摘要
云计算通过使用虚拟化技术,将大规模数据中心的设备分成独立的小型资源按需租用给用户。这种多租户环境建立的前提是虚拟化平台是安全可靠的,以确保位于同一台物理主机上的不同用户之间的独立性不被破坏。然而现有虚拟机控制器都拥有一个规模较大的可信计算基,使得其管理的虚拟机存在较大安全风险。文中提出一种方法,将传统的控制虚拟机分解为各个组件组成,每个组件执行单一的功能。这样可以带来一些好处:客户共享的服务组件是可配置和可审计的;限制每个组件以所需的最小权限接入Hypervisor,这使得风险明确化;通过配置组件的微重置的频率,可减小单个组件的时间攻击面。
Cloud computing uses virtualization to lease small slices of large scale data center facilities to individual customers. These multi-tenant environments are founded on the belief that the virtualization platform is sufficiently secure to prevent breaches of isolation between different users who are co-located on the same host. Hypervisors have a large aggregate trusted computing base(TCB) that makes the system exposure to risk. This paper proposes an approach of separating the controlling VM into single-purpose components called service VMs. This componentized abstraction brings a number of benefits : the sharing service components is configurable and auditable; making exposure to risk explicitly, as having access to the hypervisor is restricted to the least privilege required for each component; micro rebooting components at configurable frequency could reduce the temporal attack surface of individual components.
出处
《信息安全与通信保密》
2014年第4期89-92,95,共5页
Information Security and Communications Privacy