Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing 被引量：4

Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing

导出

摘要 As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protecti on framework is developed, which can exte nd the trusted relati on ship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes. As a foundation component of cloud computing platforms, Virtual Machines(VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.

作者 Xin Jin Qixu Wang Xiang Li Xingshu Chen Wei Wang

机构地区 College of Computer Science College of Cybersecurity

出处《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2019年第5期520-534,共15页 清华大学学报（自然科学版（英文版）

基金 supported by the National Natural Science Foundation of China(Nos.61802270 and 61802271) the Fundamental Research Funds for the Central Universities(Nos.SCU2018D018 and SCU2018D022)

关键词 VIRTUAL TRUSTED computing VIRTUAL machine LIFECYCLE TRUSTED CHAIN security measurement state monitoring virtual trusted computing virtual machine lifecycle trusted chain security measurement state monitoring

分类号 N [自然科学总论]

作者简介 Xin Jin,E-mail:xinjin_cn@ 163.com;Xin Jin is a PhD candidate at Sichuan University. He received the BEng degree from Liaoning Shihua University in 1999 and the MS degree from Chongqing University in 2006. His research interests in elude trusted computing, virtuaization secutity, and cloud computing security;Qixu Wang,E-mail:qixuwang@scu.edu.cn,To whom conespondence should be addressed.Qixu Wang is currently an assistant researcher in the College of Cybersecurity at Sichuan University. He received the BS degree from Southwest University of Science and Technology in 2009, and the PhD degree from University of Electronic Science and Technology of China in 2017. His cuiTent research interests include cloud computing security, wireless network security, data privacy protection, and trusted computing;Xiang Li,E-mail:2016323040026@stu.scu.edu.cn;Xiang Li is a PhD candidate at Sichuan University. He received the BS degree from Hainan University in 2009 and the MS degree from Chongqing University of Posts and Telecommunications in 2012. His research interests in elude information security, cloud computing security, and cloud service assessment;Xingshu Chen,E-mail:chenxsh@scu.edu.cn.Xingshu Chen received the PhD degree from Sichuan University in 2004. She is now a professor of the College of Computer Science and Cybersecurity Research Institute at Sichuan University. She is the member of China Information Security Standardization Technical Committee. Her research interests include cloud computing, cloud security, distributed tile system, big data processing, network protocol analysis, and new media supervision;Wei Wang,E-mail:15762254497 @ 139.com.Wei Wang is currently a master student in the College of Computer Scienee of Sichuan University. He received the bachelor degree from Sichuan University in 2016. His current research focuses on trusted computing virtualization technology in cloud computing.

引文网络
相关文献

参考文献4

1周舟,胡志刚,宋铁,于俊洋.A novel virtual machine deployment algorithm with energy efficiency in cloud computing[J].Journal of Central South University,2015,22(3):974-983. 被引量：12
2SHI Yuan,ZHAO Bo,YU Zhao,ZHANG Huanguo.A Security-Improved Scheme for Virtual TPM Based on KVM[J].Wuhan University Journal of Natural Sciences,2015,20(6):505-511. 被引量：6
3Xin Jin,Xingshu Chen,Cheng Zhao,Dandan Zhao.Trusted Attestation Architecture on an Infrastructure-as-a-Service[J].Tsinghua Science and Technology,2017,22(5):469-477. 被引量：4
4Jiaxin Li,Dongsheng Li,Yuming Ye,Xicheng Lu.Efficient Multi-Tenant Virtual Machine Allocation in Cloud Data Centers[J].Tsinghua Science and Technology,2015,20(1):81-89. 被引量：2

二级参考文献42

1王因传,杨林,孙伟峰.IBM vTPM的Xen实现研究[J].军事通信技术,2010,31(3):67-71. 被引量：6
2P. T. Endo, A. V. de Almeida Palhares, N. N. Pereira, G. E. Goncalves, D. Sadok, J. Kelner, B. Melander, and J. E. Mangs, Resource allocation for distributed cloud: Concepts and research challenges, Network, IEEE, vol. 25, no. 4, pp. 42-46, 2011.
3X. Lu, H. Wang, 1. Wang, 1. Xu, and D. Li, Internet-based virtual computing environment: Beyond the data center as a computer, Future Generation Computer Systems, vol. 29, no. 1, pp. 309-322,2013.
4C. J. Rathod, A survey on different virtual machine placement algorithms, International Journal of Advance Research in Computer Science and Management Studies, vol. 2, no. 2,pp. 266-271, 2014.
5M. Alicherry and T. Lakshman, Network aware resource allocation in distributed clouds, in INFO COM, 2012 Proceedings IEEE, 2012, pp. 963-971.
6W. Chen, J. Cao, and Y. Wan, QoS-aware virtual machine scheduling for video streaming services in multi-cloud, Tsinghua Science and Technology, vol. 18, no. 3, pp. 308- 317,2013.
7M. Li, A. Lukyanenko, S. Tarkoma, and A. Yla-Jaaski, Mptcp incast in data center networks, Communications, China, vol. 11, no. 4, pp. 25-37, 2014.
8A. Greenberg, J. R. Hamilton, N. Jain, S. Kandula, C. Kim, P. Lahiri, D. A. Maltz, P. Patel, and S. Sengupta, V12: A scalable and flexible data center network, ACM SIGCOMM Computer Communication Review, vol. 39, pp. 51-62, 2009.
9M. AI-Fares, A. Loukissas, and A. Vahdat, A scalable, commodity data center network architecture, ACM SIGCOMM Computer Communication Review, vol. 38, pp. 63-74, 2008.
10S. Martello and P. Toth, Heuristic algorithms for the multiple knapsack problem, Computing, vol. 27, no. 2, pp. 93-112, 1981.

