APM：适用于IaaS平台的agent保护机制

doi:10.11959/j.issn.1000-436x.2018069

摘要/Abstract

摘要：

在IaaS平台中，虚假数据的存在将对测评结果造成混淆，无法为用户给出公平公正的平台选择依据。针对该问题，提出一种适用于IaaS平台的测试代理agent保护机制（APM,agent protection mechanism），在不需要额外软硬件支持的条件下保证agent的完整性和命令执行的正确性；同时提出一种基于质询的APM有效性验证方法，及时发现失效APM所在IaaS节点以止损。实现了基于APM的实验环境，对APM的有效性和性能开销进行测试。实验结果表明，该机制可以有效保护agent的完整性及其执行命令的正确性，且对IaaS平台引入的性能代价较小。

关键词: IaaS平台, 测试, 代理, 度量

Abstract:

The interference of false or fake test data on IaaS platform will contaminate the evaluation results,confusing users’ choices for IaaS services.To solve this problem,an agent protection mechanism (APM) for IaaS platform test environment was proposed.It ensured the integrity and commanded validity of the agent without additional hardware or software.Also an effectiveness verification approach based on requests was presented to detect APM failure problems timely.An experiment environment according to APM was implemented to evaluate the effectiveness and the performance overhead.Experimental results show that the APM is effective in protecting agent integrity and command validation,and its performance overhead is minor.

Key words: IaaS platform, test, agent, measurement

中图分类号:

TP391

樊佩茹,赵波,倪明涛,陈治宏. APM：适用于IaaS平台的agent保护机制[J]. 通信学报, 2018, 39(4): 176-188.

Peiru FAN,Bo ZHAO,Mingtao NI,Zhihong CHEN. APM:agent protection mechanism applied for IaaS platform[J]. Journal on Communications, 2018, 39(4): 176-188.

