【摘要】：隱蔽信道是一種能夠繞過系統(tǒng)安全策略傳輸信息的信息隱藏技術(shù),廣泛的存在于系統(tǒng)和網(wǎng)絡(luò)中,其中時(shí)間隱蔽信道是最具威脅性的一種,該類通道利用發(fā)送信息的時(shí)間間隔傳輸隱秘信息,具有非常好的隱蔽性,傳統(tǒng)安全策略無從下手。近年來,隨著云計(jì)算的發(fā)展,時(shí)間隱蔽信道的研究領(lǐng)域延伸到云平臺中,云平臺下資源的共享優(yōu)勢,更是成為了時(shí)間隱蔽信道發(fā)展的溫床。因此,云平臺中時(shí)間隱蔽信道的研究對確保用戶數(shù)據(jù)安全乃至整個(gè)云環(huán)境的安全有著重要的意義和價(jià)值。本文通過對時(shí)間隱蔽信道在云平臺下的特征進(jìn)行分析,介紹了云計(jì)算中的技術(shù)特點(diǎn)和面臨的安全威脅,闡述了云平臺下隱蔽信道的定義和分類。緊接著強(qiáng)調(diào)了時(shí)間隱蔽信道在云平臺下具有的威脅,總結(jié)了時(shí)間隱蔽信道的活動(dòng)特征,分析了當(dāng)前該領(lǐng)域的研究現(xiàn)狀和面臨的挑戰(zhàn)。為了豐富當(dāng)前的云取證研究,克服當(dāng)前時(shí)間隱蔽信道的研究挑戰(zhàn)。本文提出了基于內(nèi)存活動(dòng)記錄的分析維度,總結(jié)時(shí)間隱蔽信道長期活動(dòng)特征并以此設(shè)計(jì)實(shí)現(xiàn)了一套識別算法,最后在此基礎(chǔ)上增加了證據(jù)的收集和分析功能,形成一套完整的取證框架。在Xen平臺上,本文實(shí)現(xiàn)了根據(jù)上述框架設(shè)計(jì)實(shí)現(xiàn)了一個(gè)原型系統(tǒng),所有的實(shí)現(xiàn)都利用了虛擬機(jī)管理技術(shù),實(shí)現(xiàn)了對客戶虛擬機(jī)的完全透明,這在保護(hù)了犯罪現(xiàn)場的同時(shí),也保證了目標(biāo)系統(tǒng)的持續(xù)可用性,防止取證過程被攻擊者發(fā)現(xiàn)和干擾。為了評價(jià)該框架的性能,本文模擬實(shí)現(xiàn)了幾個(gè)常見的時(shí)間隱蔽信道,并橫向引入了其他類似的研究方法做比較分析。實(shí)驗(yàn)結(jié)果表明,本文提出所提方法識別精度在多種復(fù)雜情況下都保持在90%以上,甚至在高噪音的條件。提出的內(nèi)存活動(dòng)記錄加上網(wǎng)絡(luò)信道的網(wǎng)絡(luò)報(bào)文記錄,固定了犯罪現(xiàn)場的證據(jù),通過取證過程的分析,證明了這些記錄對于現(xiàn)場還原的可利用性。
[Abstract]:Covert channel is a kind of information hiding technology which can bypass the system security policy to transmit information. It exists widely in the system and network. The time-covert channel is the most threatening one. This kind of channel transmits covert information by the time interval of transmitting information. It has very good covertness and traditional security strategy can not start. In recent years, with the development of cloud computing, the research field of time covert channel extends to the cloud platform, and the resource sharing advantage of the cloud platform becomes the hotbed of the development of time covert channel. This paper analyzes the characteristics of the time-covert channel under the cloud platform, introduces the technical characteristics and security threats in cloud computing, expounds the definition and classification of the time-covert channel under the cloud platform, then emphasizes the threat of the time-covert channel under the cloud platform, and summarizes the active characteristics of the time-covert channel. In order to enrich the current cloud Forensics Research and overcome the current research challenges of time-steganography channel, this paper proposes an analysis dimension based on memory activity record, summarizes the long-term activity characteristics of time-steganography channel, and designs and implements a set of recognition algorithms. On the Xen platform, this paper designs and implements a prototype system based on the above framework. All the implementations make use of the virtual machine management technology to achieve complete transparency to the client virtual machine, which not only protects the crime scene, but also protects the crime scene. In order to evaluate the performance of this framework, several common time-covert channels are simulated and implemented, and other similar research methods are introduced horizontally to make a comparative analysis. The experimental results show that the proposed method has multiple recognition accuracy. The proposed memory activity records, together with network message records over the network channel, fix the evidence of the crime scene. The analysis of the forensics process proves the availability of these records for on-site restoration.
【學(xué)位授予單位】：南京大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.09;TP309
，

本文編號：2238333