共引文献19

1Zhaoning ZHANG,Dongsheng LI,Kui WU.Large-scale virtual machines provisioning in clouds： challenges and approaches[J].Frontiers of Computer Science,2016,10(1):2-18. 被引量：3
2孙立新,张栩之,吕海洋.基于云计算SME-FFD算法的概率优度虚拟机资源配置[J].计算机工程,2016,42(5):23-29. 被引量：5
3吴伟美,陈勋,段班祥,杨忠明,曾文英.虚拟机资源概率配置的云计算SEFFD算法[J].计算机与现代化,2016(10):15-20. 被引量：1
4赵昱,惠晓滨,许建虹,钟季龙.RAQPSO算法的云计算资源调度策略[J].空军工程大学学报（自然科学版）,2016,17(6):70-75. 被引量：3
5高培超,刘钊,谢美慧,田琨.Low-cost cloud computing solution for geo-information processing[J].Journal of Central South University,2016,23(12):3217-3224. 被引量：3
6严飞,于钊,张立强,赵波.vTSE:一种基于SGX的vTPM安全增强方案[J].工程科学与技术,2017,49(2):133-139. 被引量：7
7黄宇晴,赵波,肖钰,陶威.一种基于KVM的vTPM虚拟机动态迁移方案[J].山东大学学报（理学版）,2017,52(6):69-75. 被引量：5
8朱宝珠,刘斌.考虑低能耗的云计算虚拟机部署方法[J].计算机工程与设计,2017,38(9):2319-2322. 被引量：1
9石源,张焕国,吴福生.一种可信虚拟机迁移模型构建方法[J].计算机研究与发展,2017,54(10):2284-2295. 被引量：6
10孙浩男,鹤荣育,郭丽.一种可信虚拟平台底层环境验证方案[J].计算机应用与软件,2018,35(8):307-313. 被引量：2

同被引文献25

1吴吉义,沈千里,章剑林,沈忠华,平玲娣.云计算:从云安全到可信云[J].计算机研究与发展,2011,48(S1):229-233. 被引量：54
2冯登国,秦宇.可信计算环境证明方法研究[J].计算机学报,2008,31(9):1640-1652. 被引量：33
3Lin Chen,Xingshu Chen,Junfang Jiang,Xueyuan Yin,Guolin Shao.Research and Practice of Dynamic Network Security Architecture for IaaS Platforms[J].Tsinghua Science and Technology,2014,19(5):496-507. 被引量：7
4胡亮,陈兴蜀,陈林,韩贞阳.IaaS环境下虚拟机无代理通信加密机制[J].计算机应用研究,2016,33(3):855-859. 被引量：3
5Tao WU,Qiusong YANG,Yeping HE.A secure and rapid response architecture for virtual machine migration from an untrusted hypervisor to a trusted one[J].Frontiers of Computer Science,2017,11(5):821-835. 被引量：1
6张建标,朱元曦,胡俊,王晓.面向云环境的虚拟机可信迁移方案[J].网络与信息安全学报,2018,4(1):6-14. 被引量：6
7齐能,谭良.具有瀑布特征的可信虚拟平台信任链模型[J].计算机应用,2018,38(2):327-336. 被引量：4
8Lishan Li,Gang Ren,Ying Liu,Jianping Wu.Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection[J].Tsinghua Science and Technology,2018,23(1):13-21. 被引量：4
9王勇,张雨菡,洪智,文茹,樊成阳,王鹃.基于TPM 2.0的内核完整性度量框架[J].计算机工程,2018,44(3):166-170. 被引量：5
10彭双和,图尔贡·麦提萨比尔,金傳.针对减弱隐蔽信道攻击的Xen虚拟机调度策略[J].武汉大学学报（工学版）,2018,51(4):371-376. 被引量：3

