Flicker:an execution infrastructure for TCB minimization[C]// ACM Eurosys’08. 2008: 315-328.
[4]	MCCUNE J , PARNO B , PERRIG A ,et al. Minimal TCB code execution[C]// IEEE Symposium on Security and Privacy (SP’07). 2007: 267-272.
[5]	PEREZ R , SAILER R , DOORN L V . vTPM:virtualizing the trusted platform module[C]// The 15th Conference on USENIX Security Symposium. 2006: 305-320.
[6]	ZHANG F , CHEN J , CHEN H ,et al. Cloudvisor:retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[C]// ACM SOSP. 2011: 203-216.
[7]	项国富, 金海, 邹德清 ,等. 基于虚拟化的安全监控[J]. 软件学报, 2012,23(8): 2173-2187.
	XIANG G F , JIN H , ZOU D Q ,et al. Virtualization-based security monitoring[J]. Journal of Software, 2012,23(8): 2173-2187.
[8]	CRISWELL J , DAUTENHAHN N , ADVE V . Virtual ghost:protecting applications from hostile operating systems[C]// The 19th International Conference on Architectural Support for Programming Languages and Operating Systems,ASPLOS’14. 2014: 81-96.
[9]	LI Y , MCCUNE J M , NEWSOME J ,et al. MiniBox:a two-way sandbox for x86 native code[C]// 2014 USENIX Annual Technical Conference. 2014.
[10]	MCCUNE J M , LI Y , QU N ,et al. TrustVisor:efficient TCB reduction and attestation[C]// IEEE Symposium on Security and Privacy. 2010: 143-158.
[11]	YEE B , SEHR D , DARDYK G ,et al. Native client:a sandbox for portable,untrusted x86 native code[C]// IEEE Symposium on Security and Privacy. 2009.
[12]	FU M , BASS L , LIU A . Towards a taxonomy of cloud recovery strategies[C]// Dependable Systems and Networks (DSN),2014 44th Annual IEEE/IFIP International Conference on IEEE. 2014: 696-701.
[13]	GARFINKEL T , ROSENBLUM M . When virtual is harder than real:Security challenges in virtual machine based computing environments[C]// Proceedings of HotOS. 2005:20.
[14]	GOLDMAN K , BERGER S . Virtualization-based security monitoring[J]. Journal of Software, 2012,23(8): 2173-2187.
[15]	ENGLAND P , LOSER J . Para-virtualized TPM sharing[C]// The 1st International Conference on Trusted Computing and Trust in Information Technologies:Trusted Computing Challenges and Applications. 2008: 119-132.
[16]	XIA Y , LIU Y , CHEN H ,et al. Defending against vm rollback attack[C]// The 2012 IEEE/IFIP 42nd International Conference on Dependable Systems and Networks Workshops (DSN-W). 2012: 1-5.
[17]	PARNO B , LORCH J R , DOUCEUR J R ,et al. Memoir:practical state continuity for protected modules[C]// The 2011 IEEE Symposium on Security and Privacy. 2011: 379-394.
[18]	YIN H , POOSANKAM P , HANNA S ,et al. Hookscout:proactive binary-centric hook detection,detection of intrusions and malware,and vulnerability assessment[M]. Berlin Heidelberg: SpringerPress, 2010: 1-20.
[19]	CHOW J , LUCCHETTI D , GARFINKEL T ,et al. Multi-stage replay with crosscut[J]. ACM Sigplan Notices, 2010,45(7): 13-24.
[20]	LAGAR-CAVILLA H A , WHITNEY J , SCANNELL A ,et al. Snowflock:rapid virtual machine cloning for cloud computing[C]// The 4th ACM European conference on Computer systems (EuroSys’09). 2009: 1-2.
[21]	PATCHIN P,LAGAR-CAVILLA H A , LARA E D , et al . Adding the easy button to the cloud with snowflock and MPI[C]// The 3rd ACM Workshop on System-level Virtualization for High Performance Computing. ACM, 2009: 1-8.
[22]	CABUK S , DALTON C , RAMASAMY H ,et al. Towards Automated provisioning of secure virtualized networks[C]// The 14th ACM Conference on Computer and Communications Security,Alexandria. Virginia,USA, 2007. 235-245.
[23]	CABUK S , DALTON C I , ERIKSSON K ,et al. Towards automated security policy enforcement in multi-tenant virtual data centers[J]. Journal of Computer Security, 2010,18(1): 89-121
[24]	SCHAEFER M , . If A1 is the answer,what was the question? an edgy naif′s retrospective on promulgating the trusted computer systems evaluation criteria[C]// The 20th Annual Computer Security Applications Conference (CSAC 2004). 2004: 204-228.
[25]	CALERO J M A , EDWARDS N , KIRSCHNICK J ,et al. Toward a multitenancy authorization system for cloud services[J]. IEEE Security & Privacy, 2010,8(6): 48-55.
[26]	BERGER S , CACERES R , PENDARAKIS D ,et al. TVDc:Managing security in the trusted virtual datacenter[J]. ACM SIGOPS Operating Systems Review, 2008,42(1): 40-47.
[27]	GRIFFIN J L , JAEGER T , PEREZ R ,et al. Trusted virtual domains:toward secure distributed services[C]// The 1st IEEE Workshop on Hot Topics in System Dependability. 2005.
[28]	BERGER S , CACERES R , GOLDMAN K ,et al. Security for the cloud infrastructure:Trusted virtual data center implementation[J]. IBM Journal of Research and Development, 2009,53(4): 560-571.
[29]	DAVI L , DMITRIENKO A , KOWALSKI C ,et al. Trusted virtual domains on OKL4:secure information sharing on smart phones[C]// The Sixth ACM Workshop on Scalable Trusted Computing. ACM, 2011: 49-58.
[30]	DAI W Q , ZOU D Q , et al, TEE:a virtual DRTM based execution environment for secure cloud-end computing[J]. Future Generation Computer System (FGCS), 2015,49: 47-57.
[31]	DAI W QL , JIN H , ZOU D Q , et al, TEE:a virtual DRTM based execution environment for secure cloud-end computing[C]// The 17th ACM Conference on Computer and Communications Security (CCS Poster),Hyatt Regency Chicago,IL,USA, 2010: 663-665.
[32]	DAI W Q , PARKER T P , JIN H , et al,Enhancing data trustworthiness via assured digital signing[J]. IEEE Transactions on Dependable and Secure Computing (TDSC), 2012,9(6): 838-851.

