通信学报 ›› 2019, Vol. 40 ›› Issue (10): 90-100.doi: 10.11959/j.issn.1000-436x.2019141
田俊峰, 王子龙, 何欣枫, 李珍
修回日期:
2019-07-11
出版日期:
2019-10-25
发布日期:
2019-11-07
作者简介:
田俊峰(1965- ),男,河北保定人,博士,河北大学教授、博士生导师,主要研究方向为信息安全与分布式计算。|王子龙(1995- ),男,河北石家庄人,河北大学硕士生,主要研究方向为云安全、同驻攻击等。|何欣枫(1976- ),男,天津人,河北大学博士生,主要研究方向为云计算安全、可信计算等。|李珍(1981- ),女,河北保定人,河北大学副教授,主要研究方向为软件安全、可信计算。
基金资助:
Junfeng TIAN, Zilong WANG, Xinfeng HE, Zhen LI
Revised:
2019-07-11
Online:
2019-10-25
Published:
2019-11-07
Supported by:
摘要:
为减轻云环境下同驻攻击的危害,提出了基于 Shamir 的虚拟机放置策略,并设计了与其相适应的虚拟机放置框架,通过区块链保证了所提放置策略中关键数据的安全性。该虚拟机放置策略可以有效提升虚拟机的安全性和云环境的负载均衡能力,减少资源浪费。最后通过仿真实验证明了方案的有效性。
中图分类号:
田俊峰, 王子龙, 何欣枫, 李珍. 基于Shamir的虚拟机放置策略[J]. 通信学报, 2019, 40(10): 90-100.
Junfeng TIAN, Zilong WANG, Xinfeng HE, Zhen LI. Shamir-based virtual machine placement policy[J]. Journal on Communications, 2019, 40(10): 90-100.
[1] | RISTENPART T , TROMER E , SHACHAM H ,et al. Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]// ACM Conference on Computer and Communications Security. 2009: 199-112. |
[2] | ZHANG Y , JUELS A , REITER M K ,et al. Cross-VM side channels and their use to extract private keys[C]// ACM Conference on Computer and Communications Security. 2012: 305-316. |
[3] | LIU F , YAROM Y , GE Q ,et al. Last-level cache side-channel attacks are practical[C]// IEEE Symposium on Security and Privacy. 2015: 605-622. |
[4] | YOUNIS Y A , KIFAYAT K , SHI Q ,et al. A new prime and probe cache side-channel attack for cloud computing[C]// The 13th IEEE International Conference on Dependable,Autonomic and Secure Computing (DASC-2015). 2015: 1718-1724. |
[5] | INCI M S , GüLMEZOGLU B , APECECHEA G I ,et al. Seriously,get off my cloud! Cross-VM RSA key recovery in a public cloud[J]. IACR Cryptology ePrint Archive, 2015,2015: 1-15. |
[6] | CHEN K , SHEN Q , LI C ,et al. Sift -an efficient method for co-residency detection on Amazon EC2[C]// International Conference on Information Systems Security and Privacy. 2016: 423-431. |
[7] | BATES A , MOOD B , PLETCHER J ,et al. On detecting co-resident cloud instances using network flow watermarking techniques[J]. International Journal of Information Security, 2014,13(2): 171-189. |
[8] | ZHANG Y , LI M , BAI K ,et al. Incentive compatible moving target defense against VM-colocation attacks in clouds[C]// IFIP International Information Security Conference. Springer, 2012: 388-399. |
[9] | AZAR Y , KAMARA S , MENACHE I ,et al. Co-location-resistant clouds[C]// The 6th Edition of the ACM Workshop on Cloud Computing Security. 2014: 9-20. |
[10] | HAN Y , CHAN J , ALPCAN T ,et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable & Secure Computing, 2017,14(1): 95-108. |
[11] | AFOULKI Z , BOUSQUET A , ROUZAUD-CORNABAS J ,et al. A security-aware scheduler for virtual machines on IaaS clouds[J]. Rapport de Recherche, 2011,8: 1-12. |
[12] | BERRIMA M , NASR A K , BEN R N ,et al. Co-location resistant strategy with full resources optimization[C]// The 2016 ACM on Cloud Computing Security Workshop. 2016: 3-10. |
[13] | BARROWCLOUGH J P , ASIF R . Securing cloud hypervisors:a survey of the threats,vulnerabilities,and countermeasures[J].,2018 (2018):1681908:1-1681908:20. Security and Communication Networks, 2018(2018): 1681908:1-1681908::20. |
[14] | NEZARAT A , SHAMS Y . A game theoretic-based distributed detection method for VM-to-hypervisor attacks in cloud environment[J]. Journal of Super Computing, 2017,73(2): 1-21. |
[15] | WANG C , MA S , ZHANG X ,et al. A hypervisor level provenance system to reconstruct attack story caused by kernel malware[C]// International Conference on Security and Privacy in Communication Systems. 2017: 778-792. |
