云计算环境下可信虚拟机管理模型

doi:10.3969/j.issn.1000-436x.2014.z2.013

摘要/Abstract

摘要：

为了解决云计算环境下虚拟机管理存在的管理域特权过于集中和用户策略易被恶意篡改等问题，提出了一种可信虚拟机管理模型。模型首先对虚拟机管理域进行了细粒度的划分，赋予管理员和用户不同的管理特权，防止管理员随意访问用户的数据；利用可信计算技术建立可信通道分发用户策略，防止管理员恶意篡改用户策略。安全性分析与实验测试表明，该模型可以有效保护用户数据和用户策略的安全性。

关键词: 云计算, 可信计算, 虚拟机管理

Abstract:

For virtual machine in cloud computing,the authorization of manager domain is too centralized to be secure,and the strategies of tenants can be easily falsified.In view of the two problems,a trusted virtual machine management Model for cloud computing infrastructure is proposed.The model provides fine grained manager domain of virtual machine in which both managers and tenants are strictly constrained when they operate on other tenant domains.The sensitive code and data in tenant virtual machine cannot be accessed or falsified without permission.The model creates a trustable tunnel between tenant and system domain,and distributes tenant strategies using the tunnel in a secure way.Security analysis and experimental results show the model ensures the security of tenant data and tenant strategies effectively.

Key words: cloud computing, trusted computing, virtual machine management

周振吉,吴礼发,洪征,赖海光,郑成辉. 云计算环境下可信虚拟机管理模型[J]. 通信学报, 2014, 35(Z2): 94-105.

Zhen-ji ZHOU,Li-fa WU,Zheng HONG,Hai-guang LAI,Cheng-hui ZHENG. Trusted virtual machine management model for cloud computing[J]. Journal on Communications, 2014, 35(Z2): 94-105.

图/表 12

图1

图2

表1

图3

表2

图4

图5

图6

图7

图8

表3

表4

参考文献 22

[1]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83. FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[2]	黄瑛, 石文昌 . 云基础设施安全性研究综述[J]. 计算机科学, 2011,38(7): 24-30. HUANG Y , SHI W C . Survey of research on cloud infrastructure security[J]. Computer Science, 2011,38(7): 24-30.
[3]	SANTOS N , GUMMADI K P , RODRIGUES R . Towards trusted cloud computing[A]. Proc of the Workshop on Hot Topics in Cloud Computing[C]. 2009.
[4]	Architecture for Managing Clouds[EB/OL]. .
[5]	ABBADI I , RUAN A . Towards trustworthy resouce scheduling in clouds[J]. Information Forensics and Security,IEEE Transactions on, 2013,8(6): 973-984.
[6]	JOSHUA S , THOMAS M , HAYAWARDH V ,et al. Seeding Clouds with Trust Anchors[R]. Network and Security Research Center, 2010.
[7]	Trusted Computing Group-TCG Architecture Overview,Version 1.4[EB/OL]. .
[8]	GARFINKEL T , PFAFF B , CHOW J ,et al. Terra:a virtual machine-based platform for trusted computing[J]. ACM SIGOPS Operating Systems Review, 2003,37(5): 193-206.
[9]	怀进鹏, 李沁, 胡春明 . 基于虚拟机的虚拟计算环境研究与设计[J]. 软件学报, 2007,18(8): 2016-2026. HUAI J P , LI Q , HU C M . Research and design on hypervisor based virtual computing enviroment[J]. Journal of Software, 2007,18(8): 2016-2026.
[10]	BERGER S , CACERES R , PENDARAKIS D E ,et al. TVDc:managing security in the trusted virtual datacenter[J]. Operating Systems Review, 2008,42(1): 40-47.
[11]	KELLER E , SZEFER J , REXFORD J ,et al. NoHype:virtualized cloud infrastructure without the virtualization[A]. Proc of the 37th Annual International Symposium on Computer Architecture[C]. 2010.
[12]	VMware GSX server[EB/OL]. .
[13]	GRIFFIN J , JAEGER T , PEREZ R ,et al. Trusted virtual domains:toward secure distributed services[A]. Proc of the First Workshop on Hot Topics in Systems Dependability[C]. 2005.
[14]	BUSSANI A , GRIFFIN J , JANSEN B ,et al. Trusted Virtual Domains:Secure Foundations for Business and It Services[R]. IBM Research, 2005.
[15]	ABADI M , TUTTLE M R . A semantics for a logic of authentication[A]. Proc of the Tenth Annual ACM Symposium on Principles of Distributed Computing[C]. 1991.
[16]	BARHAM P , DRAGOVIC B , FRASER K ,et al. Xen and the art of virtualization[A]. Proc of the Nineteenth ACM Symposium on Operating Systems Principles, 2003.
[17]	ZHOU Z J , WU L F , HONG Z . Context-aware access control model for cloud computing[J]. Journal of Grid and Distributed Computing, 2013,6(6): 1-12.
[18]	ZHOU Z J , WU L F , HONG Z ,et al. DTSTM:dynamic tree style trust measurement model for cloud computing[J]. KSII Transactions on Internet and Information Systems, 2014,8(1): 305-325.
[19]	Openstack open source cloud computing software[EB/OL]. .
[20]	KAUFMAN L M . Can public cloud security meet its unique challenges[J]. IEEE Security and Privacy, 2010,8(4): 55-57.
[21]	Dm-crypt:a device-mapper crypto target[EB/OL]. .
[22]	Help protect your files using Bitlocker drive encryption[EB/OL]. .

特权	说明
虚拟机管理 (B)	创建、启动、停止和销毁虚拟机
虚拟机控制 (C)	挂起、恢复、调度和迁移虚拟机
虚拟机通信 (I)	设置事件通道和虚拟I/O共享内存
虚拟机内省 (P)	映射虚拟机内存和虚拟CPU寄存器
状态查询 (R)	查询虚拟机状态信息和主机的物理参数
主机配置 (L)	配置物理主机中断控制器和编程时钟源

管理域	Hardware	S-Dom	A-Dom	G-Dom	U-Dom0	U-DomU
S-Dom	L,R	—	B,I,P,R	B,I,P,R	B,I,P,R	B,I,P,R
A-Dom	—	—	—	C,I,R	C,R	C,R
G-Dom	—	—	—	—	I,P,R	I,P,R
U-Dom0	—	—	—	—	—	C,I,P,R

攻击实例	攻击目标	说明
AT(1)	虚拟CPU	调用特权操作读写虚拟CPU
AT(2)	物理内存	调用特权操作映射物理内存
AT(3)	外部存储	访问虚拟机磁盘和主机磁盘
AT(4)	网络	监听虚拟机和主机网络
AT(5)	虚拟机映像	调用虚拟机迁移操作读写虚拟机映像

攻击实例	Xen	Terra	TVD	TVMM
AT(1)	—	√	—	√
AT(2)	—	√	—	√
AT(3)	—	—	√	√
AT(4)	—	—	√	√
AT(5)	—	—	—	√