引证文献4

1陈兴蜀,蒋超,王伟,金鑫,兰晓.针对虚拟可信平台模块的国密算法扩展技术研究[J].工程科学与技术,2020,52(3):141-149. 被引量：5
2Renjie Lu,Haihua Shen,Zhihua Feng,Huawei Li,Wei Zhao,Xiaowei Li.HTDet:A Clustering Method Using Information Entropy for Hardware Trojan Detection[J].Tsinghua Science and Technology,2021,26(1):48-61. 被引量：6
3欧阳雪,徐彦彦.IaaS云安全研究综述[J].信息安全学报,2022,7(5):39-50. 被引量：5
4秦中元,戈臻伟,潘经纬,陈立全.基于虚拟可信平台模块的完整性度量方案研究[J].信息网络安全,2023(2):11-18.

二级引证文献16

1崔颖,王铃秀,李文山.二次样本筛选的高光谱图像分类研究[J].应用科技,2021,48(3):7-11.
2崔晓通,秦蔚蓉,程克非,吴渝.可信设计技术的脆弱性分析与防御[J].电子与信息学报,2021,43(9):2482-2488.
3宫健,裴焕斗,唐道光.一种用于可信计算的RISC-V处理器设计[J].电子设计工程,2022,30(3):149-153. 被引量：2
4荆雪纯,赵鹏,崔志华.一种基于信息传递的稀疏子空间聚类算法框架[J].小型微型计算机系统,2022,43(8):1661-1667. 被引量：3
5谢一丹,裴焕斗.一种安全可信的项目全生命周期管理系统设计[J].电子设计工程,2022,30(22):62-66. 被引量：2
6秦中元,戈臻伟,潘经纬,陈立全.基于虚拟可信平台模块的完整性度量方案研究[J].信息网络安全,2023(2):11-18.
7李佩源,刘建伟.基于超级SIM的5G端云安全体系架构与关键技术[J].中兴通讯技术,2023,29(1):13-19. 被引量：3
8何重阳,刘晓浩,陈刘忠,花志强.量子密码技术现状及云安全应用展望[J].网络安全技术与应用,2023(9):27-28. 被引量：1
9常卫,浮明军,徐亚超,黄显果,刘静静.基于GMSSL公共库应用的测试研究[J].微型电脑应用,2023,39(10):176-180.
10伍远翔,唐明,胡一凡,张吉良.基于路径延迟故障序列的硬件木马检测方法[J].计算机工程与设计,2024,45(1):1-9.

1Dian Shen,Junzhou Luo,Fang Dong,Junxue Zhang.VirtCO:Joint Coflow Scheduling and Virtual Machine Placement in Cloud Data Centers[J].Tsinghua Science and Technology,2019,24(5):630-644. 被引量：3
2Zhaoyang DONG,Fengji LUO,Gaoqi LIANG.Blockchain: a secure, decentralized, trusted cyber infrastructure solution for future energy systems[J].Journal of Modern Power Systems and Clean Energy,2018,6(5):958-967. 被引量：29
3CHEN Liquan,ZHU Zheng,WANG Yansong,LU Hua,CHEN Yang.A New Direct Anonymous Attestation Scheme for Trusted NFV System[J].ZTE Communications,2018,16(4):30-37.
4国际可信区块链应用协会正式成立[J].中国金融电脑,2019,0(5):94-94.
5Yajie WANG,Jinlin HE,Peng WANG,Jiao DAI,Bing YANG,Hong TAN,Guangcan TAO.Risk Analysis of Big Data Based on Cloud Computing for the Inspection and Testing of Toxic and Hazardous Substances in Meat Products[J].Asian Agricultural Research,2017,9(8):95-100. 被引量：4
6张帆,张聪,陈伟,胡方宁,徐明迪.基于无干扰的云计算环境行为可信性分析[J].计算机学报,2019,42(4):736-755. 被引量：12
7高刚,林晓杰,张力,朱金萍,冯桐,邱吉刚,赵瑞,于清梅.孕早中期产前筛查血清标志物中位数的研究[J].国际遗传学杂志,2019,42(2):120-123. 被引量：4
8Meng Xiangqing.Major Changes of China-U.S. Relations and their Impacts on the Asia-Pacific Security[J].Peace,2018(3):25-28.
9缪巍巍.城市交流空间演化研究——现实和虚拟交流空间的交错[J].城市建设理论研究（电子版）,2018,8(31):16-17.
10迷你电动小可爱雪铁龙AMI One[J].数字家庭,2019,0(4):10-10.

Tsinghua Science and Technology

2019年第5期

浏览历史

内容加载中请稍等...