检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘维杰 王丽娜[1,2] 王丹磊[1,2] 尹正光 付楠 LIU Weijie;WANG Li'na;WANG Danlei;YIN Zhengguang;FU Nan(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan 430079,China;School of Cyber Science and Engineering,Wuhan University,Wuhan 430079,China;Alibaba Cloud Computing Co.,Ltd.,Hangzhou 311121,China)
机构地区:[1]空天信息安全与可信计算教育部重点实验室,湖北武汉430079 [2]武汉大学国家网络安全学院,湖北武汉430079 [3]阿里云计算有限公司,浙江杭州311121
出 处:《通信学报》2018年第11期116-128,共13页Journal on Communications
基 金:国家自然科学基金资助项目(No.U1536204);中央高校基本科研业务费专项基金资助项目(No.2042018kf1028)~~
摘 要:若攻击者想攻击云平台上某一目标虚拟机,则其必须与目标虚拟机同驻。基于此,提出一种虚拟机同驻方法,通过构建云环境中自适应的隐蔽信道,结合基于隐蔽信道的虚拟机同驻检测方法和自动化虚拟机洪泛策略,并在国内某知名商业云平台上进行同驻验证。实验表明,所构建的自适应隐蔽信道传输正确率可高达95%以上;所提出的同驻检测方法置信度高,误检率不超过5‰。同驻方法不会破坏云平台本身隔离性且具有一定的通用性,但潜在威胁极大,亟需重视与防范。If the attacker wants to compromise a target virtual machine on a cloud platform, the malicious virtual machine must be co-resident with the target. Based on this, a virtual machine co-residency method was proposed. The method combined a co-residency detection scheme based on covert channel construction and an automatic virtual machine flooding strategy, and was evaluated on a well-known domestic cloud platform. Experiment shows that the adaptive covert channel can achieve accuracies of 95%, the proposed detection scheme has strong robustness whose false positive rate is less than 5 ‰, the proposed method is versatile and keeps the virtualization isolation barrier intact, which has great potential threat and should be paid great attention and precaution.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28