基于VPE的可信虚拟域构建机制

doi:10.3969/j.issn.1000-436X.2013.12.019

摘要/Abstract

摘要：

针对现有可信虚拟域构建方式无法满足云计算灵活配置等特性的问题，结合云计算企业内部敏感数据的防泄漏需求，提出了基于 VPE 的可信虚拟域构建方法TVD-VPE。TVD-VPE 利用分离式设备驱动模型构建虚拟以太网VPE，通过后端驱动截获数据分组，并进行边界安全策略检查，最后对满足策略的数据帧进行加密。同时，还设计了可信虚拟域加入/退出协议确保用户虚拟机安全加入/退出，为边界安全策略的部署设计了面向可信虚拟域的管理协议，同时为高特权用户的跨域访问设计了跨域访问协议。最后，实现了原型系统并进行了功能测试及性能测试，测试结果证明本系统可以有效地防止非法访问，同时系统对Xen的网络性能的影响几乎可以忽略。

关键词: 虚拟以太网, 边界安全策略, 可信虚拟域加入协议, 可信虚拟域管理协议, 跨域访问协议, 分离式设备驱动

Abstract:

Due to lack of flexible networking control,most exiting trusted virtual domain deployment approaches fail to provide elastic and secure interconnection.A trusted virtual domain architecture TVD-VPE was proposed in cloud com-puting enterprises which greatly enhances sensitive data protection.TVD-VPE constructs a virtual private ethernet based on separate device driver,VPE captures network packets at the backend driver and checks whether the packets comply with border security strategy,and data frames are encrypted among trusted virtual domains to ensure the security of sensi-tive data.Simultaneously,four protocols were proposed,TVDJOP/TVDEXP protocol for any new VM joining in or exit-ing TVD securely,TVDMP protocol for deploying border cross-domain access.Finally,the prototype system and tests of its functionality and performance were implemented.The experiment results reveal that the architecture can effectively prevent unauthorized access between these trusted virtual domains,while introduces little overhead to Xen network performance.

Key words: virtual private ethernet, border security strategy, TVD join protocol, TVD management protocol, inter-TVD access protocol, separate device driver

王丽娜,张浩,余荣威,高汉军,甘宁. 基于VPE的可信虚拟域构建机制[J]. 通信学报, 2013, 34(12): 167-177.

Li-na WANG,Hao ZHANG,Rong-wei YU,Han-jun GAO,Ning GAN. Building mechanism of trusted virtual domain via the VPE[J]. Journal on Communications, 2013, 34(12): 167-177.

