| KVM虚拟化动态迁移技术的安全防护模型 |
| |
| 引用本文: | 范伟,孔斌,张珠君,王婷婷,张杰,黄伟庆.KVM虚拟化动态迁移技术的安全防护模型[J].软件学报,2016,27(6):1402-1416. |
| |
| 作者姓名: | 范伟 孔斌 张珠君 王婷婷 张杰 黄伟庆 |
| |
| 作者单位: | 中国科学院 信息工程研究所,北京 100093;中国科学院 研究生院,北京 100049,国家保密科技测评中心,北京 100044;北京交通大学,北京 100044,中国科学院 信息工程研究所,北京 100093,中国科学院 信息工程研究所,北京 100093;中国科学院 研究生院,北京 100049,中国科学院 信息工程研究所,北京 100093;中国科学院 研究生院,北京 100049,中国科学院 信息工程研究所,北京 100093 |
| |
| 基金项目: | 国家自然科学基金(61502486) |
| |
| 摘 要: | 虚拟机动态迁移技术是在用户不知情的情况下使得虚拟机在不同宿主机之间动态地转移,保证计算任务的完成,具有负载均衡、解除硬件依赖、高效利用资源等优点,但此技术应用过程中会将虚拟机信息和用户信息暴露到网络通信中,其在虚拟化环境下的安全性成为广大用户担心的问题,逐渐成为学术界讨论和研究的热点问题.本文从研究虚拟化机制、虚拟化操作系统源代码出发,以虚拟机动态迁移的安全问题作为突破点,首先分析了虚拟机动态迁移时的内存泄漏安全隐患;其次结合KVM(Kernel-based Virtual Machine)虚拟化技术原理、通信机制、迁移机制,设计并提出一种新的基于混合随机变换编码方式的安全防护模型,该模型在虚拟机动态迁移时的迁出端和迁入端增加数据监控模块和安全模块,保证虚拟机动态迁移时的数据安全;最后通过大量实验,仿真测试了该模型的安全防护能力和对虚拟机运行性能的影响,仿真结果表明,该安全防护模型可以在KVM虚拟化环境下保证虚拟机动态迁移的安全,并实现了虚拟机安全性和动态迁移性能的平衡.
|
| 关 键 词: | KVM虚拟化 动态迁移 安全防护模型 混合随机变换 |
| 收稿时间: | 2015/8/15 0:00:00 |
| 修稿时间: | 2015/10/9 0:00:00 |
Security Protection Model on Live Migration for KVM Virtualization |
| |
| FAN Wei,KONG Bin,ZHANG Zhu-Jun,WANG Ting-Ting,ZHANG Jie and HUANG Wei-Qing.Security Protection Model on Live Migration for KVM Virtualization[J].Journal of Software,2016,27(6):1402-1416. |
| |
| Authors: | FAN Wei KONG Bin ZHANG Zhu-Jun WANG Ting-Ting ZHANG Jie and HUANG Wei-Qing |
| |
| Affiliation: | Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;Graduate University, The Chinese Academy of Sciences, Beijing 100049, China,National Secrecy Science and Technology Evaluation Center, Beijing 100044, China;Beijing Jiaotong University, Beijing 100044, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;Graduate University, The Chinese Academy of Sciences, Beijing 100049, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;Graduate University, The Chinese Academy of Sciences, Beijing 100049, China and Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;Beijing Jiaotong University, Beijing 100044, China |
| |
| Abstract: | Live migration of virtual machines is the transfer of running virtual machines from one host server to a new host server to ensure computing tasks completed without notifying the owners of virtual machines, which has the characteristics of load balancing, hardware independent, high efficiency utilization of resource and so on, but live migration of virtual machines will expose information of virtual machines and users to the network, its security in the virtualized environment has become a serious problem that many users concern, and has gradually become the hot issue in the industry and the academic. This article embarks on researching the mechanism of virtualization and the source code of virtualization operating system, and takes security problems of live migration as a breakthrough. Firstly this article analyzes potential memory-leak security threat of live migration; Then designs and puts forward a new kind of security protection model based on hybrid random transform coding method combined with KVM(Kernel-based Virtual Machine) virtualization structure, communication mechanism, migration mechanism, which increases monitor module and security module at source and destination of live migration, ensuring the data security while the virtual machines are migrating; Finally, a series of experiments are designed to simulate and test the security protection capability of the model and the influence to virtual machine's performance, the simulation results show that this model could ensure the security of live migration in the KVM virtualization environment, which could also balance the security of virtual machines and performance of live migration. |
| |
| Keywords: | KVM virtualization live migration security protection model hybrid random transformation |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