[16] | LIU L , WANG A , ZANG W Y ,et al. Empirical evaluation of the hypervisor scheduling on side channel attacks[C]// 2018 IEEE International Conference on Communications. IEEE, 2018: 1-6. |
[17] | SZEFER J , KELLER E , LEE R B ,et al. Eliminating the hypervisor attack surface for a more secure cloud[C]// The 18th ACM conference on Computer and Communications Security. ACM, 2011: 401-412. |
[18] | 石勇, 郭煜, 刘吉强 ,等. 一种透明的可信云租户隔离机制研究[J]. 软件学报, 2016,27(6): 1538-1548. |
SHI Y , GUO W , LIU J Q ,et al. Research on a transparent trusted cloud tenant isolation mechanism[J]. Journal of Software, 2016,27(6): 1538-1548. | |
[19] | VARADARAJAN V , ZHANG Y , RISTENPART T ,et al. A placement vulnerability study in multi-tenant public clouds[C]// USENIX Security Symposium. 2015: 913-928. |
[20] | JANSEN R , BRENNER P R . Energy efficient virtual machine allocation in the cloud[C]// Green Computing Conference and Workshops. 2011: 1-8. |
[21] | 金顺福, 郝闪闪, 王宝帅 . 融合双速率和工作休眠的虚拟机调度策略及参数优化[J]. 通信学报, 2017,38(12): 10-20. |
JIN S F , HAO S S , WANG B S . Virtual machine scheduling strategy based on dual-speed and work vacation mode and its parameter optimization[J]. Journal on Communications, 2017,38(12): 10-20. | |
[22] | 李湘, 陈宁江, 杨尚林 ,等. 感知应用特征与网络带宽的虚拟机在线迁移优化策略[J]. 通信学报, 2017,38(Z2): 147-155. |
LI X , CHEN N J , YANG S L ,et al. Optimization strategy of virtual machine online migration with awareness of application characteristics and network bandwidth migration[J]. Journal on Communications, 2017,38(Z2): 147-155. | |
[23] | 崔勇, 林予松, 李润知 ,等. 基于合作博弈的多虚拟机实时迁移带宽分配机制[J]. 通信学报, 2016,37(4): 149-158. |
CUI Y , LIN Y S , LI R Z ,et al. Cooperative game based bandwidth allocation mechanism live migration of multiple virtual machines[J]. Journal on Communications, 2016,37(4): 149-158. | |
[24] | 荣辉桂, 莫进侠, 常炳国 ,等. 基于Shamir秘密共享的密钥分发与恢复算法[J]. 通信学报, 2015,36(3): 64-73. |
RONG H G , MO J X , CHANG B G ,et al. Key distribution and recovery algorithm based on Shamir secret sharing[J]. Journal on Communications, 2015,36(3): 64-73. | |
[25] | CALHEIROS R N , RANJAN R , BELOGLAZOV A ,et al. CloudSim:a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms[J]. Software Practice & Experience, 2011,41(1): 23-50. |
[26] | ALBDOUR L . Comparative study for different provisioning policies for load balancing in cloudsim[J]. International Journal of Cloud Applications and Computing (IJCAC), 2017,7(3): 76-86. |
[1] | 张海波, 曹钰坤, 刘开健, 王汝言. 车联网中基于区块链的分布式信任管理方案[J]. 通信学报, 2023, 44(5): 148-157. |
[2] | 刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223. |
[3] | 冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233. |
[4] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[5] | 蒋丽, 谢胜利, 田辉. 面向数字孪生边缘网络的区块链分片及资源自适应优化机制[J]. 通信学报, 2023, 44(3): 12-23. |
[6] | 戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80. |
[7] | 经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构:一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104. |
[8] | 刘雪娇, 曹天聪, 夏莹杰. 区块链架构下高效的车联网跨域数据安全共享研究[J]. 通信学报, 2023, 44(3): 186-197. |
[9] | 黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159. |
[10] | 杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting:支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111. |
[11] | 冯霞, 崔凯平, 谢晴晴, 王良民. VANET中基于区块链的分布式匿名认证方案[J]. 通信学报, 2022, 43(9): 134-147. |
[12] | 李雷孝, 杜金泽, 林浩, 高昊昱, 杨艳艳, 高静. 区块链网络隐蔽信道研究进展[J]. 通信学报, 2022, 43(9): 209-223. |
[13] | 熊礼治, 朱蓉, 付章杰. 基于交易构造和转发机制的区块链网络隐蔽通信方法[J]. 通信学报, 2022, 43(8): 176-187. |
[14] | 杜瑞忠, 张添赫, 石朋亮. 基于区块链且支持数据共享的密文策略隐藏访问控制方案[J]. 通信学报, 2022, 43(6): 168-178. |
[15] | 朱思峰, 蔡江昊, 柴争义, 孙恩林. 车联网云边协同计算场景下的多目标优化卸载决策[J]. 通信学报, 2022, 43(6): 223-234. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|