Xen無干擾安全策略模型及安全機(jī)制研究
發(fā)布時間:2019-04-20 07:29
【摘要】:隨著計(jì)算機(jī)技術(shù)的發(fā)展,虛擬化技術(shù)作為云計(jì)算最重要的支撐技術(shù)成為近年來的研究熱點(diǎn)。在眾多虛擬化技術(shù)中,Xen以其優(yōu)越的性能和開源性受到業(yè)界廣泛認(rèn)同。Xen是一種系統(tǒng)虛擬機(jī)(Systerm Virtual Machine,SVM),負(fù)責(zé)管理和控制系統(tǒng)中所有軟硬件資源,并為其上并發(fā)運(yùn)行的多個虛擬機(jī)提供相互隔離的運(yùn)行環(huán)境。但是,如果Xen被破壞,則會危及其上運(yùn)行的所有虛擬機(jī),造成嚴(yán)重的損失。因此,,Xen虛擬機(jī)安全就成為近年來研究的重點(diǎn)。 本文重點(diǎn)研究Xen虛擬機(jī)的安全策略模型和安全機(jī)制,主要工作有以下四點(diǎn): 1、提出了一種最小特權(quán)無干擾安全策略模型(Non-inference Security Poliycy Model withLeast Privilege,LPNIM)。利用Roscoe無干擾理論和通信進(jìn)程代數(shù)CSP(CommunicatingSequential Processes)對模型進(jìn)行了形式化描述,并基于Roscoe惰性抽象、確定性及Schneider階函數(shù)等相關(guān)理論對模型的隔離和共享策略進(jìn)行了形式化證明。該模型利用最小特權(quán)原則的思想,通過實(shí)施分區(qū)級和主體資源級兩級策略,使機(jī)密性無干擾安全策略模型和完整性無干擾安全策略模型有機(jī)結(jié)合,滿足了系統(tǒng)機(jī)密性、完整性和最小特權(quán)需求。 2、構(gòu)建了一個安全增強(qiáng)的Xen虛擬機(jī)體系結(jié)構(gòu)(Security-Enhanced Xen,SEXen)。SEXen基于LPNIM,對現(xiàn)有Xen體系結(jié)構(gòu)進(jìn)行修改,增加了網(wǎng)絡(luò)域、可信啟動模塊(Trusted LaunchModule, TLM)和細(xì)粒度強(qiáng)制訪問控制模塊(Finer-grained Mandatory Access Control Module,F(xiàn)MACM)。SEXen簡化了Dom0特權(quán)域的操作,滿足了模型對可信度量能力和最小特權(quán)信息流控制能力的需求。 3、實(shí)現(xiàn)了從開機(jī)到虛擬機(jī)啟動的可信啟動機(jī)制;趧討B(tài)可信度量技術(shù),設(shè)計(jì)了啟動控制策略,保證了只有度量成功,且提供正確的密鑰時,才可以啟動虛擬機(jī)。該機(jī)制提供了對系統(tǒng)初始狀態(tài)完整性的保護(hù),并阻止了SMM(System Management Mode)繞過攻擊。 4、實(shí)現(xiàn)了細(xì)粒度的信息流訪問控制機(jī)制。通過修改Xen Hypervisor內(nèi)核和Guest OS內(nèi)核,可以實(shí)現(xiàn)對虛擬機(jī)間和虛擬機(jī)內(nèi)部操作的控制,以保證只有在滿足虛擬機(jī)級和主體資源級兩級安全策略的前提下,上述操作才能執(zhí)行。該機(jī)制實(shí)現(xiàn)了最小特權(quán)信息流控制和安全策略的集中統(tǒng)一管理。
[Abstract]:With the development of computer technology, virtualization, as the most important supporting technology of cloud computing, has become a hot research topic in recent years. Among the many virtualization technologies, Xen is widely recognized by the industry for its superior performance and open source. Xen is a system virtual machine (Systerm Virtual Machine,SVM, which is responsible for managing and controlling all hardware and software resources in the system. It also provides an isolated running environment for multiple virtual machines running concurrently on the virtual machine. However, if Xen is destroyed, it will endanger all virtual machines running on it and cause serious losses. Therefore, Xen virtual machine security has become the focus of research in recent years. This paper focuses on the security policy model and security mechanism of Xen virtual machine. The main work is as follows: 1. A minimum privilege non-interference security policy model (Non-inference Security Poliycy Model withLeast Privilege,LPNIM) is proposed. The model is formally described by Roscoe non-interference theory and communication process algebra CSP (CommunicatingSequential Processes), and the isolation and sharing strategy of the model is formally proved based on Roscoe inert abstraction, certainty and Schneider order function. The model makes use of the principle of minimum privilege and implements the two-level policy of partition level and principal resource level, which combines the confidentiality non-interference security policy model and the integrity non-interference security policy model organically, and satisfies the confidentiality of the system. Integrity and minimum privilege requirements. 2, build a security enhanced Xen virtual machine architecture (Security-Enhanced Xen,SEXen). SEXen modifies the existing Xen architecture based on LPNIM, adding network domain and trusted boot module (Trusted LaunchModule,. TLM) and fine-grained mandatory access control module (Finer-grained Mandatory Access Control Module,FMACM). SEXen simplifies the operation of Dom0 privilege domain and satisfies the requirements of the model for trust measurement and minimum privileged information flow control. Thirdly, the trusted boot mechanism from boot to virtual machine is realized. Based on the dynamic trusted metric technology, the startup control strategy is designed, which ensures that the virtual machine can only be started when the metric is successful and the correct key is provided. This mechanism provides protection for the integrity of the initial state of the system and prevents SMM (System Management Mode) from bypassing attacks. 