云环境下多层次粒度可控的安全审计方法研究

发布时间：2018-05-27 10:33

本文选题：云计算平台 + 虚拟化　；参考：《哈尔滨工业大学》2015年硕士论文

【摘要】：随着计算机、互联网领域技术快速发展,云计算服务广泛普及,给我们带来便利的同时,也存在很多安全隐患,现有的安全技术不足以覆盖云计算平台面临的威胁。作为安全攻防领域中重要的一部分,安全审计技术起着很大的作用,通过安全审计技术能够为云计算的内容监管、攻击溯源及取证提供有力的支撑。本文着重针对云计算平台的安全审计方法进行研究,通过分析现有安全审计技术的优缺点,结合云计算平台多级、多用户的特点,提出了云环境下多层次、粒度可控的按需安全审计方法,既能适应用户多变的需求,又可以对不同层次下的审计数据进行相互补充与印证,消除语义鸿沟、丰富语义信息。本文首先介绍了云环境下安全审计技术的研究意义以及相关背景、国内外研究现状。其次分别介绍了传统计算机架构和云环境架构的特点、差异以及不同架构下的安全审计技术。通过对现有安全审计方法的研究,本文提出了云环境下安全审计的研究方案。结合云架构的多级模式特点,提出了采用VMI虚拟机自省技术,从虚拟机操作系统层和VMM管理层分别进行安全审计,实现不同层次的审计数据相互补充与印证,丰富语义信息,为了关联多层次间的审计日志,提出了基于序列号的共享内存方式;结合云环境下多用户多需求的特点,提出了粒度可控的安全审计方法。为降低审计日志输出对于系统性能的消耗提出了建立内存缓冲区的方式并进行试验验证。最后对安全审计系统体系结构、工作流程进行详细介绍。通过实验验证审计系统的有效性,并对系统的性能开销进行分析。实验结果表明本文提出的多层次粒度可控的安全审计方法可以有效减少其给系统带来的性能消耗。
[Abstract]:With the rapid development of computer and Internet technology, cloud computing services are widely spread, which brings us convenience, but also has a lot of security risks, the existing security technology is not enough to cover the threat to cloud computing platform. As an important part of the field of security attack and defense, security audit technology plays a very important role, through the security audit technology can provide strong support for cloud computing content supervision, attack traceability and evidence collection. This paper focuses on the research of the security audit method of cloud computing platform. By analyzing the advantages and disadvantages of the existing security audit technology, combined with the multi-level and multi-user characteristics of cloud computing platform, this paper proposes a multi-level cloud environment. The on-demand security audit method with controllable granularity can not only adapt to the changing needs of users, but also complement and confirm the audit data at different levels, eliminate the semantic gap and enrich semantic information. This paper first introduces the research significance and related background of security audit technology in cloud environment, and the current research situation at home and abroad. Secondly, the characteristics, differences and security audit techniques of traditional computer architecture and cloud environment architecture are introduced respectively. Through the research of the existing security audit methods, this paper puts forward the research scheme of the security audit under the cloud environment. According to the multi-level pattern characteristics of cloud architecture, this paper proposes to use VMI virtual machine introspection technology to carry out security audit from virtual machine operating system layer and VMM management layer, so that audit data at different levels can complement and verify each other and enrich semantic information. In order to correlate multi-level audit logs, a shared memory method based on serial number is proposed, and a security audit method with controllable granularity is proposed according to the characteristics of multi-user and multi-requirement in cloud environment. In order to reduce the consumption of audit log output on system performance, a memory buffer is proposed and tested. Finally, the architecture and workflow of the security audit system are introduced in detail. The effectiveness of the audit system is verified by experiments, and the performance overhead of the system is analyzed. The experimental results show that the multi-level granularity controllable security audit method proposed in this paper can effectively reduce the performance consumption of the system.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08

【参考文献】