【摘要】：云計算的特點(diǎn)是整合計算資源,在保持低成本的狀態(tài)下提供良好的計算服務(wù)質(zhì)量,企業(yè)和個人用戶都能通過云計算的海量信息庫來實(shí)現(xiàn)信息的自由分享。雖然云計算平臺可以給廣大用戶提供高效服務(wù),但是不法分子也可以在此平臺上進(jìn)行違法活動,取證技術(shù)是有效發(fā)現(xiàn)、證實(shí)違法行為的必要手段。但是傳統(tǒng)以文件為基礎(chǔ)的取證方式已經(jīng)不適應(yīng)云計算的服務(wù)模式,云計算環(huán)境主要由大量的分布式異構(gòu)虛擬計算資源構(gòu)成,這些復(fù)雜的結(jié)構(gòu)給計算機(jī)取證工作的開展帶來巨大的挑戰(zhàn)。為了適應(yīng)這些取證環(huán)境的變化,實(shí)現(xiàn)在云計算環(huán)境下進(jìn)行取證工作成為一個重要的課題。 系統(tǒng)虛擬化技術(shù)和數(shù)據(jù)遷移技術(shù)的運(yùn)用讓云計算環(huán)境下進(jìn)行取證工作成為可能。云計算環(huán)境下還缺乏可用的取證模型,通過對云計算取證的建模,將云計算平臺視為由多個虛擬機(jī)構(gòu)成的系統(tǒng),其上運(yùn)行的虛擬機(jī)實(shí)例可以作為取證分析對象。為了獲取取證分析對象,利用了現(xiàn)場遷移技術(shù),在虛擬化軟件層對虛擬機(jī)實(shí)例進(jìn)行信息保全,保證遷移的鏡像文件的內(nèi)容完整性和一致性。為了在本地化系統(tǒng)中加載虛擬機(jī)鏡像文件進(jìn)行取證分析,利用單獨(dú)劃分的臨時鏡像文件分區(qū)作為鏡像文件和本地化系統(tǒng)之間的信息交換場所,可以正確加載虛擬機(jī)鏡像文件,實(shí)現(xiàn)云計算環(huán)境下的現(xiàn)場取證工作。 為此,首先提出了一種新的云計算環(huán)境下的計算機(jī)取證模型——云計算取證模型,該模型定義了云計算環(huán)境下的工作層次,通過場景描述和過程組件的劃分,刻畫了完整的取證機(jī)制。通過對云計算取證模型的完整性和強(qiáng)隔離性的證明,可以將虛擬機(jī)鏡像文件作為取證的對象進(jìn)行分析,進(jìn)而實(shí)現(xiàn)云計算環(huán)境下的計算機(jī)取證過程。 其次,在云計算平臺中通過對虛擬化軟件層的控制,利用其狀態(tài)轉(zhuǎn)換,提出了一種虛擬機(jī)鏡像文件的遷移方法。通過對虛擬化軟件層遷移狀態(tài)時的上層虛擬機(jī)的進(jìn)程標(biāo)識,內(nèi)存映射,網(wǎng)絡(luò)連接情況信息和文件系統(tǒng)信息進(jìn)行保存和重構(gòu)設(shè)計,可以完整的保存虛擬機(jī)的整個系統(tǒng)狀態(tài),并通過本地化鏡像加載,將虛擬機(jī)鏡像整個從云計算平臺遷移到本地取證環(huán)境中進(jìn)行分析,實(shí)現(xiàn)云計算平臺下電子證據(jù)的獲取。 再次,由于遷移出來的虛擬機(jī)鏡像文件需要在本地化加載,才能進(jìn)一步進(jìn)行取證分析,據(jù)此提出了一種臨時鏡像磁盤的加載方法。為了使鏡像文件可以正常在本地環(huán)境下加載,設(shè)計了一個非文件系統(tǒng)分配的臨時磁盤分區(qū)作為鏡像文件系統(tǒng)和本地設(shè)備的操作系統(tǒng)之間信息交互的場所,以保持兩個系統(tǒng)在硬件配置和服務(wù)的一致性,使虛擬機(jī)鏡像文件正確加載。 最后,為方便查找分析和管理取證的對象文件,提出了一種針對涉案取證鏡像文件的數(shù)據(jù)庫管理結(jié)構(gòu)。通過上述方法的研究,實(shí)現(xiàn)了云計算環(huán)境下取證工作。
[Abstract]:Cloud computing is characterized by integrating computing resources and providing good computing quality of service under the condition of low cost. Enterprises and individual users can share information freely through the massive information base of cloud computing. Although cloud computing platform can provide efficient service to users, illegal elements can also engage in illegal activities on this platform. Forensics technology is a necessary means to effectively find and prove illegal behavior. However, the traditional documentation-based forensics is no longer suitable for the cloud computing service model. Cloud computing environment is mainly composed of a large number of distributed heterogeneous virtual computing resources. These complex structures pose great challenges to the development of computer forensics. In order to adapt to these changes in the forensics environment, it becomes an important issue to implement forensic work in cloud computing environment. The application of system virtualization technology and data migration technology makes forensic work possible in cloud computing environment. In the cloud computing environment, there is still a lack of available forensics model. Through the modeling of cloud computing forensics, the cloud computing platform is regarded as a system composed of multiple virtual machines, and the instance of virtual machine running on it can be used as the object of forensic analysis. In order to obtain the object of forensic analysis, the