登录 | 注册 | 退出 | 公司首页 | 繁体中文 | 满意度调查
综合馆
虚拟机系统安全综述
  • 摘要

    随着云计算的广泛应用,虚拟机技术得到了复苏和长足的发展,但同时也带来了新的安全威胁,因此对于虚拟机的安全威胁和防御的研究成为目前计算机安全界的研究热点.以目前广泛应用的虚拟机Xen为例,针对虚拟机的技术特征分析了所存在的漏洞和威胁,并从计算机安全学的角度提出了相应的防御和保护方法.较为全面地总结了目前国内外针对虚拟机安全各方面相关的研究成果,通过系统的比较分析,指出了目前存在的问题,探讨了下一步的研究方向.

  • 作者

    秦中元  沈日胜  张群芳  狄予兴  QIN Zhong-yuan  SHEN Ri-sheng  ZHANG Qun-fang  DI Yu-xing 

  • 作者单位

    东南大学信息科学与工程学院,南京210096;信息网络安全公安部重点实验室,上海201204/东南大学信息科学与工程学院,南京,210096/南京炮兵学院计算机教研室,南京,211132/南京炮兵学院通信教研室,南京,211132

  • 刊期

    2012年5期 ISTIC PKU

  • 关键词

    虚拟机  Xen  安全  防御 

参考文献
  • [1] 程川. 一种基于Xen的信任虚拟机安全访问设计与实现. 计算机与数字工程, 2010,3
  • [2] 陈康,郑纬民. 云计算:系统实例与研究现状. 软件学报, 2009,5
  • [3] 张志新,彭新光. 基于XEN的入侵检测服务研究. 杭州电子科技大学学报, 2008,6
  • [4] 冯登国,张敏,张妍,徐震. 云计算安全研究. 软件学报, 2011,1
  • [5] Price M.. The Paradox of Security in Virtual Environments. Computer, 2008,11
  • [6] Bryan D. Payne;Reiner Sailer;Ramon Caceres;Ron Perez;Wenke Lee. A Layered Approach to Simplified Access Control in Virtualized Systems. Operating systems review, 2007,4
  • [7] ALSHAWABKEH M;MOFFIE M;AZMANDIAN F. Effective virtual machine monitor intrusion detection using feature selection on highly imbalanced data. Washington,DC:IEEE Computer Society, 2010
  • [8] ZHANG Shi-bin;XU Chun-xiang;LONG Ya-xing. Study on terminal trusted model based on trusted computing. Washington,DC:IEEE Computer Society, 2011
  • [9] WANG Zhi;JIANG Xu-xian. HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow integrity. Washington,DC:IEEE Computer Society, 2010
  • [10] MITRE Corporation. Common vulnerabilities and exposures list. http://cve.mitre.org/cve/, 2011
  • [11] WANG Xi;CHENG Chuan. Access control using trusted virtual machine based on Xen. Beilin:Springer-Verlag, 2011
  • [12] GARFINKEL T;PFAFF B;CHOW J. Terra:a virtual machinebased platform for trusted computing. New York:acm Press, 2003
  • [13] KING S T;CHEN P M;WANG Yi-min. SubVirt:implementing malware with virtual machines. Washington,DC:IEEE Computer Society, 2006
  • [14] WEN Yan;HUANG Min-huan;ZHAO Jin-jing. Implicit detection of stealth software with a local-booted virtual machine. Washington,DC:IEEE Computer Society, 2010
  • [15] BINU A;KUMAR G S. Virtualization techniques:a methodical review of Xen and KVM. Beilin:Springer-Verlag, 2011
  • [16] ZHANG Xiao-tao;DONG Yao-zu. Optimizing Xen VMM based on Intel(R) virtualization technology. Washington,DC:IEEE Computer Society, 2008
  • [17] BRATUS S;LOCASTO M E;RAMASWAMY A. Traps,events,emulation,and enforcement:managing the Yin and Yang of virtualization-based security. New York:acm Press, 2008
  • [18] LIU Dong-xi;LEE J;JANG Ju-lian. A cloud architecture of virtual trusted platform modules. Washington,DC:IEEE Computer Society, 2010
  • [19] SAILER R;VALDEZ E;JAEGER T. sHype:secure hypervisor approach to trusted virtualized systems,RC23511. New York:IBM Research, 2005
  • [20] RILEY R;JIANG Xu-xian;XU Dong-yan. Guest-transparent prevention of kernel Rootkits with VMM-based memory shadowing. Beilin:Springer-Verlag, 2008
  • [21] GEBHARDT C;DALTON C I;BROWN R. Preventing hypervisorbased Rootkits with trusted execution technology. Network Security, 2008,11
  • [22] LAKSHMI J;NANDY S K. I/O virtualization architecture for security. Washington,DC:IEEE Computer Society, 2010
  • [23] OKAMURA K;OYAMA Y. Load-based covert channels between Xen virtual machines. New York:acm Press, 2010
  • [24] CHENG Ge;JIN Hai;ZOU De-qing. A prioritized Chinese wall model for managing the covert information flows in virtual machine systems. Washington,DC:IEEE Computer Society, 2008
  • [25] JANSEN B;RAMASAMY H V;SCHUNTER M. Architecting dependable and secure systems using virtualization. Heidelberg:Springer-Verlag, 2008
  • [26] SALAUN M. Practical overview of a Xen covert channel. J ournal in Computer Virology, 2010,04
  • [27] IDC. New IDC IT cloud services survey:top benefits and challenges. http://blogs.idc.com/ie/? p =730, 2009-11-15
  • [28] BARHAM P;DRAGOVIC B;FRASER S. Xen and the art of virtualization. New York:acm Press, 2003
  • [29] CATUOGNO L;DMITRIENKO A;ERIKSSON K. Trusted virtual domains:design,implementation and lessons learned. [S.l.]:Springer, 2010
  • [30] BERGER S;CACERES R;GOLDMAN K A. vTPM:virtualizing the trusted platform module. Berkeley:USENIX Association, 2006
  • [31] RUAN An-bang;SHEN Qing-ni;YIN Yuan-you. A generalized trusted virtualized platform architecture. Washington,DC:IEEE Computer Society, 2008
  • [32] SAILER R;JAEGER T;VALDEZ E. Building a MAC-based security architecture for the Xen open-source hypervisor. Washington,DC:IEEE Computer Society, 2005
  • [33] JANSEN B;RAMASAMY H V;SCHUNTER M. Policy enforcement and compliance proofs for Xen virtual machines. New York:acm Press, 2008
  • [34] SHINAGAWA T;EIRAKU H;TANIMOTO K. BitVisor:a thin hypervisor for enforcing I/O device security. New York:acm Press, 2009
  • [35] AZAB A M;NING Peng;WANG Zhi. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity. New York:acm Press, 2010
  • [36] AZAB A M;NING Peng;SEZER E C. HIMA:a hypervisor-based integrity measurement agent. Washington,DC:IEEE Computer Society, 2009
  • [37] WU Qing-bo;WANG Chun-guang;TAN Yu-song. System monitoring and controlling mechanism based on hypervisor. Washington,DC:IEEE Computer Society, 2009
  • [38] 石磊;邹德清;金海. Xen虚拟化技术. 武汉:华中科技大学出版社, 2009
  • [39] XU Min;JIANG Xu-xian;SANDHU R. Towards a VMM-based usage control framework for OS kernel integrity protection. New York:acm Press, 2007
  • [40] WU Jing-zheng;DING Li-ping;WANG Yong-ji. Identification and evaluation of sharing memory covert timing channel in Xen virtual machines. Washington,DC:IEEE Computer Society, 2011
  • [41] RHEE J;RILEY R;XU Dong-yan. Defeating dynamic data kernel rootkit attacks via VMM-based guest-transparent monitoring. 2009
查看更多︾
相似文献 查看更多>>
3.235.66.217