Early non-invasive diagnosis of coronary heart disease(CHD)is critical.However,it is challenging to achieve accurate CHD diagnosis via detecting breath.In this work,heterostructured complexes of black phosphorus(BP)an...Early non-invasive diagnosis of coronary heart disease(CHD)is critical.However,it is challenging to achieve accurate CHD diagnosis via detecting breath.In this work,heterostructured complexes of black phosphorus(BP)and two-dimensional carbide and nitride(MXene)with high gas sensitivity and photo responsiveness were formulated using a self-assembly strategy.A light-activated virtual sensor array(LAVSA)based on BP/Ti_(3)C_(2)Tx was prepared under photomodulation and further assembled into an instant gas sensing platform(IGSP).In addition,a machine learning(ML)algorithm was introduced to help the IGSP detect and recognize the signals of breath samples to diagnose CHD.Due to the synergistic effect of BP and Ti_(3)C_(2)Tx as well as photo excitation,the synthesized heterostructured complexes exhibited higher performance than pristine Ti_(3)C_(2)Tx,with a response value 26%higher than that of pristine Ti_(3)C_(2)Tx.In addition,with the help of a pattern recognition algorithm,LAVSA successfully detected and identified 15 odor molecules affiliated with alcohols,ketones,aldehydes,esters,and acids.Meanwhile,with the assistance of ML,the IGSP achieved 69.2%accuracy in detecting the breath odor of 45 volunteers from healthy people and CHD patients.In conclusion,an immediate,low-cost,and accurate prototype was designed and fabricated for the noninvasive diagnosis of CHD,which provided a generalized solution for diagnosing other diseases and other more complex application scenarios.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are in...As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.展开更多
Seismic reservoir prediction plays an important role in oil exploration and development.With the progress of artificial intelligence,many achievements have been made in machine learning seismic reservoir prediction.Ho...Seismic reservoir prediction plays an important role in oil exploration and development.With the progress of artificial intelligence,many achievements have been made in machine learning seismic reservoir prediction.However,due to the factors such as economic cost,exploration maturity,and technical limitations,it is often difficult to obtain a large number of training samples for machine learning.In this case,the prediction accuracy cannot meet the requirements.To overcome this shortcoming,we develop a new machine learning reservoir prediction method based on virtual sample generation.In this method,the virtual samples,which are generated in a high-dimensional hypersphere space,are more consistent with the original data characteristics.Furthermore,at the stage of model building after virtual sample generation,virtual samples screening and model iterative optimization are used to eliminate noise samples and ensure the rationality of virtual samples.The proposed method has been applied to standard function data and real seismic data.The results show that this method can improve the prediction accuracy of machine learning significantly.展开更多
With the advent of the era of cloud computing, the high energy consumption of cloud computing data centers has become a prominent problem, and how to reduce the energy consumption of cloud computing data center and im...With the advent of the era of cloud computing, the high energy consumption of cloud computing data centers has become a prominent problem, and how to reduce the energy consumption of cloud computing data center and improve the efficiency of data center has become the research focus of researchers all the world. In a cloud environment, virtual machine consolidation(VMC) is an effective strategy that can improve the energy efficiency. However, at the same time, in the process of virtual machine consolidation, we need to deal with the tradeoff between energy consumption and excellent service performance to meet service level agreement(SLA). In this paper, we propose a new virtual machine consolidation framework for achieving better energy efficiency-Improved Underloaded Decision(IUD) algorithm and Minimum Average Utilization Difference(MAUD) algorithm. Finally, based on real workload data on Planet Lab, experiments have been done with the cloud simulation platform Cloud Sim. The experimental result shows that the proposed algorithm can reduce the energy consumption and SLA violation of data centers compared with existing algorithms, improving the energy efficiency of data centers.展开更多
At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access con...At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access control (MAC) and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control (DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.展开更多
In the cloud data centers,how to map virtual machines(VMs) on physical machines(PMs) to reduce the energy consumption is becoming one of the major issues,and the existing VM scheduling schemes are mostly to reduce ene...In the cloud data centers,how to map virtual machines(VMs) on physical machines(PMs) to reduce the energy consumption is becoming one of the major issues,and the existing VM scheduling schemes are mostly to reduce energy consumption by optimizing the utilization of physical servers or network elements.However,the aggressive consolidation of these resources may lead to network performance degradation.In view of this,this paper proposes a two-stage VM scheduling scheme:(1) We propose a static VM placement scheme to minimize the number of activating PMs and network elements to reduce the energy consumption;(2) In the premise of minimizing the migration costs,we propose a dynamic VM migration scheme to minimize the maximum link utilization to improve the network performance.This scheme makes a tradeoff between energy efficiency and network performance.We design a new twostage heuristic algorithm for a solution,and the simulations show that our solution achieves good results.展开更多
This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed...This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.展开更多
