作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (2): 159-169. doi: 10.19678/j.issn.1000-3428.0056123

• 网络空间安全 • 上一篇    下一篇

拟态通用运行环境的资源管理与调度技术

霍立田, 邵培南, 徐李定, 徐骏   

  1. 中国电子科技集团公司第三十二研究所, 上海 201808
  • 收稿日期:2019-09-25 修回日期:2019-11-05 发布日期:2020-02-12
  • 作者简介:霍立田(1994-),女,硕士研究生,主研方向为云计算、拟态防御;邵培南,研究员;徐李定,工程师;徐骏,博士。
  • 基金资助:
    上海市科学技术委员会科研计划项目"拟态容器安全云平台研究"(18511104402)。

Resource Management and Scheduling Technology for Mimic Common Operating Environment

HUO Litian, SHAO Peinan, XU Liding, XU Jun   

  1. The 32 nd Research Institute of China Electronics Technology Group Corporation, Shanghai 201808, China
  • Received:2019-09-25 Revised:2019-11-05 Published:2020-02-12

摘要: 为达到拟态通用运行环境(MCOE)对已/未知后门和漏洞主动防御、安全威胁攻击及时阻断和数据完整性有效保障等拟态防御目标,提出拟态资源调度准则,基于该准则从拟态资源管理与MCOE框架的交互设计、拟态资源管理与调度等方面论述拟态资源管理服务与调度算法的设计与实现,构造拟态运行节点软硬件资源异构特征分类器及基于三级异构度分类的节点N元组和N异构执行体元组,实现N异构执行体、服务器运行节点资源及其资源对象的随机性、动态性和异构性最大化与资源调度负载均衡,并通过拟态管理服务实例验证了云容器集群上拟态资源管理调度算法的正确性与有效性。

关键词: 拟态通用运行环境, 拟态资源管理, 资源状态, 资源调度, N异构执行体

Abstract: The main goals of mimic defense is to enable Mimic Common Operating Environment(MCOE) to implement active defense against known/unknown backdoors,block sucurity threats and attacks in time,and ensure data integrity.To achieve these goals,this paper proposes the criteria of mimic resource scheduling.Based on the criteria,this paper analyzes the designing and implementation of mimic resource management services and scheduling algorithms in terms of the interaction design of mimic resource management and MCOE framework,mimic resource management,and mimic resource scheduling.This paper also constructs a heterogeneous feature classifier for software and hardware resources of mimic operating nodes,as well as a N-tuple and heterogeneous executor N-tuple based on the third-level heterogeneity.On this basis,this paper balances the resource scheduling loads,and maximizes the randomness,dynamicity and heterogeneity of N heterogeneous executors,resources on the running server node and resource objects.The correctness and effectiveness of the mimic resource management and scheduling algorithm on the cloud container cluster is verified using mimic management service instances.

Key words: Mimic Common Operating Environment(MCOE), mimic resource management, resource state, resource scheduling, N heterogeneous executor

中图分类号: