發(fā)布時(shí)間：2018-05-27 10:33

  本文選題：云計(jì)算平臺(tái) + 虛擬化�。� 參考：《哈爾濱工業(yè)大學(xué)》2015年碩士論文

【摘要】：隨著計(jì)算機(jī)、互聯(lián)網(wǎng)領(lǐng)域技術(shù)快速發(fā)展,云計(jì)算服務(wù)廣泛普及,給我們帶來(lái)便利的同時(shí),也存在很多安全隱患,現(xiàn)有的安全技術(shù)不足以覆蓋云計(jì)算平臺(tái)面臨的威脅。作為安全攻防領(lǐng)域中重要的一部分,安全審計(jì)技術(shù)起著很大的作用,通過(guò)安全審計(jì)技術(shù)能夠?yàn)樵朴?jì)算的內(nèi)容監(jiān)管、攻擊溯源及取證提供有力的支撐。本文著重針對(duì)云計(jì)算平臺(tái)的安全審計(jì)方法進(jìn)行研究,通過(guò)分析現(xiàn)有安全審計(jì)技術(shù)的優(yōu)缺點(diǎn),結(jié)合云計(jì)算平臺(tái)多級(jí)、多用戶的特點(diǎn),提出了云環(huán)境下多層次、粒度可控的按需安全審計(jì)方法,既能適應(yīng)用戶多變的需求,又可以對(duì)不同層次下的審計(jì)數(shù)據(jù)進(jìn)行相互補(bǔ)充與印證,消除語(yǔ)義鴻溝、豐富語(yǔ)義信息。本文首先介紹了云環(huán)境下安全審計(jì)技術(shù)的研究意義以及相關(guān)背景、國(guó)內(nèi)外研究現(xiàn)狀。其次分別介紹了傳統(tǒng)計(jì)算機(jī)架構(gòu)和云環(huán)境架構(gòu)的特點(diǎn)、差異以及不同架構(gòu)下的安全審計(jì)技術(shù)。通過(guò)對(duì)現(xiàn)有安全審計(jì)方法的研究,本文提出了云環(huán)境下安全審計(jì)的研究方案。結(jié)合云架構(gòu)的多級(jí)模式特點(diǎn),提出了采用VMI虛擬機(jī)自省技術(shù),從虛擬機(jī)操作系統(tǒng)層和VMM管理層分別進(jìn)行安全審計(jì),實(shí)現(xiàn)不同層次的審計(jì)數(shù)據(jù)相互補(bǔ)充與印證,豐富語(yǔ)義信息,為了關(guān)聯(lián)多層次間的審計(jì)日志,提出了基于序列號(hào)的共享內(nèi)存方式;結(jié)合云環(huán)境下多用戶多需求的特點(diǎn),提出了粒度可控的安全審計(jì)方法。為降低審計(jì)日志輸出對(duì)于系統(tǒng)性能的消耗提出了建立內(nèi)存緩沖區(qū)的方式并進(jìn)行試驗(yàn)驗(yàn)證。最后對(duì)安全審計(jì)系統(tǒng)體系結(jié)構(gòu)、工作流程進(jìn)行詳細(xì)介紹。通過(guò)實(shí)驗(yàn)驗(yàn)證審計(jì)系統(tǒng)的有效性,并對(duì)系統(tǒng)的性能開(kāi)銷進(jìn)行分析。實(shí)驗(yàn)結(jié)果表明本文提出的多層次粒度可控的安全審計(jì)方法可以有效減少其給系統(tǒng)帶來(lái)的性能消耗。
[Abstract]:With the rapid development of computer and Internet technology, cloud computing services are widely spread, which brings us convenience, but also has a lot of security risks, the existing security technology is not enough to cover the threat to cloud computing platform. As an important part of the field of security attack and defense, security audit technology plays a very important role, through the security audit technology can provide strong support for cloud computing content supervision, attack traceability and evidence collection. This paper focuses on the research of the security audit method of cloud computing platform. By analyzing the advantages and disadvantages of the existing security audit technology, combined with the multi-level and multi-user characteristics of cloud computing platform, this paper proposes a multi-level cloud environment. The on-demand security audit method with controllable granularity can not only adapt to the changing needs of users, but also complement and confirm the audit data at different levels, eliminate the semantic gap and enrich semantic information. This paper first introduces the research significance and related background of security audit technology in cloud environment, and the current research situation at home and abroad. Secondly, the characteristics, differences and security audit techniques of traditional computer architecture and cloud environment architecture are introduced respectively. Through the research of the existing security audit methods, this paper puts forward the research scheme of the security audit under the cloud environment. According to the multi-level pattern characteristics of cloud architecture, this paper proposes to use VMI virtual machine introspection technology to carry out security audit from virtual machine operating system layer and VMM management layer, so that audit data at different levels can complement and verify each other and enrich semantic information. In order to correlate multi-level audit logs, a shared memory method based on serial number is proposed, and a security audit method with controllable granularity is proposed according to the characteristics of multi-user and multi-requirement in cloud environment. In order to reduce the consumption of audit log output on system performance, a memory buffer is proposed and tested. Finally, the architecture and workflow of the security audit system are introduced in detail. The effectiveness of the audit system is verified by experiments, and the performance overhead of the system is analyzed. The experimental results show that the multi-level granularity controllable security audit method proposed in this paper can effectively reduce the performance consumption of the system.
【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 劉恒勝;網(wǎng)絡(luò)用戶行為審計(jì)技術(shù)[J];計(jì)算機(jī)安全;2005年11期

2 何會(huì)民;胡躍湘;臧衛(wèi)華;;Linux2.6系統(tǒng)調(diào)用鉤子的原理分析和實(shí)現(xiàn)應(yīng)用[J];湖南工程學(xué)院學(xué)報(bào)(自然科學(xué)版);2007年03期

3 姜秋生;容曉峰;;VMI技術(shù)研究綜述[J];電子設(shè)計(jì)工程;2013年01期

4 李承,王偉釗,程立,汪為農(nóng),李家濱;基于防火墻日志的網(wǎng)絡(luò)安全審計(jì)系統(tǒng)研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2002年06期

5 范紅;邵華;李程遠(yuǎn);胡志昂;;應(yīng)用系統(tǒng)安全審計(jì)監(jiān)測(cè)研究與實(shí)現(xiàn)[J];信息網(wǎng)絡(luò)安全;2012年08期

，

本文編號(hào)：1941682