云平台下关于时间隐蔽信道的识别及取证研究
发布时间:2018-09-12 07:32
【摘要】:隐蔽信道是一种能够绕过系统安全策略传输信息的信息隐藏技术,广泛的存在于系统和网络中,其中时间隐蔽信道是最具威胁性的一种,该类通道利用发送信息的时间间隔传输隐秘信息,具有非常好的隐蔽性,传统安全策略无从下手。近年来,随着云计算的发展,时间隐蔽信道的研究领域延伸到云平台中,云平台下资源的共享优势,更是成为了时间隐蔽信道发展的温床。因此,云平台中时间隐蔽信道的研究对确保用户数据安全乃至整个云环境的安全有着重要的意义和价值。本文通过对时间隐蔽信道在云平台下的特征进行分析,介绍了云计算中的技术特点和面临的安全威胁,阐述了云平台下隐蔽信道的定义和分类。紧接着强调了时间隐蔽信道在云平台下具有的威胁,总结了时间隐蔽信道的活动特征,分析了当前该领域的研究现状和面临的挑战。为了丰富当前的云取证研究,克服当前时间隐蔽信道的研究挑战。本文提出了基于内存活动记录的分析维度,总结时间隐蔽信道长期活动特征并以此设计实现了一套识别算法,最后在此基础上增加了证据的收集和分析功能,形成一套完整的取证框架。在Xen平台上,本文实现了根据上述框架设计实现了一个原型系统,所有的实现都利用了虚拟机管理技术,实现了对客户虚拟机的完全透明,这在保护了犯罪现场的同时,也保证了目标系统的持续可用性,防止取证过程被攻击者发现和干扰。为了评价该框架的性能,本文模拟实现了几个常见的时间隐蔽信道,并横向引入了其他类似的研究方法做比较分析。实验结果表明,本文提出所提方法识别精度在多种复杂情况下都保持在90%以上,甚至在高噪音的条件。提出的内存活动记录加上网络信道的网络报文记录,固定了犯罪现场的证据,通过取证过程的分析,证明了这些记录对于现场还原的可利用性。
[Abstract]:Covert channel is a kind of information hiding technology which can bypass the system security policy to transmit information. It exists widely in the system and network. The time-covert channel is the most threatening one. This kind of channel transmits covert information by the time interval of transmitting information. It has very good covertness and traditional security strategy can not start. In recent years, with the development of cloud computing, the research field of time covert channel extends to the cloud platform, and the resource sharing advantage of the cloud platform becomes the hotbed of the development of time covert channel. This paper analyzes the characteristics of the time-covert channel under the cloud platform, introduces the technical characteristics and security threats in cloud computing, expounds the definition and classification of the time-covert channel under the cloud platform, then emphasizes the threat of the time-covert channel under the cloud platform, and summarizes the active characteristics of the time-covert channel. In order to enrich the current cloud Forensics Research and overcome the current research challenges of time-steganography channel, this paper proposes an analysis dimension based on memory activity record, summarizes the long-term activity characteristics of time-steganography channel, and designs and implements a set of recognition algorithms. On the Xen platform, this paper designs and implements a prototype system based on the above framework. All the implementations make use of the virtual machine management technology to achieve complete transparency to the client virtual machine, which not only protects the crime scene, but also protects the crime scene. In order to evaluate the performance of this framework, several common time-covert channels are simulated and implemented, and other similar research methods are introduced horizontally to make a comparative analysis. The experimental results show that the proposed method has multiple recognition accuracy. The proposed memory activity records, together with network message records over the network channel, fix the evidence of the crime scene. The analysis of the forensics process proves the availability of these records for on-site restoration.
【学位授予单位】:南京大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.09;TP309
,
本文编号:2238333
[Abstract]:Covert channel is a kind of information hiding technology which can bypass the system security policy to transmit information. It exists widely in the system and network. The time-covert channel is the most threatening one. This kind of channel transmits covert information by the time interval of transmitting information. It has very good covertness and traditional security strategy can not start. In recent years, with the development of cloud computing, the research field of time covert channel extends to the cloud platform, and the resource sharing advantage of the cloud platform becomes the hotbed of the development of time covert channel. This paper analyzes the characteristics of the time-covert channel under the cloud platform, introduces the technical characteristics and security threats in cloud computing, expounds the definition and classification of the time-covert channel under the cloud platform, then emphasizes the threat of the time-covert channel under the cloud platform, and summarizes the active characteristics of the time-covert channel. In order to enrich the current cloud Forensics Research and overcome the current research challenges of time-steganography channel, this paper proposes an analysis dimension based on memory activity record, summarizes the long-term activity characteristics of time-steganography channel, and designs and implements a set of recognition algorithms. On the Xen platform, this paper designs and implements a prototype system based on the above framework. All the implementations make use of the virtual machine management technology to achieve complete transparency to the client virtual machine, which not only protects the crime scene, but also protects the crime scene. In order to evaluate the performance of this framework, several common time-covert channels are simulated and implemented, and other similar research methods are introduced horizontally to make a comparative analysis. The experimental results show that the proposed method has multiple recognition accuracy. The proposed memory activity records, together with network message records over the network channel, fix the evidence of the crime scene. The analysis of the forensics process proves the availability of these records for on-site restoration.
【学位授予单位】:南京大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.09;TP309
,
本文编号:2238333
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2238333.html