4, the fine-grained information flow access control mechanism is implemented. By modifying the Xen Hypervisor kernel and the Guest OS kernel, the control of the operation between and within the virtual machine can be realized, so as to ensure that the above operations can only be performed on the premise of satisfying the security policy of the virtual machine level and the principal resource level. This mechanism realizes the minimum privilege information flow control and the centralized and unified management of the security policy.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2012
【分類號】:TP302
本文編號:2461409
[Abstract]:With the development of computer technology, virtualization, as the most important supporting technology of cloud computing, has become a hot research topic in recent years. Among the many virtualization technologies, Xen is widely recognized by the industry for its superior performance and open source. Xen is a system virtual machine (Systerm Virtual Machine,SVM, which is responsible for managing and controlling all hardware and software resources in the system. It also provides an isolated running environment for multiple virtual machines running concurrently on the virtual machine. However, if Xen is destroyed, it will endanger all virtual machines running on it and cause serious losses. Therefore, Xen virtual machine security has become the focus of research in recent years. This paper focuses on the security policy model and security mechanism of Xen virtual machine. The main work is as follows: 1. A minimum privilege non-interference security policy model (Non-inference Security Poliycy Model withLeast Privilege,LPNIM) is proposed. The model is formally described by Roscoe non-interference theory and communication process algebra CSP (CommunicatingSequential Processes), and the isolation and sharing strategy of the model is formally proved based on Roscoe inert abstraction, certainty and Schneider order function. The model makes use of the principle of minimum privilege and implements the two-level policy of partition level and principal resource level, which combines the confidentiality non-interference security policy model and the integrity non-interference security policy model organically, and satisfies the confidentiality of the system. Integrity and minimum privilege requirements. 2, build a security enhanced Xen virtual machine architecture (Security-Enhanced Xen,SEXen). SEXen modifies the existing Xen architecture based on LPNIM, adding network domain and trusted boot module (Trusted LaunchModule,. TLM) and fine-grained mandatory access control module (Finer-grained Mandatory Access Control Module,FMACM). SEXen simplifies the operation of Dom0 privilege domain and satisfies the requirements of the model for trust measurement and minimum privileged information flow control. Thirdly, the trusted boot mechanism from boot to virtual machine is realized. Based on the dynamic trusted metric technology, the startup control strategy is designed, which ensures that the virtual machine can only be started when the metric is successful and the correct key is provided. This mechanism provides protection for the integrity of the initial state of the system and prevents SMM (System Management Mode) from bypassing attacks. 4, the fine-grained information flow access control mechanism is implemented. By modifying the Xen Hypervisor kernel and the Guest OS kernel, the control of the operation between and within the virtual machine can be realized, so as to ensure that the above operations can only be performed on the premise of satisfying the security policy of the virtual machine level and the principal resource level. This mechanism realizes the minimum privilege information flow control and the centralized and unified management of the security policy.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2012
【分類號】:TP302
【參考文獻(xiàn)】
相關(guān)期刊論文 前2條
1 謝鈞;黃皓;;一個非確定系統(tǒng)的不干擾模型[J];軟件學(xué)報;2006年07期
2 劉威鵬;張興;;基于非傳遞無干擾理論的二元多級安全模型研究[J];通信學(xué)報;2009年02期
本文編號:2461409
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2461409.html
最近更新
教材專著