图/表 10

图1

表1

表2

表3

表4

表5

表6

图2

表7

图3

参考文献 40

[1]	RIDDLE A R , CHUNG S M . A survey on the security of hypervisors in cloud computing[C]// International Conference on Distributed Computing Systems Workshops. 2015: 100-104.
[2]	SHAHZAD F . State-of-the-art survey on cloud computing security challenges,approaches and solutions[J]. Procedia Computer Science, 2014,37: 357-362.
[3]	SARAVANAKUMAR C , ARUN C . Survey on interoperability,security,trust,privacy standardization of cloud computing[C]// International Conference on Contemporary Computing and Informatics. 2015: 977-982.
[4]	Common Criteria Project Sponsoring Organizations. Common criteria for information technology security evaluation:Version 2.1[S]. 2004.
[5]	Trusted Computing Platform Alliance. Main specification:Version 1.1[S]. 2002.
[6]	赵波, 戴忠华, 向騻 ,等. 一种云平台可信性分析模型建立方法[J]. 软件学报, 2016,27(6): 1349-1365.
	ZHAO B , DAI Z H , XIANG S ,et al. Model constructing method for analyzing the trusty of cloud[J]. Journal of Software, 2016,27(6): 1349-1365.
[7]	KING T M , GANTI A S . Migrating autonomic self-testing to the cloud[C]// 2010 Third International Conference on Software Testing,Verification,and Validation Workshops (ICSTW). 2010: 438-443.
[8]	ZECH P , . Risk-based security testing in cloud computing environments[C]// IEEE International Conference on Software Testing. IEEE Computer Society, 2011: 411-414.
[9]	KHAN I , REHMAN H , ZAHID A . Design and deployment of a trusted eucalyptus cloud[C]// 2011 IEEE International Conference on Cloud Computing (CLOUD). 2011: 380-387.
[10]	PHAM C , CHEN D , KALBARCZYK Z ,et al. CloudVal:a framework for validation of virtualization environment in cloud Infrastructure[C]// International Conference on Dependable Systems ＆ Networks. 2011: 189-196.
[11]	SHAIKH R , SASIKUMAR M . Trust model for measuring security strength of cloud computing service[J]. Procedia Computer Science, 2015,45: 380-389.
[12]	CARBONE M , CUI W , LU L ,et al. Mapping kernel objects to enable systematic integrity checking[C]// ACM Conference on Computer and Communications Security. 2009: 555-565.
[13]	谢亚龙, 丁丽萍, 林渝淇 ,等. ICFF:一种 IaaS 模式下的云取证框架[J]. 通信学报, 2013,34(5): 200-206.
	XIE Y L,DING , L P , LIN Y Q ,et al. ICFF:a cloud forensics framework under the IaaS model[J]. Journal of Communications, 2013,34(5): 200-206.
[14]	PAZZAGLIA J C , LOTZ V , CERDA V C ,et al. Advanced security service certificate for SOA:certified services go digital[M]. Vieweg Teubner, 2011.
[15]	ARJONA M , HARHANI R , MUNOZ A . An engineering process to address security challenges in cloud computing[C]// ASE Bigdata/ Social Com/Cybersecurity Conference. 2014: 1-12.
[16]	JAATUN M G , MELAND P H , BERNSMED K ,et al. A briefing on cloud security challenges and opportunities[R]. Cloud Security Whitepaper, 2013.
[17]	MCCUNE J M , LI Y , QU N ,et al. TrustVisor:efficient TCB reduction and attestation[C]// Security and Privacy. 2010: 143-158.
[18]	MUNOZ A , MAFIA A . Software and hardware certification techniques in a combined certification model[C]// 11th International Conference on Security and Cryptography (SECRYPT). 2014: 1-6.
[19]	WU L , ZHAN J , ZHAO Y ,et al. A trusted evidence collection method based on the trusted third party for cloud platform[J]. International Journal of Distributed Sensor Networks, 2015,501:984964.
[20]	ZHAI Y , CAO Q , CHASE J ,et al. TapCon:practical third-party attestation for the cloud[C]// 9th Workshop on Hot Topics in Cloud Computing (HotCloud 17), 2017: 1-7.
[21]	HUNT T , ZHU Z , XU Y ,et al. Ryoan:a distributed sandbox for untrusted computation on secret data[C]// Usenix Conference on Operating Systems Design and Implementation. USENIX Association, 2016: 533-549.
[22]	RILEY R , JIANG X , XU D . Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing[C]// International Symposium on Recent Advances in Intrusion Detection,RAID 2008. 2008: 1-20.
[23]	HUA J , SAKURAI K . Barrier:a lightweight hypervisor for protecting kernel integrity via memory isolation[C]// ACM Symposium on Applied Computing. 2012: 1470-1477.
[24]	WANG Z , JIANG X . HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow integrity[C]// Security and Privacy. 2010: 380-395.
[25]	ZHANG F , WANG J , SUN K ,et al. HyperCheck:a hardware-assisted integrity monitor[J]. IEEE Transactions on Dependable and Secure Computing, 2014,11(4): 332-344.
[26]	AZAB A M , NING P , WANG Z ,et al. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity[C]// ACM Conference on Computer and Communications Security. 2010: 38-49.
[27]	LIN K J , WANG C Y . Using TPM to improve boot security at BIOS layer[C]// IEEE International Conference on Consumer Electronics. 2012: 376-377.
[28]	REN J , QI Y , DAI Y ,et al. AppSec:a safe execution environment for security sensitive applications[C]// ACM Sigplan/Sigops International Conference on Virtual Execution Environments. 2015: 187-199.
[29]	ZHAI Y , YIN L , CHASE J ,et al. CQSTR:securing cross-tenant applications with cloud containers[C]// ACM Symposium on Cloud Computing. 2016: 223-236.
[30]	HUANG Z , ZHENG T , SHI Y ,et al. A dynamic detection method against ROP and JOP[C]// International Conference on Systems and Informatics. 2012: 1072-1077.
[31]	BRAR N S , DHINDSA K S . Study of virtual side channel attack in cloud computing a review[J]. International Journal of Engineering Development and Research, 2015,3(3): 1-6.
[32]	MCCUNE J M , PARNO B J , PERRIG A ,et al. Flicker:An execution infrastructure for TCB minimization[C]// ACM European Conference on Computer Systems. 2008: 315-328.
[33]	BAUER J , GRUHN M , FREILING F C . Lest we forget:cold-boot attacks on scrambled DDR3 memory[J]. Digital Investigation, 2016,16: S65-S74.
[34]	刘川意, 林杰, 唐博 . 面向云计算模式运行环境可信性动态验证机制[J]. 软件学报, 2014,25(3): 662-674.
	LIU C Y , LIN J , TANG B . Dynamic trustworthiness verification mechanism for trusted cloud execution Environment[J]. Journal of Software, 2014,25(3): 662-674.
[35]	WANG Z , JIANG X . HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow integrity[C]// IEEE Symposium on Security and Privacy. 2010: 380-395.
[36]	刘贵堂, 周正, 周鲁苹 . 软件行为的一种静态可信度量模型[J]. 海军航空工程学院学报, 2012,27(4): 459-463.
	LIU G T , ZHOU Z , ZHOU L P . A static trustworthy measurement model for software behaviors[J]. Journal of Naval Aeronautical and Astronautical University, 2012,27(4): 459-463.
[37]	SHI W C , ZHOU H W , Y J H ,et al. DCFI-Checker:checking kernel dynamic control flow integrity with performance monitoring counter[J]. China Communications, 2014,11(9): 31-46.
[38]	PENG G , PAN X , ZHANG H ,et al. Dynamic trustiness authentication framework based on software's behavior integrity[C]// The International Conference for Young Computer Scientists. 2008: 2283-2288.
[39]	吴涛, 杨秋松, 贺也平 . 基于邻接点的 VMM 动态完整性度量方法[J]. 通信学报, 2015,36(9): 169-180.
	WU T , YANG Q S , HE Y . Method of dynamic integrity measurement for VMM based on adjacency data[J]. Journal of Communications, 2015,36(9): 169-180.
[40]	TIAN-GE S I , ZHANG Y X , DAI Y Q . L-BLP security model in local area network[J]. Acta Electronica Sinica, 2007,35(5): 1005-1008.