Metrics

Recommended 0

No Suggested Reading articles found!

Research on consistency protection mechanism for secure states of virtual domain in cloud environment

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 32

Related Articles 15

Metrics

Recommended 0

[1]	Lingshu LI, Jiangxing WU, Wei ZENG, Wenyan LIU. Strategy of container migration and honeypot deployment based on signal game in cloud environment [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 87-96.
[2]	Shang LIU, Yinzhang GUO. Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 176-188.
[3]	Yi ZHANG, Liqin TIAN, Zenan WU, Wenxing WU. Trust evaluation optimization mechanism for cloud user behavior based on FANP [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 175-182.
[4]	Bo ZHAO, Anqi YUAN, Yang AN. Application progress of SGX in trusted computing area [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 126-142.
[5]	Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI. Research on the trusted environment of container cloud based on the TPCM [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 164-174.
[6]	Guojie LIU,Jianbiao ZHANG. TPCM-based trusted PXE boot method for servers [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 105-111.
[7]	Bo ZHAO, Xiang LI, Fei YAN, Liqiang ZHANG, Huanguo ZHANG. Trusted platform for third-party cloud computing online evaluation and analysis technology [J]. Chinese Journal of Network and Information Security, 2019, 5(5): 90-104.
[8]	Ying WU,Xuan LI,Biao JIN,Rongrong JIN. Survey on the privacy-preserving content based image retrieval [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 14-28.
[9]	Jiyang LI,Pengyuan ZHAO,Zhe LIU. Trusted access scheme for intranet mobile terminal based on encrypted SD card [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 108-118.
[10]	Ying LI, Chunguang MA. Overview of searchable encryption research [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 13-21.
[11]	Mengyang YU,Hui LIN,Youliang TIAN. New cross-layer reputation mechanism for mobile cloud computing [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 51-58.
[12]	Xiao YU,Li TIAN,Zhe LIU,Jie WANG. Research on key management and authentication protocol of PDA in smart grid [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 68-75.
[13]	Yuanhao WANG,Hongbo LI,Yuzhao CUI,Qingwen GUO,Qiong HUANG. Survey on public key encryption with equality test [J]. Chinese Journal of Network and Information Security, 2018, 4(11): 13-22.
[14]	Jianbiao ZHANG,Yuanxi ZHU,Jun HU,Xiao WANG. Scheme of virtual machine trusted migration in cloud environment [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 6-14.
[15]	Weifeng LI,Weizhong QIANG,Weiming LI,Deqing ZOU. Research on forensics of privacy violations in cloud environment [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 26-35.