面向虚拟化的物联网服务系统内存分析与安全保障方案的设计与实现
发布时间:2018-08-02 16:54
【摘要】:在当今时代,物联网系统开始普及,进入人们的日常生活。人们在享受物联网服务带来的便利的同时,也因为物联网系统的安全问题承受着极大的风险。传统的物联网系统本地安全保障方案的检测系统与需要被保护的物联网系统处于同一个操作系统中。当操作系统遭到一系列的恶意软件如Rootkit等篡改系统内核方式的攻击时,该检测系统会发生损坏或瘫痪。而且,由于传统检测系统处于的操作系统的不安全性,一些潜伏在该操作系统内部的恶意软件可以轻易地对其检测数据进行篡改,导致检测结果失去相应的可信性。本文在分析传统物联网本地安全保障技术缺陷的基础上,提出了将物联网服务检测系统部署在相对隔离的虚拟化环境中,并通过虚拟机自省技术和内存检测技术进行本地安全保障的新思路。进而提出了一种基于虚拟化技术的物联网系统内存分析与安全保障方案。该方案通过虚拟化技术实现了保障系统与被保障系统的安全隔离,同时通过内存取证技术实现了检测数据的可信,与此同时通过虚拟机监控器实现了多种机制的物联网系统恢复策略,为物联网系统的本地安全提供了一个完善的安全保障方案。最后通过大量实际环境下的测试,该方案被证实可行。
[Abstract]:In today's era, the Internet of things system began to popularize, into the daily life of people. People enjoy the convenience of the Internet of things service, but also because of the security of the Internet of things system bear a great deal of risk. The detection system of the local security scheme of the traditional IOT system is in the same operating system as the IOT system which needs to be protected. When the operating system is attacked by a series of malware such as Rootkit tampering with the kernel, the detection system will be damaged or paralyzed. Moreover, because of the insecurity of the operating system in which the traditional detection system is located, some malware lurking inside the operating system can easily tamper with its detection data, resulting in the loss of the corresponding credibility of the detection results. Based on the analysis of the shortcomings of the traditional local security technology of the Internet of things, this paper proposes to deploy the IoT service detection system in a relatively isolated virtualization environment. And through the virtual machine introspection technology and the memory detection technology to carry on the local security safeguard new idea. Furthermore, a virtualization based memory analysis and security scheme for Internet of things systems is proposed. The scheme realizes the security isolation between the guarantee system and the guaranteed system through virtualization technology, and realizes the credibility of the detection data through the memory forensics technology. At the same time, the recovery strategy of the Internet of things system with various mechanisms is implemented through the virtual machine monitor, which provides a perfect security scheme for the local security of the Internet of things system. Finally, the scheme is proved to be feasible through a large number of tests in the actual environment.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP391.44;TN915.08
[Abstract]:In today's era, the Internet of things system began to popularize, into the daily life of people. People enjoy the convenience of the Internet of things service, but also because of the security of the Internet of things system bear a great deal of risk. The detection system of the local security scheme of the traditional IOT system is in the same operating system as the IOT system which needs to be protected. When the operating system is attacked by a series of malware such as Rootkit tampering with the kernel, the detection system will be damaged or paralyzed. Moreover, because of the insecurity of the operating system in which the traditional detection system is located, some malware lurking inside the operating system can easily tamper with its detection data, resulting in the loss of the corresponding credibility of the detection results. Based on the analysis of the shortcomings of the traditional local security technology of the Internet of things, this paper proposes to deploy the IoT service detection system in a relatively isolated virtualization environment. And through the virtual machine introspection technology and the memory detection technology to carry on the local security safeguard new idea. Furthermore, a virtualization based memory analysis and security scheme for Internet of things systems is proposed. The scheme realizes the security isolation between the guarantee system and the guaranteed system through virtualization technology, and realizes the credibility of the detection data through the memory forensics technology. At the same time, the recovery strategy of the Internet of things system with various mechanisms is implemented through the virtual machine monitor, which provides a perfect security scheme for the local security of the Internet of things system. Finally, the scheme is proved to be feasible through a large number of tests in the actual environment.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP391.44;TN915.08
【相似文献】
相关期刊论文 前10条
1 吴雪霁;;把握“物联网”时代的三个关键点[J];通信世界;2009年33期
2 秦茜;;物联网骤成产业巨浪 各方大肆追捧恐为时尚早[J];IT时代周刊;2009年Z2期
3 石菲;;物联网还有多远[J];中国计算机用户;2009年Z2期
4 马继华;韩文哲;;物联网的未来会变成“空中楼阁”吗?[J];信息网络;2009年10期
5 ;物联网系列报道之一 理性物联网[J];通信世界;2009年40期
6 李鹏;;物联网发展 标准与应用先行[J];通信世界;2009年40期
7 李鹏;赵经纬;;北邮谢东亮 物联网需两颗红心一种准备[J];通信世界;2009年40期
8 周双阳;;寻找物联网的制高点[J];通信世界;2009年41期
9 张鹏;;物联网,十年涅i,
本文编号:2160075
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2160075.html
