作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2014, Vol. 40 ›› Issue (12): 26-32. doi: 10.3969/j.issn.1000-3428.2014.12.005

所属专题: 云计算专题

• 云计算专题 • 上一篇    下一篇

云计算客户虚拟机间的安全机制研究与实现

乔然,胡俊,荣星   

  1. 北京工业大学计算机学院,北京 100124
  • 收稿日期:2014-03-24 修回日期:2014-04-28 出版日期:2014-12-15 发布日期:2015-01-16
  • 作者简介:乔 然(1988-),男,硕士研究生,主研方向:信息安全,云计算,可信计算;胡 俊,讲师、博士;荣 星,博士研究生。
  • 基金资助:
    国家科技重大专项基金资助项目(2012ZX03002003)。

Research and Implementation of Security Mechanism Among Guest Virtual Machine in Cloud Computing

QIAO Ran,HU Jun,RONG Xing   

  1. College of Computer,Beijing University of Technology,Beijing 100124,China
  • Received:2014-03-24 Revised:2014-04-28 Online:2014-12-15 Published:2015-01-16

摘要: 云计算提供的弹性服务依赖于虚拟化技术的支持,然而虚拟化技术存在的安全问题也严重威胁着云计算的安全。针对目前云计算虚拟化技术中客户机操作系统面临的安全风险,在分析云计算虚拟化技术需求及特点的基础上,设计适用于云计算环境的集中管理、分布式实施的强制访问控制以及基于云资源控制的隔离机制,使其相互配合。保证云计算中客户机操作系统的安全,并在使用XEN作为虚拟化软件的OPENSTACK平台上实现这些安全机制。实验结果表明,该安全机制能够较好地防护针对客户机操作系统的攻击,对客户机操作系统的安全起到有效的保护作用。

关键词: 云计算, 虚拟化安全, 客户虚拟机, 强制访问控制, 隔离机制, 中国墙策略

Abstract: The elastic cloud computing service relies on virtualization technology.However,security problems of virtualization technology are also posing threats to cloud computing.This paper focuses on the risks confronted by guest virtual machine in cloud computing.Some mechanisms,including a centralized-managing and distributed-executing access control and a cloud resource controlling based separation,are designed to protect the safety of guest virtual machine based on an analysis about the security requirements of guest virtual machine.After that,these mechanisms are implemented in a XEN based OPENSTACK cloud environment.Some experiments are designed as well to test these mechanisms,which show improvement is made in protecting guest virtual machine in cloud environment and prove the validity of these mechanisms.

Key words: cloud computing, virtualization security, guest virtual machine, mandatory access control, separation mechanism, Chinese wall strategy

中图分类号: