微信服务号

微信订阅号

2025年4月10日 8:12 星期四
首页 > 过刊浏览>2016年第27卷第6期 >1402-1416. DOI:10.13328/j.cnki.jos.005009
PDF HTML阅读 XML下载 导出引用 引用提醒
KVM虚拟化动态迁移技术的安全防护模型
作者:
基金项目:

国家自然科学基金(61502486)


Security Protection Model on Live Migration for KVM Virtualization
Author:
Fund Project:

National Natural Science Foundation of China (61502486)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [30]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    虚拟机动态迁移技术是在用户不知情的情况下使得虚拟机在不同宿主机之间动态地转移,保证计算任务的完成,具有负载均衡、解除硬件依赖、高效利用资源等优点,但此技术应用过程中会将虚拟机信息和用户信息暴露在网络通信中,其在虚拟化环境下的安全性成为广大用户担心的问题,逐渐成为学术界讨论和研究的热点问题.从研究虚拟化机制、虚拟化操作系统源代码出发,以虚拟机动态迁移的安全问题作为突破点,首先分析了虚拟机动态迁移时的内存泄漏安全隐患;其次结合KVM(kernel-based virtual machine)虚拟化技术原理、通信机制、迁移机制,设计并提出一种基于混合随机变换编码方式的安全防护模型,该模型在虚拟机动态迁移时的迁出端和迁入端增加数据监控模块和安全模块,保证虚拟机动态迁移时的数据安全;最后通过大量实验,仿真测试了该模型的安全防护能力和对虚拟机运行性能的影响.仿真结果表明,该安全防护模型可以在KVM虚拟化环境下保证虚拟机动态迁移的安全,并实现了虚拟机安全性和动态迁移性能的平衡.

    Abstract:

    Live migration of virtual machines is the transfer of running virtual machines from one host server to a new host server to ensure computing tasks completed without notifying the owners of virtual machines, which has many beneficial characteristics such as load balancing, hardware independent, and high efficiency utilization of resource. However, live migration of virtual machines exposes information of virtual machines and their users to the network, making its security in the virtualized environment a serious problem that concerns many users becomes a hot issue in the industry and academia. This article focuses on researching the mechanism of virtualization and the source code of virtualization operating system, and explores breakthrough in security problems of live migration. Firstly the article analyzes potential memory-leak security threat of live migration. Then it designs and puts forward a new security protection model based on hybrid random transform coding method. Combined with KVM (kernel-based virtual machine) virtualization structure, communication mechanism and migration mechanism, the model adds monitor module and security module at source and destination of live migration, ensuring the data security while the virtual machines are migrating. Finally, a series of experiments are designed to simulate and test the security protection capability of the model and its impact to virtual machine's performance. The simulation results show that the proposed model can ensure the security of live migration in the KVM virtualization environment, as well as balance the security of virtual machines and performance of live migration.

    参考文献
    [1] Oberheide J, Cooke E, Jahanian F. Empirical exploitation of live virtual machine migration. In: Proc. of the BlackHat DC Convention. 2008.
    [2] Yamunadevi L, Aruna P, Sudha D D, Priya N. Security in virtual machine live migration for KVM. In: Proc. of the 2011 Int'l Conf. on Process Automation, Control and Computing (PACC). IEEE. 2011. 1-6. [doi: 10.1109/PACC.2011.5979008]
    [3] Han Y, Fan W, Liu C, Lu B, Wang RQ. Risk discovery and study on the virtual machine memory leak. Secrecy Science and Technology, 2012,2:19-23 (in Chinese with English abstract).
    [4] Huang XP, Chen L. A method of extracting text of word from Windows XP physical image. Computer and Modernization, 2013,1(8): 165-167 (in Chinese with English abstract). [doi: 10.3969/j.issn.1006-2475.2013.08.041]
    [5] Hu M, Yang JY, Jiang W. Data recovery algorithm based on file feature on windows platform. Journal of Computer Applications, 2011,31(2):527-529 (in Chinese with English abstract). [doi: 10.3724/SP.J.1087.2011.00527]
    [6] Zhang XF, Huang ZW. Coding-Based document recovery technology. Netinfo Security, 2011,(9):156-158 (in Chinese with English abstract). [doi: 10.3969/j.issn.1671-1122.2011.09.049]
    [7] Chen L, Jing K, Dong ZX. Searching physical memory method based on EPROCESS characteristics. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2013,25(1) (in Chinese with English abstract). [doi: 10.3979/j.issn.1673-825X.2013.01.020]
    [8] Bin Sulaiman NA, Masuda H. Evaluation of a secure live migration of virtual machines using IPSEC implementation. In: Proc. of the IIAI 3rd Int'l Conf. on Advanced Applied Informatics (IIAIAAI). IEEE, 2014. 687-693. [doi: 10.1109/IIAI-AAI.2014.142]
    [9] Patil VP, Patil GA. Migrating process and virtual machine in the cloud: Load balancing and security perspectives. Int'l Journal of Advanced Computer Science and Information Technology, 2012,1(1):11-19.
    [10] Nagin K, Hadas D, Dubitzky Z, Glikson A, Loy I, Rochwerger B, Schour L. Inter-Cloud mobility of virtual machines. In: Proc. of the 4th Annual Int'l Conf. on Systems and Storage. New York: ACM, 2011. [doi: 10.1145/1987816.1987820]
    [11] Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, Doorn LV. vTPM: Virtualizing the trusted platform module. In: Proc. of the 15th Conf. on USENIX Security Symp. 2006. 305-320.
    [12] Wan X, Zhang X F, Chen L, Zhu JX. An improved vTPM migration protocol based trusted channel. In: Proc. of the 2012 Int'l Conf. on Systems and Informatics. 2012. 871-875. [doi: 10.1109/ICSAI.2012.6223146]
    [13] Wang W, Zhang Y, Lin B, Wu XX, Miao K. Secured and reliable vm migration in personal cloud. In: Proc. of the IEEE 2nd Int'l Conf. on Computer Engineering and Technology. 2010. 705-709. [doi: 10.1109/ICCET.2010.5485376]
    [14] Aslam M, Gehrmann C, Bjorkman M. Security and trust preserving vm migrations in public clouds. In: Proc. of the IEEE 11th Int'l Conf. on Trust, Security and Privacy in Computing and Communications. 2012. 869-876. [doi: 10.1109/TrustCom.2012.256]
    [15] Shetty J, Anala MR, Shobha G. A survey on techniques of secure live migration of virtual machine. Int'l Journal of Computer Applications, 2012,39(12):34-39. [doi: 10.5120/4875-7305]
    [16] Chen XQ, Wan H, Wang SM, Long X. Seamless virtual machine live migration on network security enhanced hypervisor. In: Proc. of the IEEE 2nd Int'l Conf. on Broadband Network & Multimedia Technology. 2009. 847-853. [doi: 10.1109/ICBNMT.2009. 5347800]
    [17] Fan W, Huang WQ, Jiang F, Liu C, Lu B, Wang RQ. Research on the virtual machine memory leak in live migration. In: Proc. of the 24th Information Security Conf. 2014. 12-17 (in Chinese with English abstract).
    [18] Wang FX, Zhou K. Application of affine password to the file encryption. Journal of Wuhan Polytechnic University, 2010,29(3): 62-64 (in Chinese with English abstract). [doi: 10.3969/j.issn.1009-4881.2010.03.014]
    [19] Gu LZ, Zhen SH, Yang YX. Modern Cryptography Course. Beijing: Beijing University of Posts and Telecommmunications Press, 2009. 166-169 (in Chinese).
    [20] Forouzan BA. Cryptography and Network Security. New York: McFraw-Hill, 2008. 219-222.
    [21] Huang D, Ye D, He Q, Chen J, Ye k. Virt-LM: A benchmark for live migration of virtual machine. In: Proc. of the 2nd ACM/SPEC Int'l Conf. on Performance Engineering. New York: ACM, 2011. 307-316. [doi: 10.1145/1958746.1958790]
    附中文参考文献:
    [3] 韩奕,范伟,刘超,吕彬.虚拟化内存泄漏的风险探知及研究.保密科学技术,2013,2:19-23.
    [4] 黄休平,陈龙.一种从内存镜像中获取Word文本的方法.计算机与现代化,2013,1(8):165-167.
    [5] 胡敏,杨吉云,姜维.Windows下基于文件特征的数据恢复算法.计算机应用,2011,31(2):527-529.
    [6] 张雪峰,黄志炜.基于编码方式的文档恢复技术.信息网络安全,2011,(9):156-158. [doi: 10.3969/j.issn.1671-1122.2011.09.049]
    [7] 陈龙,敬凯,董振兴,田庆宜.基于EPROCESS特征的物理内存查找方法.重庆邮电大学学报:自然科学版,2013,25(1). [doi: 10. 3979/j.issn.1673-825X.2013.01.020]
    [17] 范伟,黄伟庆,姜放,刘超,吕彬,王冉晴.虚拟化技术中动态迁移的内存泄漏安全问题研究.见:第24届全国信息保密学术会议(IS2014)论文集.2014.12-17.
    [18] 王防修,周康.仿射密码在文件加密中的应用.武汉工业学院学报,2010,29(3):62-64. [doi: 10.3969/j.issn.1009-4881.2010.03.014]
    [19] 谷利泽,郑世慧,杨义先.现代密码学教程.北京:北京邮电大学出版社,2009.166-169.
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

范伟,孔斌,张珠君,王婷婷,张杰,黄伟庆. KVM虚拟化动态迁移技术的安全防护模型.软件学报,2016,27(6):1402-1416

复制
分享
文章指标
  • 点击次数:5794
  • 下载次数: 8363
  • HTML阅读次数: 3261
  • 引用次数: 0
历史
  • 收稿日期:2015-08-15
  • 最后修改日期:2015-10-09
  • 在线发布日期: 2016-01-22
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19809460位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号