Cloud computing provides the essential infrastructure for multi-tier Ambient Assisted Living(AAL) applications that facilitate people's lives. Resource provisioning is a critically important problem for AAL applic...Cloud computing provides the essential infrastructure for multi-tier Ambient Assisted Living(AAL) applications that facilitate people's lives. Resource provisioning is a critically important problem for AAL applications in cloud data centers(CDCs). This paper focuses on modeling and analysis of multi-tier AAL applications, and aims to optimize resource provisioning while meeting requests' response time constraint. This paper models a multi-tier AAL application as a hybrid multi-tier queueing model consisting of an M/M/c queueing model and multiple M/M/1 queueing models. Then, virtual machine(VM) allocation is formulated as a constrained optimization problem in a CDC, and is further solved with the proposed heuristic VM allocation algorithm(HVMA). The results demonstrate that the proposed model and algorithm can effectively achieve dynamic resource provisioning while meeting the performance constraint.展开更多
With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)sat...With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.展开更多
Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at the...Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.展开更多
Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential role...Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.展开更多
The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certifi...The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certificate agent, the cloud user generates a trust base and extends it to its VMs. For each service running on the VM, a hash value is generated from all the necessary modules, and these hash values are organized and maintained with a specially designed hash tree whose root is extended from the user's trust base. Before the VM loads a service, the hash tree is verified from the coordinated hash value to check the trustworthiness of the service.展开更多
基金supported by the National Natural Science Foundation of China(22278241)the National Key R&D Program of China(2018YFA0901700)+1 种基金a grant from the Institute Guo Qiang,Tsinghua University(2021GQG1016)Department of Chemical Engineering-iBHE Joint Cooperation Fund.
文摘Early non-invasive diagnosis of coronary heart disease(CHD)is critical.However,it is challenging to achieve accurate CHD diagnosis via detecting breath.In this work,heterostructured complexes of black phosphorus(BP)and two-dimensional carbide and nitride(MXene)with high gas sensitivity and photo responsiveness were formulated using a self-assembly strategy.A light-activated virtual sensor array(LAVSA)based on BP/Ti_(3)C_(2)Tx was prepared under photomodulation and further assembled into an instant gas sensing platform(IGSP).In addition,a machine learning(ML)algorithm was introduced to help the IGSP detect and recognize the signals of breath samples to diagnose CHD.Due to the synergistic effect of BP and Ti_(3)C_(2)Tx as well as photo excitation,the synthesized heterostructured complexes exhibited higher performance than pristine Ti_(3)C_(2)Tx,with a response value 26%higher than that of pristine Ti_(3)C_(2)Tx.In addition,with the help of a pattern recognition algorithm,LAVSA successfully detected and identified 15 odor molecules affiliated with alcohols,ketones,aldehydes,esters,and acids.Meanwhile,with the assistance of ML,the IGSP achieved 69.2%accuracy in detecting the breath odor of 45 volunteers from healthy people and CHD patients.In conclusion,an immediate,low-cost,and accurate prototype was designed and fabricated for the noninvasive diagnosis of CHD,which provided a generalized solution for diagnosing other diseases and other more complex application scenarios.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金supported by State Key Laboratory of Software Development Environment under Grant No. SKLSDE-2009ZX-02China Aviation Science Fund under Grant No.20081951National High Technical Research and Development Program of China (863 Program) under Grant No.2007AA01Z183
文摘As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.
基金supported by National Natural Science Foundation of China under Grants 41874146 and 42030103。
文摘Seismic reservoir prediction plays an important role in oil exploration and development.With the progress of artificial intelligence,many achievements have been made in machine learning seismic reservoir prediction.However,due to the factors such as economic cost,exploration maturity,and technical limitations,it is often difficult to obtain a large number of training samples for machine learning.In this case,the prediction accuracy cannot meet the requirements.To overcome this shortcoming,we develop a new machine learning reservoir prediction method based on virtual sample generation.In this method,the virtual samples,which are generated in a high-dimensional hypersphere space,are more consistent with the original data characteristics.Furthermore,at the stage of model building after virtual sample generation,virtual samples screening and model iterative optimization are used to eliminate noise samples and ensure the rationality of virtual samples.The proposed method has been applied to standard function data and real seismic data.The results show that this method can improve the prediction accuracy of machine learning significantly.
基金supported by the National Natural Science Foundation of China (NSFC) (No. 61272200, 10805019)the Program for Excellent Young Teachers in Higher Education of Guangdong, China (No. Yq2013012)+2 种基金the Fundamental Research Funds for the Central Universities (2015ZJ010)the Special Support Program of Guangdong Province (201528004)the Pearl River Science & Technology Star Project (201610010046)
文摘With the advent of the era of cloud computing, the high energy consumption of cloud computing data centers has become a prominent problem, and how to reduce the energy consumption of cloud computing data center and improve the efficiency of data center has become the research focus of researchers all the world. In a cloud environment, virtual machine consolidation(VMC) is an effective strategy that can improve the energy efficiency. However, at the same time, in the process of virtual machine consolidation, we need to deal with the tradeoff between energy consumption and excellent service performance to meet service level agreement(SLA). In this paper, we propose a new virtual machine consolidation framework for achieving better energy efficiency-Improved Underloaded Decision(IUD) algorithm and Minimum Average Utilization Difference(MAUD) algorithm. Finally, based on real workload data on Planet Lab, experiments have been done with the cloud simulation platform Cloud Sim. The experimental result shows that the proposed algorithm can reduce the energy consumption and SLA violation of data centers compared with existing algorithms, improving the energy efficiency of data centers.
