期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

虚拟化环境下恶意软件攻击的修复机制 被引量:2

A Recovery Scheme Against Malware Attacks in Virtualization System
下载PDF
导出
摘要 恶意软件常常能够成功攻击虚拟机和其管理系统,使虚拟环境处于一种不安全、难以恢复的状态.传统的安全防护机制无法满足虚拟环境的安全要求,本文提出一种基于代理的检测和协作修复机制,通过多个虚拟机节点共享修复情况信息,快速获取有效的修复工具,提高恢复能力.模拟分析和仿真实验结果证明该机制的实用性和效率. Intricate malwares can result in the failure of Virtual System,and enable the system to be in an unsafe state and difficult to restore.The existing policies thwarting this extreme attack are ineffective.In this paper,based on cooperative recovery among multiple Virtual Machines and agent-based lightweight intrusion detection,an efficient recovery mechanism is proposed for Virtualization systems against malware attacks.The basic policy is to deploy an Emergency Response/Recovery(ER) agent on Virtual Machine to identify the state of the system,and cooperative security among multiple nodes is carried out so that the infected nodes can be rapidly recovered.Simulation results also demonstrate the practicality and efficiency of the proposed schemes.
作者 孙显军 林闯 蒋屹新 刘卫东
机构地区 清华大学计算机科学与技术系 中国人民解放军
出处 《电子学报》 EI CAS CSCD 北大核心 2011年第2期309-314,共6页 Acta Electronica Sinica
基金 国家自然科学基金(No.60673187 No.60803123 No.60702009) 国家自然科学基金重大研究计划重点项目(No.90718040)
关键词 虚拟化系统 恶意软件 攻击 修复机制 virtualization system malware attack recovery mechanism
分类号 TP301 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1G Qu, S Hariri, S Jangiti, J Rudraraju, S Oh, S Fayssal, G Zhang, M Parashar. Online monitoring and analysis for self protection against network attacks[ A ]. Proc of Intl Conf on Autonomic Computing[ C ]. New York, NY, USA: IEEE CS press, 2004. 324 - 325.
  • 2K E Grosspietsch, K E Silayeva. A combined safety/security approach for co-operative distributed systems[ A ]. Proc of the 18th international parallel and distributed processing symposium [ C]. Sante Fe,NM: IEEE CS press,2004.
  • 3W Shi,H-H S Lee,L Falk,M Ghosh.An integrated framework for dependable and revivable architectures using multicore pro cessor[ A]. Proc of the 33rd International Symposium on Computer Architecture [ C ]. Boston, MA, USA: IEEE CS press, 2006.
  • 4J Tucek,J Newsome, S Lu,C Huang, S Xanthos, D rumley,D Song. Sweeper: A lightweight end-to-end system for defending against fast worms[ A]. Proc of EuroSys[ C]. Lisbon, Portugal: ACM Press,2007. 115 - 128.
  • 5郑吉平,秦小麟,管致锦,孙瑾.可生存性MLS/DBMS中基于隐蔽通道的恶意事务检测[J].电子学报,2009,37(6):1264-1269. 被引量:6
  • 6Jon Oberheide, Evan Cooke, Farnam Jahanian. CloudAV: N- Version Antivirus in the Network Cloud[ EB/OL]. http://jon. oberheide, org/ffles/usenix08-cloudav, pdf, 2008.
  • 7Maik Morgenstem, Andreas Marx. System cleaning: Getting rid of malware from infected PCs[ A]. Proc. of the 17th Virus Bul letin International Conference[ C]. Ontario, Canada, 2008.
  • 8S Golovanov,A Gostev, A Monastyrsky. Bootkit: the challenge of 2008[ R/OL]. 18, Dec, 2008, Technique Report of Kav Lab. http://www, viruslist, com/en/analysis, 2008.
  • 9Rutkowska J. Red Pill…or how to detect VMM using (almost) one CPU instruction [ EB/OL ]. http://invisiblethings, org/pa pers/redpill, html, 2004.
  • 10Boris Lau, Vanja Svajcer. Measuring virtual machine detection in malware using DSD tracer[ J]. Journal in Computer Cirolo gy,2008,6(3) : 181 - 195.

二级参考文献12

  • 1AMMANN P, JAJODIA S, LIU P. Recovery from malicious transactions[ J ]. IEEE Trans. on Knowledge and Data Engineering, 2002,14(5) : 1167 - 1185.
  • 2GOGUEN J A,MESEGUER J. Security policies and security models[ A ]. Proc. IEEE Syrup on Security and Privacy[ C ]. 1982,11 - 20.
  • 3BERTINO E, SANDHU R. Database security: concepts, approaches, and challenges [ J ]. IEEE Trans on Dependable and Secure Computing,2005,2(1) :2 - 19.
  • 4GEORGE B,HARITSA J. Secure transaetion processing in real -lime database systems [A ]. Proc of ACM SIGMOD [ C ]. Tucson, USA: SIGMOD 1997,462 - 473.
  • 5BELL D E,LAPADULA L J. Secure computer systems:mathematical foundations[ R ]. Technical Report M74-244, Bedford MA:MITRE Corporation, 1973.
  • 6CAHLL, M J, ROHM U, FEKETE A D. Serializable isolation for snapshot databases[ A]. Proc of ACM SIGMOD[ C]. New York: ACM Press, 2008.729 - 738.
  • 7GEORGE B, HARITSA J. Secure buffering in firm real-time database systems[J]. VLDB J,2000,8(3 - 4) : 178 - 198.
  • 8AMMANN P, JAJODIA S,MCCOLLUM C D et al. Surviving information warfare attacks on databases [ A ]. Proc of IEEE Syrup on Security and Privacy[ C]. Oakland, CA, USA: IEEE CS Press, 1997. I64 - 174.
  • 9SON S H, CHANEY C, THOMLINSON N. Partial security policies to support timeliness in secure real-time databases [A].Proc of IEEE Syrup. on Security and Privacy[C]. Oakland,CA,USA:IEEE CS Press,1998.136-147.
  • 10SON S H, MUKKAMALA R, DAVID R. Integrating security and real-time requirements using covert channel capacity [J]. IEEE Trans on Knowledge and Data Engineering, 2000,12(6): 865 - 879.

共引文献5

同被引文献6

引证文献2

二级引证文献1

电子学报
2011年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部