符号	描述
M(APKM)	APKM被载入到IaaS节点内核后所在的内存页面
PT(APKM)	APKM所在内存页面对应的页表项所在的页表页面
M(Update)	APKM更新关键数据时其执行函数所在的内存页面
LOCK[M]	设置M页面为只读的写保护属性
WP=1	IaaS节点控制寄存器WP写保护位被打开（被置位）

符号	描述
agent	agent可执行程序的关键代码
StaticM-base	在可信环境中度量agent启动时的完整性基准值
DynamicM-base	在可信环境中度量agent运行时的完整性基准值
Env-base	在可信环境中agent正确执行所有命令时的环境数据基准值集合
Tlog	agent可信性状态报告

符号	描述
Time(current)	收到WP置位状态质询请求的当前时刻
Time(last)	收到WP置位状态质询请求的上一个时刻
WPbit	WP置位状态的质询结果
WPanalysis	TTP对WP置位状态的分析结果

序号	类型	配置信息
S1	单节点C₁	计算机C₁：处理器为Intel(R) Pentium G3250 @ 3.20 GHz，内存为4 GB，操作系统为OSX 10.9.5
S2	多节点C₁,C₂,C₃	计算机C₁：处理器为Intel(R) Pentium G3250 @ 3.20 GHz，内存为4 GB，操作系统为OSX 10.9.5
		计算机C₂：处理器为Intel(R) Xeon(R) E5- 2620v3 @ 2.40 GHz，内存为64 GB，操作系统为CentOS release 6.8
		计算机C₃：处理器为Intel(R) Xeon(R) E5- 2603 v4 @ 1.70 GHz，内存为64 GB，操作系统为Ubuntu 16.04.2 LTS

攻击间隔时间T_attack/s	攻击延续时间T_adelay/s	攻击时间的增长步长	攻击次数	总时长/s	T_inquire质询周期	质询总次数	攻击总次数	成功检测到的攻击次数	检测率
5	200	1	200	21 097.912 109	2	9 943	200	200	100%
5	200	1	200	21 100.072 266	4	5 225	200	200	100%
5	200	1	200	21 100.044 922	6	3 483	200	193	96.5%
5	200	2	100	10 500.020 508	2	5 149	100	100	100%
5	200	2	100	10 500.018 555	4	2 850	100	99	99%
5	200	2	100	10 500.019 531	6	1 717	100	98	98%