面向云计算的虚拟机动态迁移安全策略研究

发布时间：2018-05-10 10:01

本文选题：云计算 + 安全　；参考：《广西大学》2015年硕士论文

【摘要】：近年来,云计算技术广泛应用和发展。云计算通过网络服务将本地大量的服务器资源整合提供给多个用户。基于它的组成形式,云计算具有按需扩展的优势。然而,在云计算广泛运用的同时,通过网络在多人共享资源的情况下,用户的数据安全性很难得到保证。云计算中应用最广泛的是虚拟机动态迁移技术。虚拟机动态迁移可以方便虚拟机集群的管理、维护以及负载均衡、资源优化。目前的研究大多着重考虑了缩短迁移时间、能够快速迁移、如何减少迁移量等方面,关于虚拟机动态迁移中的安全性方面的研究还不是很多。本文在深入分析云计算环境中存在的数据信息安全性问题的基础上,从数据信息的安全保护问题出发,紧紧围绕云计算环境中虚拟机动态迁移过程中遇到的网络攻击,从而导致数据信息的完整性、机密性保障等问题,就云计算环境中虚拟机动态迁移中涉及安全的相关问题展开研究。主要开展的研究工作如下：(1)首先,了解和研究现有的云计算中虚拟机迁移的方法和技术特点,分析它们具有的优点和存在的安全问题。(2)其次,重点分析了虚拟机动态迁移中可能存在的不足,阐明了安全隐患的存在性。分别从虚拟机监控器、迁移数据和迁移模块等三个方面分析了动态迁移过程中存在攻击行为,并针对每一类攻击分别提出了各自的防御方法。这些防御方法针对现有的虚拟机监控器存在的问题,添加了迁移数据保护模块、元数据管理模块和安全控制模块等,提高了虚拟机的动态迁移的保护能力。迁移数据保护模块保护迁移虚拟机内部的内存页,主要负责内存页数据的拦截、加密和解密部分。元数据管理模块主要负责迁出端将分散的虚拟机的迁移元数据收集,在迁入端虚拟机上将元数据传输重构。安全控制模块主要负责防御一些安全漏洞,保护虚拟机动态迁移机制模拟实验验证了虚拟机动态迁移过程中存在攻击的可能性,说明了所提出的防御方法的有效性。(3)结合上述的研究工作,通过对已有的虚拟机动态迁移算法进行分析,特别是对预拷贝机制的虚拟机迁移协议进行改进,提出一种具有相对完善安全机制的虚拟机安全迁移协议,以提高迁移过程中的安全性。该协议。该协议包括动态迁移前双方的认证和虚拟机安全迁移两部分。动态迁移前双方的认证通过握手协议,建立可信通道等；虚拟机安全迁移部分基于Xen的动态迁移协议内容进行添加,在预拷贝、虚拟机暂停和恢复三个阶段分别加入了保障安全的协议。理论的分析和CloudSim仿真器的实验结果说明了所提出的安全动态迁移协议是可行和有效的,它可以用于现实对虚拟机的动态迁移安全进行保护。本文的研究是对云计算环境中虚拟机动态迁移中涉及安全的相关问题的一次有益的尝试。论文的研究工作和成果对云计算安全和动态迁移的安全有较好的借鉴意义,研究成果具有一定的科学意义和实用价值。
[Abstract]:In recent years, cloud computing has been widely used and developed. Cloud computing provides a large number of local server resources to multiple users through network services. Based on its composition, cloud computing has the advantage of expanding demand. However, in the context of the widespread use of cloud computing, the user's data is shared by the network in the case of multiple sharing of resources. Security is difficult to ensure. The most widely used in cloud computing is the dynamic migration of virtual machines. Dynamic migration of virtual machines can facilitate the management, maintenance, load balancing and resource optimization of virtual machines. Most of the current research focuses on reducing migration time, fast migration, and how to reduce migration. On the basis of analyzing the security problem of data information in the cloud computing environment, this paper, based on the analysis of the security problem of data information in the cloud computing environment, starts with the security protection of data information, closely surrounding the network attacks in the dynamic migration process of the virtual machine in the cloud computing environment, resulting in the data letter. The integrity of interest, the security of confidentiality and other issues, research on the related issues related to security in the dynamic migration of virtual machines in the cloud computing environment. The main research work is as follows: (1) first, to understand and study the existing methods and technical points of the virtual machine migration in the existing cloud computing, analyze their advantages and existing security problems. (2) Secondly, it focuses on the analysis of the possible shortcomings in the dynamic migration of virtual machines, and clarifies the existence of the hidden security risks. From the three aspects of the virtual machine monitor, the migration data and the migration module, the attack behavior is analyzed in the dynamic migration process, and the respective defense methods are put forward respectively for each type of attack. Methods in view of the existing problems of the existing virtual machine monitor, the migration data protection module, the metadata management module and the security control module are added to improve the dynamic migration protection ability of the virtual machine. The migration data protection module protects the internal memory pages in the migrated virtual machine, which is mainly responsible for the interception of the memory page data and the encryption and reconciliation. The metadata management module is responsible for collecting the migratory metadata of the dispersed virtual machine and reconstructing the metadata transfer on the migratory virtual machine. The security control module is responsible for defending some security vulnerabilities, protecting the virtual machine dynamic migration mechanism and simulating experimental verification that there is an attack in the dynamic migration process of the virtual machine. The possibility of the proposed defense method is effective. (3) combining the above research work, the existing virtual machine dynamic migration algorithm is analyzed, especially the virtual machine migration protocol of the pre copy mechanism is improved, and a virtual machine security migration protocol with relatively perfect security mechanism is proposed in order to improve the migration of the virtual machine. The protocol. This protocol includes two parts: authentication of both sides and secure migration of virtual machine before dynamic migration. Before dynamic migration, authentication through handshake protocol is used to build trusted channel. The virtual machine security migration part is added to the content of dynamic migration protocol based on Xen, in pre copy, pause and restore of virtual machine. The analysis of the theory and the experimental results of the CloudSim simulator show that the proposed security dynamic migration protocol is feasible and effective. It can be used to protect the dynamic migration security of virtual machines in reality. The research of this paper is on the dynamic migration of virtual machines in the cloud computing environment. The research work and results of the paper have a good reference to the security of cloud computing and the security of dynamic migration, and the research results have certain scientific significance and practical value.

【学位授予单位】：广西大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP302

【参考文献】