OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

- 2018

针对减弱隐蔽信道攻击的Xen虚拟机调度策略 Research on Xen virtual machine scheduling strategy to mitigate covert side attacks

彭双和,图尔贡·麦提萨比尔,金傳

Keywords: 虚拟化,Xen虚拟机,隐蔽信道攻击,Credit调度算法

Full-Text Cite this paper Add to My Lib

Abstract:

为了解决在同一平台不同虚拟机间,通过探测缓存信息实施隐蔽信道攻击的问题,提出了一种利用Xen虚拟机调度策略减弱基于缓存的隐蔽信道攻击的防御构想.首先分析了基于缓存的云平台上跨虚拟机的隐蔽信道攻击的原理及步骤,对Xen虚拟机默认的Credit调度算法进行了分析,针对侧通道攻击的特殊需求对Credit调度策略进行了改进:改正后的调度策略一方面通过标记处理目标进程的VCPU,使得该VCPU优先调度,进而躲避攻击进程的缓存探测;另一方面,对攻击进程的VCPU运行也做出了限制,当目标进程没有运行结束时,攻击进程的VCPU总是调度在VCPU队列的末尾,从而在时间上最大限度地与目标进程进行隔离,达到防御侧通道攻击的目的.最后,对调度策略在模拟器中进行了模拟实验,实验结果表明改进的调度策略可以有效减弱基于缓存的隐蔽信道攻击

References

[1]	Liu F,Yarom Y,Ge Q,et al.Last-level cache sidechannel attacks are practical[C]//IEEE Symposium on Security&Privacy,2015:605-622.
[2]	郑兴杰.基于SMP架构的半虚拟化CPU调度算法[D].哈尔滨:哈尔滨工程大学,2009:19-33.Zheng Xingjie.Research on CPU scheduler of paravirtualization based on SMP architecture[D].Harbin:Harbin Engineering University,2009:19-33.
[3]	Barham P,Dragovic B,Fraser K,et al.Xen and the art of virtualization[J].Acm Sigops Operating Systems Review,2003,37(5):164-177.
[4]	Duda K J,Cheriton D R.Borrowed-virtual-time(BVT)scheduling:supporting latency-sensitivethreads in a general-purpose scheduler[J].Acm Sigops Operating Systems Review,2000,34(2):27-28.
[5]	Elewi A M,Awadalla M H A,Eladawy M I.Energy efficient real time scheduling of dependent tasks sharing resources[C]//Geoffrey Fox.Proceedings of the2008High Performance Computing&Simulation Conference,Nicosia,Cyprus:Waleed W.Smari,2008:107-116.
[6]	张天宇,关楠,邓庆绪.Xen虚拟机Credit调度算法的实时性能分析[J].计算机科学,2015,42(12):115-119.Zhang Tianyu,Guan Nan,Deng Qingxu.Analysis of real-time performance of algorithm credit in Xen virtual machine[J].Computer Science,2015,42(12):115-119.
[7]	Kannan P.A study on virtualization techniques and challenges in cloud computing[J].International Journal of Scientific&Technology Research,2014,11(3):147-151.
[8]	Maurer M,Brandic I,Sakellariou R.Adaptive resource configuration for cloud infrastructure management[J].Future Generation Computer Systems,2013,29(2):472-487.
[9]	Wang Z,Lee R B.Covert and side channels due to processor architecture[C]//Computer Security Applications Conference.IEEE Computer Society,2006:473-482.
[10]	Muthunagai S U,Karthic C D,Sujatha S.Efficient access of cloud resources through virtualization techniques[C]//International Conference on Recent Trends in Information Technology,2012:174-178.
[11]	Ristenpart T,Tromer E,Shacham H,et al.Get off my cloud:exploring information leakage in Third-Party compute clouds[C]//ACM Conference on Computer and Communications Security,CCS 2009,Chicago,Illinois,Usa,November,2009:199-212.
[12]	Xu Y,Bailey M,Jahanian F,et al.An exploration of L2cache covert channels in virtualized environments[C]//ACM Cloud Computing Security Workshop,CCSW 2011,Chicago,USA,October,2011:29-40.
[13]	Wu Z,Xu Z,Wang H.Whispers in the hyper-space:high-bandwidth and reliable covert channel attacks inside the cloud[J].IEEE/ACM Transactions on Networking,2015,23(2):603-615.
[14]	Matthews J N,Dow E M,Deshane T,et al.Running Xen:A Hands-On Guide to the Art of Virtualization[M].Prentice Hall PTR,2008:10-34.
[15]	Percival C.Cache missing for fun and profit[C]//Proceedings of the BSDCan,2005.URL:http://people.cs.uchicago.edu/~ftchong/290N-F06/covertcache.pdf.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133