期刊文献+

一种基于冗余跳变的虚拟机动态迁移方法 被引量:3

A Virtual Machine Dynamic Migration Method Based on Redundant Transition
下载PDF
导出
摘要 在5G核心网虚拟化环境中,虚拟机共用同一物理服务器会带来一系列的安全问题,如发生侧信道攻击、虚拟节点溢出攻击等,造成用户隐私信息泄露。现有基于虚拟机动态迁移的防御方法是一种有效的主动防御技术,但虚拟机频繁迁移导致了迁移资源开销大和迁移安全性低的问题。为此,提出一种基于冗余跳变的虚拟机迁移方法,对不同虚拟机的迁移频率建立评估计算模型,在保证虚拟机隐私信息安全的前提下减小虚拟机迁移频率,对部分虚拟机采用冗余跳变的方法,以应对虚拟机频繁迁移带来的安全风险。实验结果表明,与现有虚拟机动态迁移方法相比,该方法在取得相同安全防护效果的同时,能够缩短平均迁移收敛时间并降低迁移开销。 In 5G core network virtualization environment,the virtual machines sharing the same physical server brings a series of problems,such as Side-Channel Attack(SCA),Virtual Node Escape Attack(VNEA)and so on,causing user private information disclosure.The existing defense method based on dynamic migration of virtual machines is an effective active defense technology,but the frequent migration of virtual machines leads to some problems,such as high resource cost and low migration security.Therefore,this paper proposes a virtual machine migration method based on redundant transition.With this method,an evaluation and calculation model is established for the migration frequency of different virtual machines.On the premise of ensuring the privacy information security of virtual machines,the migration frequency is reduced.The redundant transition method is applied to part of virtual machines to cope with the security risks brought by the frequent migration of virtual machines.Experimental results show that compared with the existing virtual machine dynamic migration method,the proposed method can reduce average migration convergence time and migration cost while maintaining the same security protection effect.
作者 孙志勇 季新生 游伟 李英乐 SUN Zhiyong;JI Xinsheng;YOU Wei;LI Yingle(China National Digital Switching System Engineering and Technological R&D Center,Zhengzhou 450002,China)
出处 《计算机工程》 CAS CSCD 北大核心 2020年第2期21-27,34,共8页 Computer Engineering
基金 国家自然科学基金(61801515) 国家自然科学基金创新研究群体项目(61521003) 国家重点研发计划(2016YFB0801605)
关键词 信息泄露 虚拟机迁移 迁移算法 冗余跳变 侧信道攻击 虚拟节点溢出攻击 information leakage virtual machine migration migration algorithm redundant transition Side-Channel Attack(SCA) Virtual Node Escape Attack(VNEA)
  • 相关文献

参考文献3

二级参考文献23

  • 1IDC. Virtualization and multicore innovations disrupting the worldwide server market [ EB/OL ]. 2014. http ://www. idc. com/getdoc, jsp? containerId = prUS20609907.
  • 2Clark C, Fraser K, Hand S, et al. Live migration of virtual ma- chines[ C ]//Proc of 2nd symposium on networked systems de- sign and implementation. [ s. 1. ] : [ s. n. ] ,2005.
  • 3Duncan A, Creese S, Goldsmith M, et al. Cloud computing: in- sider attacks on virtual machines during migration [ C ]//Pro- ceedings of the IEEE international conference on trust, securi- ty and privacy in computing and communications. [ s. 1. ] : IEEE ,2013:493-500.
  • 4Navamani B, Yue C, Zhou X, et al. An analysis of the virtual machine migration incurred security problems in the cloud [ C]//Proceedings of the ASE security conference. [ s. 1. ] : [ s. n. ] ,2014.
  • 5Claycomb W R, Nicoll A. Insider threats to cloud computing: directions for new research challenges [ C ]//Proc of 36th an- nual computer software and applications conference. [ s. 1. ] : IEEE ,2012 :387-394.
  • 6Oberheide J, Cooke E, Jahanian F. Empirical exploitation of live virtual machine migration [ C ]//Proceedings of BlackHat DC convention. [ s. 1. ] : [ s. n. ] ,2008.
  • 7Wood T, Shenoy P, Venkataramani A, et al. Black- box and gray-box strategies for virtual machine migration [ C ]//Pro- ceedings of the 4th USENIX symposium on networked systems design and implementation. [ s. 1. ] :USENIX,207.
  • 8Santos N,Gummadi K P,Rodrigues R. Towards trusted cloud computing[ C ]//Proceedings of the USENIX workshop on hot topics in cloud computing. [ s. 1. ] : USENIX ,2009.
  • 9Wan X,Zhang X F,Chen L,et al. An improved vTPM migra- tion protocol based trusted channel[ C]//Proc of international conference on systems and informatics. [ s. 1. I : IEEE, 2012 : 870-875.
  • 10Perez R,Sailer R, van Doom L. vTPM : virtualizing the trusted platform module [ C ]//Proceedings of the 15th conference on USENIX security symposium. [ s. 1. ] : USENIX, 2006 : 305 - 320.

共引文献15

同被引文献29

引证文献3

二级引证文献10

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部