基于放置策略动态化的共存攻击主动防御方法  被引量：1

作　　者：张淼 季新生[1] 刘文彦 扈红超[1] 霍树民 ZHANG Miao;JI Xinsheng;LIU Wenyan;HU Hongchao;HUO Shumin(National Digital Switching Engineering ＆ Technological R＆D Center,Zhengzhou 450002,China)

机构地区：[1]国家数字交换系统工程技术研究中心,河南郑州450002

出　　处：《信息工程大学学报》2018年第3期257-263,共7页Journal of Information Engineering University

基　　金：国家自然科学基金创新研究群体项目(61521003);国家自然科学基金青年科学基金项目(61602509);国家重点研发计划资助项目(2016YFB0800100;2016YFB0800101)

摘　　要：资源共享模式是云计算的重要特征之一,在提高资源使用效率的同时,也给用户的数据和隐私安全性带来了挑战。针对云环境中虚拟机间共存导致的安全威胁,利用放置策略的多样性,提出一种基于放置策略动态化的共存攻击主动防御方法。该方法考虑调度算法逆推和放置漏洞等问题,根据当前云环境中服务器的运行状态,由负载情况将服务器划分为不同的层级;将动态生成的随机数与多种不同负载状态下服务器的比例进行比较,动态选择相应的虚拟机放置策略,防止攻击者利用单一静态放置策略存在的漏洞,达到主动防御共存攻击的目的。实验结果表明,在不影响系统整体负载均衡的条件下,相比于最多或最少虚拟机策略,该方法至少能降低60%共存概率;相比于随机策略,该方法能在降低共存概率的同时更有效地实现资源节约。Resource sharing is one of the most important characteristics of cloud computing. Whereas it greatly improves the efficiency of resource utilization, it also challenges the user＇ s data and privacy security. To address the security threat caused by the co-resident attack of the virtual machines in the cloud environment, this paper proposes a deiense method based on the dynamic placement strategies. Considering the problem of inversing scheduling algorithm and placement vulnerability in previous research, this method divides the servers into different levels by load conditions, then com- pares a randomly generated number with the rate of servers in ditterent load states. Thus it can dynamically select the corresponding virtual machine placement strategy according to the operation state of servers in the cloud environment. Thereiore, we can prevent an attacker from taking advantage of vulnerability of a single static placement strategy, and achieve the purpose of active deiense against co-resident attack. The experimental results show that the proposed method can effectively reduce the co-resident probability by 60% at least without affecting load balance of the whole system compared with the most or least virtual machine random strategy.

关 键 词：虚拟机 共存攻击 放置策略 主动防御 动态化 

分 类 号：TP302[自动化与计算机技术—计算机系统结构]