图/表 15

图1

图2

表1

图3

图4

图5

图6

图7

表2

表3

表4

图8

图9

图10

图11

参考文献 22

[1]	罗军舟，金嘉晖，宋爱波 . 云计算：体系架构与关键技术[J]. 通信学报， 2011,32(7):3-21. LUO J Z , JIN J H , SONG A B . Cloud computing:architect nd key technology[J]. Journal on Communications, 2011,32(7):3-21.
[2]	BELLOVIN S M . Virtual machines,virtual security?[J]. munica-tions of the ACM, 2006,49(10):104.
[3]	王丽娜，高汉军，刘炜 . 利用虚拟机监视器检测及管理隐藏进程[J]. 计算机研究与发展， 2011,48(8):1534-1541. WANG L N , GAN H J , LIU W . Detecting and managing hidden process VIA hypervisor[J]. Journal of Computer Research and Devel-op, 2011,48(8):1534-1541.
[4]	BUSSANI A , GRIFIN J L , JANSEN B , et al. Trusted Virtual Domains:Secure Foundation for Business and IT Services[R]. Research Report RC 23792,IBM Research, 2005.3-15.
[5]	GRIFIN J L , JAEGER T , PEREZ R , et al. Trusted virtual domains:toward secure distributed services[A]. Proc of the 1st IEEE Workshop on Hot Topics in System Dependability(HotDep'05)[C]. Berkeley:USENIX, 2005.4.
[6]	CASADO M , KOPONEN T , MOON D , et al. Rethinking packet forwarding hardware[A]. Proc of the Seventh ACM Workshop on Hot Topics in Networks[C]. Calgary, 2008.1270-1276.
[7]	GREENHALGH A , HUICI F , HOERDT M , et al. Flow processing and the rise of commodity network hardware[J]. Sigcomm CCR,2009, 2009,49(10):21-26.
[8]	WANG Y , KELLER E , BISKEBORN B , et al. Virtual routers on the move:live router migration as a network-management primitive[A]. Pro of the ACM SIGCOMM 2008 Conference on Applications,Tech-nologies,Architectures,and Protocols for Computer Communica-tions[C]. Seattle, 2008.231-242.
[9]	CHEN X , MORLEY Z , JACOBUS M , et al. ShadowNet:a platform for rapid and safe network evolution[A]. Proc of the 2009 Conference on USENIX Annual Technical Conference (2009)[C]. Sandigeo,USENIX, 2009.3.
[10]	MCKEOWN N , ANDERSON T , BALAKRISHNAN H , et al. Open-Flow:enabling innovation in campus networks[A]. Proc of SIG-COMM CCR'08[C]. New York, 2008.69-74.
[11]	BAVIER A , FEAMSTER N , HUANG M , et al. In VINI veritas:realis-tic and controlled network experimentation[A]. Pro of SIGCOMM 2008 Conference on Applications,Technologies,Archi-tectures,and Protocols for Computer Communications[C]. Pisa, 2006.3-14.
[12]	ANDERSON T , PETERSON L , SHENKER S , et al. Overcoming the Internet impasse through virtualization[J]. Computer, 38(4):34-41.
[13]	RIZZO L , CARBONE M , CATALLI G . Transparent acceleration of software packet forwarding using netmap[A]. Proc of 2012 INFO-COM[C]. Pisa, 2012.2471-2479.
[14]	KOPONEN T , CASADO M , GUDE N . Onix:a distributed control platform for large-scale production networks[A]. Proc of the 9th USENIX Symposium on Operating Systems Design and Imple nta-tion(OSDI 10)[C]. Vancouver:USENIX, 2010.351-364.
[15]	CATUOGNO L , DMITRIENKO A , ERIKSSON K , et al. Trusted virtual domains-design,implementation and lessons learned[A]. Proc of the 2009 INTRUST[C]. Heidelberg,Springer, 2009.156-179.
[16]	SRIVASTAVA A , GIFFIN J . Tamper-resistant,application-aware blocking of malicious network connections[A]. Proc of '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection[C]. Berlin,Springer-Verlag, 2008.39-58.
[17]	CASADO M , KOPONEN T , RAMANATHAN R , et al. Virtualizing the network forwarding plane[A]. Proc of the Workshop n Program-mable Routers for Extensible Services of Tomorrow[C]. 2010.908-914.
[18]	BARHAM P , DRAGOVIC B , FRASER K , et al. Xen and the art of virtualization[A]. Proc of 19th ACM Symposium on Operating Sys-tems Principles(SOSP-2003)[C]. Bolton Landing, 2003.164-177.
[19]	DAVOLI R . VDE:virtual distributed ethernet[A]. Proc of 1st Interna-tional Conference on Testbeds ＆ Research Infrastructures for the DE-velopment of Networks ＆ Communities(TRIDENTCOM 2005)[C]. Trento, 2005.213-220.
[20]	ANHALT F , PRIMET P V B . Analysis and Evaluation of a Xen Based Virtual Router[R]. Technical Report 6658, Inria, 2008.
[21]	PFAFF B , PETTIT J , KOPONEN T , et al. Extending networking into the virtualization layer[A]. Proc of The 8th ACM Workshop on Hot Topics in Networks[C]. New York, 2009.15-21.
[22]	王丽娜，高汉军，余荣威 . 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报， 2011,32(9):1-8. WANG L N , GAO H J , YU R W . Research of constructing tr ted vir-tual execution environment based on trust extension[J]. Journal on Communications, 2011,32(9):1-8.

符号表示	符号含义
ID(Client)	用户ID
EK	背书密钥
Realm	用户所在可信虚拟域
AIK	身份证明密钥
AIKpub	身份证明的公钥
AIKpriv	身份证明的私钥
Integrity list	虚拟平台完整性列表
MAC	VMC的物理地址
IP	VMC的网络地址
VIF	VMC的虚拟网络接口ID
HostIP	VMC的宿主机IP
Role	用户的角色
TGS	TGT票据服务器的ID
K_{c tgs}	Client与TGS之间会话密钥
Lifetime	TGT票据生存周期
TVDID	VMC所在可信虚拟域
ExitSuccess	VMC安全退出标志
K_h	宿主机与TVDServer共享的密钥
TargetIP	目标VM网络地址
TargetTVDID	目标VM所在可信虚拟域

RoleID	RoleName	TVDID	Access
1	普通职员	2	2
2	普通职员	3	3
3	管理员	2	2,3

Uname	RoleID	TVDID
User1	1	2
User2	2	3
User3	1	2
User4	3	2

VMID	MAC	IP	HOSTIP	TVDID
1	83	203	150	2
2	41	151	200	3
3	82	202	200	2
4	84	204	150	2,3