基于访问控制的Hypervisor非控制数据完整性保护  被引量：3

作　　者：陈志锋[1,2] 李清宝[1,2] 张平[1,2] 曾光裕[1,2] 

机构地区：[1]解放军信息工程大学,郑州450001 [2]数学工程与先进计算国家重点实验室,郑州450001

出　　处：《电子与信息学报》2015年第10期2508-2516,共9页Journal of Electronics & Information Technology

基　　金：核高基国家科技重大专项(2013JH00103);国家863计划项目(2009AA01Z434)~~

摘　　要：在虚拟化技术广泛应用的同时虚拟层的安全问题引起了国内外研究人员的密切关注。现有的虚拟机管理器(Hypervisor)完整性保护方法主要针对代码和控制数据的完整性保护,无法抵御非控制数据攻击;采用周期性监控无法提供实时的非控制数据完整性保护。针对现有方法的不足,该文提出了基于UCON的Hypervisor非控制数据完整性保护模型UCONhi。该模型在非控制数据完整性保护需求的基础上简化了UCON模型,继承了UCON模型的连续性和易变性实现非控制数据的实时访问控制。根据攻击样例分析攻击者和攻击对象确定主客体减少安全策略,提高了决策效率;并基于ECA描述UCONhi安全策略,能够有效地决策非控制数据访问合法性。在Xen系统中设计并实现了相应的原型系统Xen-UCONhi,通过实验评测Xen-UCONhi的有效性和性能。结果表明,Xen-UCONhi能够有效阻止针对虚拟机管理器的攻击,且性能开销在10%以内。With the widely spread of virtualization technology, the security problems of virtual layer have attracted the close attention of domestic and foreign researchers at the same time. Existing virtual machine monitor（or Hypervisor） integrity protection methods mainly focus on code and control data integrity protection, and can not resist the non-control data attacks; using periodic monitoring can not provide real-time non-control data integrity protection. According to the deficiencies of the existing methods, Hypervisor non-control data integrity protection model UCONhi is proposed based on Usage CONtral（UCON）. The model simplifies the UCON model according to the needs of the non-control data integrity protection, inheriting the continuity and mutability of UCON model to realize real-time access control of non-control data. The attacker and the attacked object are analyzed to determine the subjects and objects and reduce the security policies according to the attacking samples, and UCONhi security policies are described based on ECA, which can effectively decide the legality of non-control data access. A prototype system Xen-UCONhi is designed and implemented based on Xen system, and the effectiveness and performance overhead of Xen-UCONhi are evaluated by comprehensive experiments. The results show that Xen-UCONhi can effectively prevent attacks against Hypervisor with less than 10% performance overhead.

关 键 词：虚拟机管理器 非控制数据 使用控制 完整性保护 事件条件行为 

分 类 号：TP316[自动化与计算机技术—计算机软件与理论] TP309[自动化与计算机技术—计算机科学与技术]