發(fā)布時間：2018-10-17 19:53

【摘要】：基于互聯(lián)網(wǎng)的云計算,以服務(wù)的方式為用戶提供動態(tài)可伸縮的虛擬化資源,將其所提供的所有服務(wù)構(gòu)建在動態(tài)的架構(gòu)上,剝離了軟件與應(yīng)用環(huán)境之間的聯(lián)系,使用戶通過網(wǎng)絡(luò)即可獲得其所需的服務(wù),而無須耗費時間在繁瑣的計算資源管理上。資源的彈性需求是云計算的關(guān)鍵特征,因為不同的用戶在不同的時間段所需要的資源是不同的,這就要求云計算系統(tǒng)支持自適應(yīng)的服務(wù)資源管理機制,動態(tài)的分配虛擬資源給不同時間段的不同用戶使用。傳統(tǒng)的云計算模式下,用戶所使用的虛擬計算資源都是處于云端的公共物理資源上,雖然這極大的節(jié)約了云計算平臺的構(gòu)建成本,但是這也使所有用戶數(shù)據(jù)都處于公共的環(huán)境中,這就必然存在著數(shù)據(jù)安全方面的問題。雖然現(xiàn)今社會普遍采用數(shù)據(jù)加密的方式來保證數(shù)據(jù)的安全,但是這些加密方式也存在著一定的安全以及性能方面的問題。因此,針對上述存在的問題,本文設(shè)計并實現(xiàn)了一種安全高效的虛擬網(wǎng)絡(luò)結(jié)構(gòu),在網(wǎng)絡(luò)層面根據(jù)系統(tǒng)平臺上虛擬資源的使用狀況,將其劃分為不同的安全域,在隔離不同安全域之間信息交互的同時,保證同一個安全域內(nèi)的虛擬資源之間能夠交流信息。不僅如此,本文提出的虛擬網(wǎng)絡(luò)結(jié)構(gòu)在保證安全性的同時,實現(xiàn)了一種基于共享內(nèi)存的通信機制,使得虛擬資源能夠根據(jù)其在物理平臺上的實時分布狀態(tài)選擇不同的通信機制,大大提高了虛擬資源之間的通信性能。 本文的主要工作體現(xiàn)在以下幾個方面： 1)設(shè)計并實現(xiàn)了一種安全的虛擬網(wǎng)絡(luò)結(jié)構(gòu)。在網(wǎng)絡(luò)層面根據(jù)系統(tǒng)平臺上虛擬資源的使用狀況,將其劃分為不同的安全域,安全域是彼此隔離的信息域,不同安全域之間不能夠交換信息,保證安全域內(nèi)的數(shù)據(jù)只能由屬于該安全域的虛擬資源所共享,不會外泄到其它安全域。安全域的跨物理主機的實現(xiàn)。這不僅擴大了安全域的范圍,使處于不同物理主機上的虛擬資源能夠劃分到一個安全域內(nèi),實現(xiàn)數(shù)據(jù)的共享,而且有著簡便的實現(xiàn)方式,方便虛擬資源劃分到不同的安全域內(nèi)。同時通過虛擬資源的實時遷移功能,能夠提高系統(tǒng)平臺的可靠性。 2)根據(jù)虛擬資源在系統(tǒng)平臺上的實時分布狀況,設(shè)計并實現(xiàn)了一種新的通信機制,這種基于共享內(nèi)存的通信機制能夠提供比傳統(tǒng)通信機制更高的通信效率,滿足系統(tǒng)平臺上對于高性能通信的需求。
[Abstract]:Internet based cloud computing provides users with dynamic and scalable virtualization resources in the form of services, builds all the services they provide on a dynamic architecture and strips the connection between software and application environment. Users can get the services they need through the network, without wasting time on the tedious computing resource management. The elastic demand of resources is the key feature of cloud computing, because different users need different resources in different time periods, which requires cloud computing systems to support adaptive service resource management mechanism. Dynamically allocate virtual resources to different users in different time periods. In the traditional cloud computing mode, the virtual computing resources used by users are all in the cloud public physical resources, although this greatly saves the construction cost of cloud computing platform. But this also makes all user data in a common environment, which is bound to have data security problems. Nowadays, data encryption is widely used to ensure the security of data, but these encryption methods also have some security and performance problems. Therefore, in view of the above problems, this paper designs and implements a secure and efficient virtual network structure, which is divided into different security domains according to the use of virtual resources on the system platform. While isolating the information exchange between different security domains, the virtual resources in the same security domain can exchange information at the same time. Moreover, the virtual network structure proposed in this paper not only guarantees the security, but also implements a communication mechanism based on shared memory, which enables virtual resources to choose different communication mechanisms according to their real-time distributed state on the physical platform. The communication performance between virtual resources is greatly improved. The main work of this paper is as follows: 1) A secure virtual network structure is designed and implemented. On the network level, virtual resources are divided into different security domains according to the use of virtual resources on the system platform. Security domains are information domains isolated from each other, and information can not be exchanged between different security domains. Ensure that the data in the security domain can only be shared by the virtual resources belonging to the security domain, and will not be leaked to other security domains. Security domain cross-physical host implementation. This not only expands the scope of the security domain, but also makes the virtual resources on different physical hosts can be divided into a security domain to share data, and has a simple way to realize the virtual resources to be divided into different security domains. At the same time, the reliability of the system platform can be improved by the real-time migration of virtual resources. 2) according to the real-time distribution of virtual resources on the system platform, a new communication mechanism is designed and implemented. The communication mechanism based on shared memory can provide higher communication efficiency than the traditional communication mechanism and meet the requirements of high performance communication on the system platform.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.01

【參考文獻】

相關(guān)期刊論文 前3條

1 郝昌澤;虛擬網(wǎng)技術(shù)在企業(yè)網(wǎng)中的應(yīng)用[J];工程建設(shè)與設(shè)計;2004年11期

2 王冰;;淺談云計算環(huán)境下用戶數(shù)據(jù)的安全保護和隔離[J];硅谷;2011年15期

3 朱團結(jié);艾麗蓉;;基于共享內(nèi)存的Xen虛擬機間通信的研究[J];計算機技術(shù)與發(fā)展;2011年07期

，

本文編號：2277777