本文選題：云計(jì)算 + 安全�。� 參考：《廣西大學(xué)》2015年碩士論文

【摘要】：近年來(lái),云計(jì)算技術(shù)廣泛應(yīng)用和發(fā)展。云計(jì)算通過(guò)網(wǎng)絡(luò)服務(wù)將本地大量的服務(wù)器資源整合提供給多個(gè)用戶。基于它的組成形式,云計(jì)算具有按需擴(kuò)展的優(yōu)勢(shì)。然而,在云計(jì)算廣泛運(yùn)用的同時(shí),通過(guò)網(wǎng)絡(luò)在多人共享資源的情況下,用戶的數(shù)據(jù)安全性很難得到保證。云計(jì)算中應(yīng)用最廣泛的是虛擬機(jī)動(dòng)態(tài)遷移技術(shù)。虛擬機(jī)動(dòng)態(tài)遷移可以方便虛擬機(jī)集群的管理、維護(hù)以及負(fù)載均衡、資源優(yōu)化。目前的研究大多著重考慮了縮短遷移時(shí)間、能夠快速遷移、如何減少遷移量等方面,關(guān)于虛擬機(jī)動(dòng)態(tài)遷移中的安全性方面的研究還不是很多。本文在深入分析云計(jì)算環(huán)境中存在的數(shù)據(jù)信息安全性問(wèn)題的基礎(chǔ)上,從數(shù)據(jù)信息的安全保護(hù)問(wèn)題出發(fā),緊緊圍繞云計(jì)算環(huán)境中虛擬機(jī)動(dòng)態(tài)遷移過(guò)程中遇到的網(wǎng)絡(luò)攻擊,從而導(dǎo)致數(shù)據(jù)信息的完整性、機(jī)密性保障等問(wèn)題,就云計(jì)算環(huán)境中虛擬機(jī)動(dòng)態(tài)遷移中涉及安全的相關(guān)問(wèn)題展開研究。主要開展的研究工作如下：(1)首先,了解和研究現(xiàn)有的云計(jì)算中虛擬機(jī)遷移的方法和技術(shù)特點(diǎn),分析它們具有的優(yōu)點(diǎn)和存在的安全問(wèn)題。(2)其次,重點(diǎn)分析了虛擬機(jī)動(dòng)態(tài)遷移中可能存在的不足,闡明了安全隱患的存在性。分別從虛擬機(jī)監(jiān)控器、遷移數(shù)據(jù)和遷移模塊等三個(gè)方面分析了動(dòng)態(tài)遷移過(guò)程中存在攻擊行為,并針對(duì)每一類攻擊分別提出了各自的防御方法。這些防御方法針對(duì)現(xiàn)有的虛擬機(jī)監(jiān)控器存在的問(wèn)題,添加了遷移數(shù)據(jù)保護(hù)模塊、元數(shù)據(jù)管理模塊和安全控制模塊等,提高了虛擬機(jī)的動(dòng)態(tài)遷移的保護(hù)能力。遷移數(shù)據(jù)保護(hù)模塊保護(hù)遷移虛擬機(jī)內(nèi)部的內(nèi)存頁(yè),主要負(fù)責(zé)內(nèi)存頁(yè)數(shù)據(jù)的攔截、加密和解密部分。元數(shù)據(jù)管理模塊主要負(fù)責(zé)遷出端將分散的虛擬機(jī)的遷移元數(shù)據(jù)收集,在遷入端虛擬機(jī)上將元數(shù)據(jù)傳輸重構(gòu)。安全控制模塊主要負(fù)責(zé)防御一些安全漏洞,保護(hù)虛擬機(jī)動(dòng)態(tài)遷移機(jī)制模擬實(shí)驗(yàn)驗(yàn)證了虛擬機(jī)動(dòng)態(tài)遷移過(guò)程中存在攻擊的可能性,說(shuō)明了所提出的防御方法的有效性。(3)結(jié)合上述的研究工作,通過(guò)對(duì)已有的虛擬機(jī)動(dòng)態(tài)遷移算法進(jìn)行分析,特別是對(duì)預(yù)拷貝機(jī)制的虛擬機(jī)遷移協(xié)議進(jìn)行改進(jìn),提出一種具有相對(duì)完善安全機(jī)制的虛擬機(jī)安全遷移協(xié)議,以提高遷移過(guò)程中的安全性。該協(xié)議。該協(xié)議包括動(dòng)態(tài)遷移前雙方的認(rèn)證和虛擬機(jī)安全遷移兩部分。動(dòng)態(tài)遷移前雙方的認(rèn)證通過(guò)握手協(xié)議,建立可信通道等；虛擬機(jī)安全遷移部分基于Xen的動(dòng)態(tài)遷移協(xié)議內(nèi)容進(jìn)行添加,在預(yù)拷貝、虛擬機(jī)暫停和恢復(fù)三個(gè)階段分別加入了保障安全的協(xié)議。理論的分析和CloudSim仿真器的實(shí)驗(yàn)結(jié)果說(shuō)明了所提出的安全動(dòng)態(tài)遷移協(xié)議是可行和有效的,它可以用于現(xiàn)實(shí)對(duì)虛擬機(jī)的動(dòng)態(tài)遷移安全進(jìn)行保護(hù)。本文的研究是對(duì)云計(jì)算環(huán)境中虛擬機(jī)動(dòng)態(tài)遷移中涉及安全的相關(guān)問(wèn)題的一次有益的嘗試。論文的研究工作和成果對(duì)云計(jì)算安全和動(dòng)態(tài)遷移的安全有較好的借鑒意義,研究成果具有一定的科學(xué)意義和實(shí)用價(jià)值。
[Abstract]:In recent years, cloud computing has been widely used and developed. Cloud computing provides a large number of local server resources to multiple users through network services. Based on its composition, cloud computing has the advantage of expanding demand. However, in the context of the widespread use of cloud computing, the user's data is shared by the network in the case of multiple sharing of resources. Security is difficult to ensure. The most widely used in cloud computing is the dynamic migration of virtual machines. Dynamic migration of virtual machines can facilitate the management, maintenance, load balancing and resource optimization of virtual machines. Most of the current research focuses on reducing migration time, fast migration, and how to reduce migration. On the basis of analyzing the security problem of data information in the cloud computing environment, this paper, based on the analysis of the security problem of data information in the cloud computing environment, starts with the security protection of data information, closely surrounding the network attacks in the dynamic migration process of the virtual machine in the cloud computing environment, resulting in the data letter. The integrity of interest, the security of confidentiality