基金Acknowledgements This work was supported by National Key Basic Research and Development Plan (973 Plan) of China (No. 2007CB310900) and National Natural Science Foundation of China (No. 90612018, 90715030 and 60970008).
文摘At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access control (MAC) and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control (DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.
基金supported by the National Natural Science Foundation of China(61002011)the National High Technology Research and Development Program of China(863 Program)(2013AA013303)+1 种基金the Fundamental Research Funds for the Central Universities(2013RC1104)the Open Fund of the State Key Laboratory of Software Development Environment(SKLSDE-2009KF-2-08)
文摘In the cloud data centers,how to map virtual machines(VMs) on physical machines(PMs) to reduce the energy consumption is becoming one of the major issues,and the existing VM scheduling schemes are mostly to reduce energy consumption by optimizing the utilization of physical servers or network elements.However,the aggressive consolidation of these resources may lead to network performance degradation.In view of this,this paper proposes a two-stage VM scheduling scheme:(1) We propose a static VM placement scheme to minimize the number of activating PMs and network elements to reduce the energy consumption;(2) In the premise of minimizing the migration costs,we propose a dynamic VM migration scheme to minimize the maximum link utilization to improve the network performance.This scheme makes a tradeoff between energy efficiency and network performance.We design a new twostage heuristic algorithm for a solution,and the simulations show that our solution achieves good results.
基金supported by The National Natural Science Foundation for Young Scientists of China under Grant No.61303263the Jiangsu Provincial Research Foundation for Basic Research(Natural Science Foundation)under Grant No.BK20150201+4 种基金the Scientific Research Key Project of Beijing Municipal Commission of Education under Grant No.KZ201210015015Project Supported by the National Natural Science Foundation of China(Grant No.61370140)the Scientific Research Common Program of the Beijing Municipal Commission of Education(Grant No.KMKM201410015006)The National Science Foundation of China under Grant Nos.61232016 and U1405254and the PAPD fund
文摘This paper sums up four security factors after analyzing co-residency threats caused by the special multitenant environment in the cloud.To secure the factors,a multiway dynamic trust chain transfer model was proposed on the basis of a measurement interactive virtual machine and current behavior to protect the integrity of the system.A trust chain construction module is designed in a virtual machine monitor.Through dynamic monitoring,it achieves the purpose of transferring integrity between virtual machine.A cloud system with a trust authentication function is implemented on the basis of the model,and its practicability is shown.
文摘Cloud computing provides the essential infrastructure for multi-tier Ambient Assisted Living(AAL) applications that facilitate people's lives. Resource provisioning is a critically important problem for AAL applications in cloud data centers(CDCs). This paper focuses on modeling and analysis of multi-tier AAL applications, and aims to optimize resource provisioning while meeting requests' response time constraint. This paper models a multi-tier AAL application as a hybrid multi-tier queueing model consisting of an M/M/c queueing model and multiple M/M/1 queueing models. Then, virtual machine(VM) allocation is formulated as a constrained optimization problem in a CDC, and is further solved with the proposed heuristic VM allocation algorithm(HVMA). The results demonstrate that the proposed model and algorithm can effectively achieve dynamic resource provisioning while meeting the performance constraint.
基金supported in part by the National Natural Science Foundation of China(NSFC)under grant numbers U22A2007 and 62171010the Open project of Satellite Internet Key Laboratory in 2022(Project 3:Research on Spaceborne Lightweight Core Network and Intelligent Collaboration)the Beijing Natural Science Foundation under grant number L212003.
文摘With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金Supported by National 242 Plan Project(2005C48)the Technology Innovation Programme Major Projects of Beijing Institute of Technology(2011CX01015)
文摘Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.
文摘Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.
基金supported by the National Natural Science Foundation of China(No.6127249261572521)+1 种基金Natural Science Foundation of Shaanxi Provence(No.2013JM8012)Fundamental Research Project of CAPF(No.WJY201520)
文摘The trustworthiness of virtual machines is a big security issue in cloud computing. In this paper, we aimed at designing a practical trustworthiness mechanism in virtual environment. With the assist of a third certificate agent, the cloud user generates a trust base and extends it to its VMs. For each service running on the VM, a hash value is generated from all the necessary modules, and these hash values are organized and maintained with a specially designed hash tree whose root is extended from the user's trust base. Before the VM loads a service, the hash tree is verified from the coordinated hash value to check the trustworthiness of the service.
