本文關(guān)鍵詞： 虛擬化 安全 虛擬機自省(VMI) 入侵檢測 Xen　出處：《華南理工大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：虛擬化技術(shù)是云計算實現(xiàn)的關(guān)鍵技術(shù)，虛擬化技術(shù)能夠?qū)⒂嬎銠C底層的物理資源切分成多個或者合并成一個運行環(huán)境，實現(xiàn)IT資源的邏輯抽象和統(tǒng)一。虛擬化環(huán)境面臨著許多安全問題，如虛擬機之間的通信安全、虛擬機逃逸、惡意軟件（Malware）等。入侵檢測是保護虛擬化環(huán)境安全的有效方法之一，而根據(jù)虛擬化環(huán)境的特點，，采用虛擬機自�。╒irtual Machine Introspection, VMI）技術(shù)實現(xiàn)入侵檢測有諸多優(yōu)點。因此，對虛擬化環(huán)境下的安全性以及如何采用VMI技術(shù)實現(xiàn)入侵檢測的研究對虛擬化和云計算的發(fā)展有重要的價值和意義。 本文首先介紹了虛擬化的相關(guān)內(nèi)容，詳細介紹了虛擬化的分類和當前主流的虛擬化技術(shù)。之后本文研究了虛擬機自省技術(shù)，對其實現(xiàn)方式和難點進行分析。繼而簡要介紹了入侵檢測技術(shù)。對虛擬化環(huán)境下存在的安全威脅進行了詳細的分析，總結(jié)了針對這些威脅可以采取的應(yīng)對方式。 本文對開源虛擬機自省工具LibVMI和內(nèi)存取證分析工具Volatility以及kpartx工具的使用進行研究，對一些主要來自rootkit和木馬的入侵行為和入侵痕跡的成因、危害與檢測方法進行了探討。在此基礎(chǔ)上，本文設(shè)計并實現(xiàn)了基于VMI的入侵檢測系統(tǒng)，系統(tǒng)主要包括基于虛擬機內(nèi)存和基于虛擬機文件系統(tǒng)的兩大檢測模塊，通過使用虛擬機自省技術(shù)從虛擬機外部獲取虛擬機內(nèi)部信息并進行檢測，發(fā)現(xiàn)存在的入侵行為和入侵痕跡后根據(jù)嚴重程度采取不同的響應(yīng)方式，包括日志記錄，郵件告警和暫停虛擬機。 本文最后搭建了Xen虛擬化環(huán)境，在其上建立多臺測試虛擬機，并在此環(huán)境下對系統(tǒng)進行部署和測試，實驗結(jié)果表明系統(tǒng)的各個檢測功能模塊能正常工作，能實現(xiàn)對入侵的檢測，且響應(yīng)功能正常，達到了系統(tǒng)最初的設(shè)計目標。
[Abstract]:Virtualization technology is the key technology of cloud computing implementation. Virtualization technology can divide the physical resources of the underlying computer into more than one or merge into a single running environment. The virtualization environment faces many security problems, such as the security of communication between virtual machines and the escape of virtual machines. Intrusion detection is one of the effective methods to protect the security of virtualized environment, according to the characteristics of virtualized environment. There are many advantages in implementing intrusion detection using virtual Machine introspection (VMI) technology. The research on security in virtualized environment and how to implement intrusion detection with VMI technology is of great value and significance to the development of virtualization and cloud computing. Firstly, this paper introduces the related contents of virtualization, introduces the classification of virtualization and the current mainstream virtualization technology in detail. Then, this paper studies the virtual machine introspection technology. Then the intrusion detection technology is briefly introduced, and the security threats in virtualization environment are analyzed in detail. The possible responses to these threats are summarized. This paper studies the use of open source virtual machine introspection tool (LibVMI), memory forensics analysis tool (Volatility) and kpartx tool. This paper probes into the causes, hazards and detection methods of some intrusions and traces of intrusion mainly from rootkit and Trojan horses. The intrusion detection system based on VMI is designed and implemented in this paper. The system mainly includes two detection modules based on virtual machine memory and virtual machine file system. By using virtual machine introspection technology to obtain the virtual machine internal information from the virtual machine and detect the existence of intrusion behavior and intrusion traces after taking different response according to the severity including logging. Mail alarm and pause virtual machine. At the end of this paper, we build Xen virtualization environment, build several test virtual machines on it, and deploy and test the system in this environment. The experimental results show that the detection function modules of the system can work properly. The intrusion detection can be realized, and the response function is normal, which achieves the initial design goal of the system.
【學(xué)位授予單位】：華南理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前8條

1 房晶;吳昊;白松林;;云計算的虛擬化安全問題[J];電信科學(xué);2012年04期

2 羅糧;周熙;;RootKit在Linux下的工作原理及其檢測[J];計算機安全;2007年03期

3 姜秋生;容曉峰;;VMI技術(shù)研究綜述[J];電子設(shè)計工程;2013年01期

4 何衛(wèi)華;;深入剖析虛擬化安全[J];計算機安全;2013年07期

5 沈余鋒;余小軍;;云計算環(huán)境下虛擬化安全探討[J];電力信息與通信技術(shù);2013年11期

6 張志國;;服務(wù)器虛擬化安全風(fēng)險及其對策研究[J];晉中學(xué)院學(xué)報;2010年03期

7 程戈;鄒德清;李敏;季成;;基于可信輕量虛擬機監(jiān)控器的安全架構(gòu)[J];計算機應(yīng)用研究;2010年08期

8 張然,錢德沛,張文杰,劉軼,欒鐘治;入侵檢測技術(shù)研究綜述[J];小型微型計算機系統(tǒng);2003年07期

本文編號：1487765