and other issues, research on the related issues related to security in the dynamic migration of virtual machines in the cloud computing environment. The main research work is as follows: (1) first, to understand and study the existing methods and technical points of the virtual machine migration in the existing cloud computing, analyze their advantages and existing security problems. (2) Secondly, it focuses on the analysis of the possible shortcomings in the dynamic migration of virtual machines, and clarifies the existence of the hidden security risks. From the three aspects of the virtual machine monitor, the migration data and the migration module, the attack behavior is analyzed in the dynamic migration process, and the respective defense methods are put forward respectively for each type of attack. Methods in view of the existing problems of the existing virtual machine monitor, the migration data protection module, the metadata management module and the security control module are added to improve the dynamic migration protection ability of the virtual machine. The migration data protection module protects the internal memory pages in the migrated virtual machine, which is mainly responsible for the interception of the memory page data and the encryption and reconciliation. The metadata management module is responsible for collecting the migratory metadata of the dispersed virtual machine and reconstructing the metadata transfer on the migratory virtual machine. The security control module is responsible for defending some security vulnerabilities, protecting the virtual machine dynamic migration mechanism and simulating experimental verification that there is an attack in the dynamic migration process of the virtual machine. The possibility of the proposed defense method is effective. (3) combining the above research work, the existing virtual machine dynamic migration algorithm is analyzed, especially the virtual machine migration protocol of the pre copy mechanism is improved, and a virtual machine security migration protocol with relatively perfect security mechanism is proposed in order to improve the migration of the virtual machine. The protocol. This protocol includes two parts: authentication of both sides and secure migration of virtual machine before dynamic migration. Before dynamic migration, authentication through handshake protocol is used to build trusted channel. The virtual machine security migration part is added to the content of dynamic migration protocol based on Xen, in pre copy, pause and restore of virtual machine. The analysis of the theory and the experimental results of the CloudSim simulator show that the proposed security dynamic migration protocol is feasible and effective. It can be used to protect the dynamic migration security of virtual machines in reality. The research of this paper is on the dynamic migration of virtual machines in the cloud computing environment. The research work and results of the paper have a good reference to the security of cloud computing and the security of dynamic migration, and the research results have certain scientific significance and practical value.

【學(xué)位授予單位】：廣西大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP302

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 張彬彬;羅英偉;汪小林;王振林;孫逸峰;陳昊罡;許卓群;李曉明;;虛擬機(jī)全系統(tǒng)在線遷移[J];電子學(xué)報(bào);2009年04期

2 蔣學(xué)淵;李明祿;翁楚良;;虛擬機(jī)動(dòng)態(tài)遷移中的安全分析[J];計(jì)算機(jī)科學(xué)與探索;2011年05期

，

本文編號(hào)：1868863