VFRS:一种面向虚拟计算环境的入侵容忍方法  被引量：3

作　　者：赵峰[1,2,3] 金海[1,2,3] 金莉[1] 袁平鹏[1,2,3] 

机构地区：[1]华中科技大学计算机科学与技术学院,武汉430074 [2]服务计算技术与系统教育部重点实验室,武汉430074 [3]集群与网格计算湖北省重点实验室,武汉430074

出　　处：《计算机研究与发展》2010年第3期493-499,共7页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60803114);国家"九七三"重点基础研究发展计划基金项目(2007CB310900)

摘　　要：虚拟计算环境的开放性、复杂性和动态性向入侵容忍提出了新的挑战,提出VFRS方法以解决虚拟计算环境中数据对入侵的容忍问题.设计SCSFA算法分析虚拟计算环境的系统调用行为序列,以识别虚拟计算环境下的入侵企图,预测敏感数据的高危区域;其次,将要保护的数据划分成若干片数据,并以容忍虚拟计算环境随机错误为目标对每个片数据冗余备份;然后将冗余片数据分散到不同虚拟机上.VFRS方法能有效预测虚拟计算环境下的异常入侵,并能较好地容忍虚拟计算环境下的复杂性错误.对VFRS方法实现的关键问题进行了详细的讨论和分析.With the emergence of multi-core processor, virtualization technology has attracted attention and developed rapidly in recent years. Virtual computing environment based on virtual machine becomes a hot topic in the field of network computing. Virtual computing environment is open, complex and dynamic, which has brought new challenges to system security, especially to intrusion tolerance. In this paper, VFRS method is proposed in order to protect sensitive data from intrusion in virtual computing environment. Firstly, a probability computing model is constructed to present system call sequences and the SCSFA algorithm is designed to predict the attempt of intrusion and to determine what need to protect, which is based on the analysis of system call sequence^in virtual computing systems~ Secondly, the sensitive data protected are divided into a number of film data, and for the goals of random errors tolerance, each tablet data are redundant backup based on Byzantine fault tolerance~ Then, the redundant data are distributed to different virtual machines. VFRS method can predict the anomaly intrusion and well tolerate the complicated errors in virtual computing environment. The experimental results show that VFRS is effective and of high performance compared with related work. Some key issues of the VFRS method are also discussed and analyzed in detail.

关 键 词：入侵容忍 虚拟计算 系统安全 序列预测 系统调用 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]