期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

客户虚拟机磁盘数据安全性的保护方法 被引量:2

PROTECTION APPROACH FOR SECURITY OF DISK DATA IN GUEST VIRTUAL MACHINES
下载PDF
导出
摘要 虚拟环境中,客户虚拟机的磁盘数据的访问由特权虚拟机来完成,这使得恶意的黑客或者系统管理员可以通过控制特权虚拟机随意地访问和修改客户虚拟机的磁盘数据,对客户虚拟机的磁盘数据安全性带来了极大的威胁。通过虚拟机监控器对客户虚拟机的磁盘数据使用数据加密和哈希校验的方法,可以有效地保护客户虚拟机的磁盘数据在访问过程中的隐私性和完整性,从而确保虚拟环境中,客户虚拟机磁盘数据的安全。该方法可以有效增强Xen虚拟架构下客户虚拟机磁盘数据的安全性。实验结果显示该方法真实有效且性能开销很小,是一种有效地保护客户虚拟机磁盘数据的安全性的方法。 In virtual environments, the access of disk data in guest virtual machines (VMs) is achieved by the privileged VM. However, this leads to malicious administrators or hackers free to access and modify disk I/O data of a guest VM by controlling the privileged VM, thus brings great threat to the security of disk data in guest VMs. It can effectively protect the privacy and integrity of disk I/O data in guest VMs during accessing process by applying data encryption and Hash validation on the disk data of guest YMs through virtual machine monitor, thereby ensures the security of disk data in guest VMs in virtual environments. With this method, the security of disk I/O data in guest VMs under Xen virtual environment can be greatly enhanced. Experimental results show that this method is valid and effective with minimal performance overhead, it is an effectual method to protect the security of disk I/0 data in guest VMs.
作者 刘斐 任兰芳 柏洪涛
机构地区 中国移动通信有限公司
出处 《计算机应用与软件》 CSCD 2015年第2期295-299,320,共6页 Computer Applications and Software
基金 2012国家科技重大专项(2012ZX03002002)
关键词 虚拟化 磁盘数据安全 加密 哈希校验 Virtualisation Disk data security Encryption Hash validation
分类号 TP3 [自动化与计算机技术—计算机科学与技术]
  • 相关文献

参考文献10

  • 1宋宁楠,谷大武,侯方勇.一种针对磁盘完整性校验的增量hash算法[J].微型电脑应用,2009(4):17-19. 被引量:2
  • 2高伟,谷大武,侯方勇,宋宁楠.磁盘数据安全保护技术综述[J].计算机应用研究,2008,25(5):1288-1291. 被引量:8
  • 3Paul Barham,Boris Dragovic,Keir Fraser,et al. Xen and the art of vir- tualization[ C]//Proeeedings of the nineteenth ACM symposium on op- erating systems principles,2003.
  • 4Murray D G, Milos G, Hand S. Improving Xen security through disag- gregation[ C]//Proeeedings of the fourth ACM SIGPLAN/SIGOPS in- ternational conference on Virtual execution environments,2008. Colp P, Nanavati M,Zhu J, et al. Breaking up is hard to do: security and functionality in a commodity hypervisor[ C]//Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles,2011.
  • 5Zhang F,Chen J, Cheu H, et al. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[ C]// Proceedings of the Twenty-Third ACM Symposium on Operating Sys- tems Principles, 2011.
  • 6Zhang F,Chen J, Chen H, et al. CloudVisor: Retrofitting protection of virtual machines in multl-tenant cloud with nested virtualization[ C]// Proceedings of the Twenty-Third ACM Symposium on Operating Sys- tems Principles, 2011.
  • 7Sandhu R S, Samarati P. Access control : principle and practice [ J ]. Communications Magazine, IEEE, 1994,32 (9) :40 - 48.
  • 8Sandhu R S,Coyne E J,Feinstein H L,et al. Role-based access control models [ J ]. Computer, IEEE, 1996,29 (2) :38 - 47.
  • 9Blaze M. A eryptographic file system for UNIX [ C ]//Proceedings of the 1 st ACM conference on Computer and communications security, 1993.
  • 10Wright C P,Martino M,Zadok E. NCryptfs: A secure and convenient cryptographic file system U C ]//Proceedings of the Annual USEN1X Technical Conference ,2003.

二级参考文献34

  • 1苗胜,张新家,曹卫兵,张开来,戴冠中.硬盘数据加密系统的设计及其FPGA实现[J].计算机应用研究,2004,21(10):217-219. 被引量:9
  • 2邢常亮,卿斯汉,李丽萍.一个基于Linux的加密文件系统的设计与实现[J].计算机工程与应用,2005,41(17):101-104. 被引量:5
  • 3徐国栋,白英彩.加密文件系统在Windows下的实现[J].微型电脑应用,2006,22(5):56-58. 被引量:5
  • 4林昊翔,董渊,张为,张素琴,胡长军.基于Linux的通用加密文件系统Waycryptic的设计与实现[J].小型微型计算机系统,2007,28(1):122-126. 被引量:5
  • 5M. Bellare, O. Goldreich and S. Goldwasser.Incremental cryptography: The case of hashing and signing[A].Lecture Notes in Computer Science [C]. 1994.
  • 6M. Bellare, O. Goldreich and S. Goldwasser.Incremental cryptography and application to virus protection [A].27^th ACM symposium on the Theory of Computing Proceedings[C].1995.
  • 7M. Bellare and P. Rogaway.XOR MACs: New methods for message authentication using fmte pseudorandom functions [A].Lecture Notes m Computer Science [C]. 1995.
  • 8Mihir Bellare, Daniele Mlcciancio.A New Paradigm for Collision-Free Hashing: Incremental at Reduced Cost [A].Lecture Notes in Computer Science. 1997.
  • 9B. M. Goi, M. U. Siddiqi and H. T. Chuah.Incremental hash function based on pair chaining & modular arithmetic combining [A]. Lecture Notes m Computer Science [C].2001.
  • 10FU K. Group sharing and random access in cryptographic storage file systems[ D]. Massachusettes: Massachusettes Institute of Technology, 1999.

共引文献8

同被引文献22

引证文献2

二级引证文献11

计算机应用与软件
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部