通信学报 ›› 2018, Vol. 39 ›› Issue (6): 52-63.doi: 10.11959/j.issn.1000-436x.2018110

• 学术论文 • 上一篇    下一篇

基于改进期望值决策法的虚拟机可信审计方法

田俊峰1,2,张永超1,2   

  1. 1 河北大学网络空间安全与计算机学院,河北 保定 071002
    2 河北省高可信信息系统重点实验室,河北 保定 071002
  • 修回日期:2018-05-20 出版日期:2018-06-01 发布日期:2018-07-09
  • 作者简介:田俊峰(1965-),男,河北保定人,河北大学教授、博士生导师,主要研究方向为信息安全与分布式计算。|张永超(1991-),男,河北晋州人,河北大学硕士生,主要研究方向为信息安全与分布式计算。
  • 基金资助:
    国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)

Trusted auditing method of virtual machine based on improved expectation decision method

Junfeng TIAN1,2,Yongchao ZHANG1,2   

  1. 1 School of Cyber Security and Computer,Hebei University,Baoding 071002,China
    2 Key Lab on High Trusted Information System in Hebei Province,Baoding 071002,China
  • Revised:2018-05-20 Online:2018-06-01 Published:2018-07-09
  • Supported by:
    The National Natural Science Foundation of China(61170254);The Natural Science Foundation of Hebei Province(F2016201244)

摘要:

虚拟机运行环境是否可信是云计算推广和有效使用的关键因素,为此将风险决策方法中的期望值决策法加以改进,重新定义了它的使用场景,将审计方案的成本、收益数值化,提出一种基于改进期望值决策法的虚拟机可信审计方法。该方案为用户虚拟机提供几种安全保护级别,根据用户为虚拟机选用的安全保护级别,自主选取最优的审计方案。采用虚拟机自省(VMI,virtual machine introspection)技术获取需要审计的虚拟机信息;采用设计的加密机制保护用户选用安全保护级别的安全性,从而保证审计方案的安全性。最后,仿真实验结果表明了方案具有较好的性能和有效性。

关键词: 可信审计, 可信计算, 风险决策法, 虚拟机自省

Abstract:

Whether the cloud computing environment is credible is the key factor in the promotion and effective use of cloud computing.For this reason,the expected value decision method in risk decision-making was improved.The usage scenarios was redefined,the cost and benefit of audit scheme was digitized,and a virtual machine trusted auditing strategy based on improved expectation decision method was proposed.Several levels of security protection for the user virtual machine was provided,and the optimal audit scheme was selected autonomously according to the security protection level chosen by the user for the virtual machine.The virtual machine introspection (VMI) technology was used to obtain the virtual machine information that needs to be audited.The designed encryption mechanism was used to protect the security of users selected security protection level,so as to ensure the security of user virtual machine selection audit strategy.Finally,the simulation results show that the scheme has good performance and validity.

Key words: trusted auditing, trusted computing, risk decision method, virtual machine introspection

中图分类号: 

No Suggested Reading articles found!