virtual machine instance is preserved in the virtualization software layer by using the field migration technology to ensure the integrity and consistency of the migrated image file. In order to load virtual machine image file in localization system for forensic analysis, using separate temporary image file partition as information exchange place between mirror file and localization system, the virtual machine image file can be loaded correctly. To realize the field forensics in cloud computing environment. For this reason, a new computer forensics model in cloud computing environment, cloud computing forensics model, is proposed. The model defines the working level in cloud computing environment, and through the description of scene and the division of process components. The complete mechanism of evidence collection is described. By proving the integrity and strong isolation of the cloud computing forensics model, the virtual machine image file can be analyzed as the object of evidence collection, and then the computer forensics process in the cloud computing environment can be realized. Secondly, by controlling the virtualization software layer and using its state transformation, a migration method of virtual machine mirror file is proposed in the cloud computing platform. By saving and reconstructing the process identification, memory mapping, network connection information and file system information of the upper virtual machine during the migration of the virtualization software layer, the whole system state of the virtual machine can be completely saved. Through localized image loading, the virtual machine image is migrated from cloud computing platform to local forensics environment for analysis, and the acquisition of electronic evidence under cloud computing platform is realized. Thirdly, because the migrated virtual machine image files need to be loaded locally, a method of loading temporary mirror disk is proposed. In order to enable the image file to load normally in the local environment, a temporary disk partition allocated by the non-file system is designed as a place for information exchange between the mirror file system and the operating system of the local device. In order to maintain the consistency of hardware configuration and service between the two systems, the virtual machine image file is loaded correctly. Finally, in order to find, analyze and manage the object files of evidence, a database management structure is proposed. Through the research of the above methods, evidence collection in cloud computing environment is realized.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2011
【分類號】：TP393.08;D918.2

【引證文獻(xiàn)】

相關(guān)期刊論文 前5條

1 單彬;;云計算環(huán)境下計算機(jī)偵查取證問題研究[J];電子制作;2015年09期

2 何曉行;王劍虹;;云計算環(huán)境下的取證問題研究[J];計算機(jī)科學(xué);2012年09期

3 王冬梅;薛永獻(xiàn);;云計算應(yīng)用對計算機(jī)取證技術(shù)的挑戰(zhàn)和對策[J];信息通信;2014年06期

4 張海玉;;云平臺下數(shù)字圖書館的安全策略研究[J];圖書館學(xué)研究;2013年03期

5 謝亞龍;丁麗萍;林渝淇;趙曉柯;;ICFF:一種IaaS模式下的云取證框架[J];通信學(xué)報;2013年05期

相關(guān)碩士學(xué)位論文 前2條

1 侯佳佳;企業(yè)私有云及分布式存儲技術(shù)在RS10中的研究及應(yīng)用[D];機(jī)械科學(xué)研究總院;2013年

2 杜艷玲;混合云存儲環(huán)境下海洋大數(shù)據(jù)的布局及遷移算法研究[D];上海海洋大學(xué);2014年

，

本文編號：2283415