计算机工程 ›› 2020, Vol. 46 ›› Issue (2): 21-27,34.doi: 10.19678/j.issn.1000-3428.0054337

• 热点与综述 • 上一篇    下一篇

一种基于冗余跳变的虚拟机动态迁移方法

孙志勇, 季新生, 游伟, 李英乐   

  1. 国家数字交换系统工程技术研究中心, 郑州 450002
  • 收稿日期:2019-03-22 修回日期:2019-05-06 发布日期:2020-02-12
  • 作者简介:孙志勇(1994-),男,硕士研究生,主研方向为新一代移动通信网络技术;季新生,教授;游伟、李英乐,讲师。
  • 基金项目:
    国家自然科学基金(61801515);国家自然科学基金创新研究群体项目(61521003);国家重点研发计划(2016YFB0801605)。

A Virtual Machine Dynamic Migration Method Based on Redundant Transition

SUN Zhiyong, JI Xinsheng, YOU Wei, LI Yingle   

  1. China National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China
  • Received:2019-03-22 Revised:2019-05-06 Published:2020-02-12

摘要: 在5G核心网虚拟化环境中,虚拟机共用同一物理服务器会带来一系列的安全问题,如发生侧信道攻击、虚拟节点溢出攻击等,造成用户隐私信息泄露。现有基于虚拟机动态迁移的防御方法是一种有效的主动防御技术,但虚拟机频繁迁移导致了迁移资源开销大和迁移安全性低的问题。为此,提出一种基于冗余跳变的虚拟机迁移方法,对不同虚拟机的迁移频率建立评估计算模型,在保证虚拟机隐私信息安全的前提下减小虚拟机迁移频率,对部分虚拟机采用冗余跳变的方法,以应对虚拟机频繁迁移带来的安全风险。实验结果表明,与现有虚拟机动态迁移方法相比,该方法在取得相同安全防护效果的同时,能够缩短平均迁移收敛时间并降低迁移开销。

关键词: 信息泄露, 虚拟机迁移, 迁移算法, 冗余跳变, 侧信道攻击, 虚拟节点溢出攻击

Abstract: In 5G core network virtualization environment, the virtual machines sharing the same physical server brings a series of problems,such as Side-Channel Attack(SCA),Virtual Node Escape Attack(VNEA) and so on,causing user private information disclosure.The existing defense method based on dynamic migration of virtual machines is an effective active defense technology,but the frequent migration of virtual machines leads to some problems,such as high resource cost and low migration security.Therefore,this paper proposes a virtual machine migration method based on redundant transition.With this method,an evaluation and calculation model is established for the migration frequency of different virtual machines.On the premise of ensuring the privacy information security of virtual machines,the migration frequency is reduced.The redundant transition method is applied to part of virtual machines to cope with the security risks brought by the frequent migration of virtual machines.Experimental results show that compared with the existing virtual machine dynamic migration method,the proposed method can reduce average migration convergence time and migration cost while maintaining the same security protection effect.

Key words: information leakage, virtual machine migration, migration algorithm, redundant transition, Side-Channel Attack(SCA), Virtual Node Escape Attack(VNEA)

中图分类号: