On the identification of covert storage channels in secure systems

A practical method for the identification of covert storage channels is presented and its application to the source code of the Secure Xenix kernel is illustrated. The method is based on the identification of all visible/alterable kernel variables by using information-flow analysis of language code. The method also requires that, after the sharing relationships among the kernel primitives and the visible/alterable variables are determined, the nondiscretionary access rules implemented by each primitive be applied to identify the potential storage channels. The method can be generalized to other implementation languages, and has the following advantages: it helps discover all potential storage channels is kernel code, thereby helping determine whether the nondiscretionary access rules are implemented correctly; it helps avoid discovery of false flow violations and their unnecessary analysis; and it helps identify the kernel locations where audit code and time-delay variables need to be placed for covert-channel handling     

网络隐通道的处理方式

本文首先介绍了网络隐通道的概念,讨论了在网络通信中隐通道存在的技术基础和实现原理,对基于网络通信协议的隐通道技术进行了深入分析。在此基础上讨论了隐通道技术的发展趋势并从网络安全的角度给出了对网络通信中隐通道的防范措施。     

面向Liquid时间隐通道的检测方法

IP时间隐通道严重威胁着网络用户的信息安全,基于熵的检测方法是目前最有效的时间隐通道检测方法,可以检测已知的IP时间隐通道。而近期提出的Liquid时间隐通道将包序列分为两部分,通过相互间的补偿来有效地躲避了熵的检测。针对Liquid方法的特点,提出了基于滑动窗口的熵检测方法。该方法先利用滑动窗口找出隐信息包序列和补偿包序列,然后再基于正常通信和Liquid通信在这两种包序列间存在熵差异性的特点实现检测,大量实验结果表明该方法能够有效地检测出Liquid时间隐通道。     

Power-efficient assignment of virtual machines to physical machines

Motivated by current trends in cloud computing, we study a version of the generalized assignment problem where a set of virtual processors has to be implemented by a set of identical processors. For literature consistency, we say that a set of virtual machines (VMs) is assigned to a set of physical machines (PMs). The optimization criterion is to minimize the power consumed by all the PMs. We term the problem Virtual Machine Assignment (VMA). Crucial differences with previous work include a variable number of PMs, that each VM must be assigned to exactly one PM (i.e., VMs cannot be implemented fractionally), and a minimum power consumption for each active PM. Such infrastructure may be strictly constrained in the number of PMs or in the PMs’ capacity, depending on how costly (in terms of power consumption) it is to add a new PM to the system or to heavily load some of the existing PMs. Low usage or ample budget yields models where PM capacity and/or the number of PMs may be assumed unbounded for all practical purposes. We study four VMA problems depending on whether the capacity or the number of PMs is bounded or not. Specifically, we study hardness and online competitiveness for a variety of cases. To the best of our knowledge, this is the first comprehensive study of the VMA problem for this cost function.     

The architecture of virtual machines

A virtual machine can support individual processes or a complete system depending on the abstraction level where virtualization occurs. Some VMs support flexible hardware usage and software isolation, while others translate from one instruction set to another. Virtualizing a system or component -such as a processor, memory, or an I/O device - at a given abstraction level maps its interface and visible resources onto the interface and resources of an underlying, possibly different, real system. Consequently, the real system appears as a different virtual system or even as multiple virtual systems. Interjecting virtualizing software between abstraction layers near the HW/SW interface forms a virtual machine that allows otherwise incompatible subsystems to work together. Further, replication by virtualization enables more flexible and efficient and efficient use of hardware resources.     

Anecdotes [virtual machines]

The author explains how `virtual' came into the everyday computing lexicon. The term virtual was borrowed from optics in the 1980s and has become a major term in computing today. In its broadest sense, virtual machine refers to the universality of the computer: with sufficient memory, any computer can simulate any other if we simply load it with software simulating the other computer     

Base communication model of IP covert timing channels

IP covert timing channel (IPCTC) is an unconventional communication channel which attaches time information to the packets of an overt channel as messages carriers, e.g., using different inter-packet delays to transmit messages in a packet-switched network. Although the IPCTCs have many different communication methods, based on the concept of time, we categorized the base communication model of the IPCTCs into three types and then utilized the signal processing theory to build their mathematical models. As a result, the basic characteristics of the IPCTCs’ base model were formally derived. Hence, the characteristics of any IPCTC can be derived from the base models that consist of the IPCTC. Furthermore, a set of approaches was devised to implement the base model of the IPCTCs in a TCP/IP network. Experimental results show the correctness of the proposed base model of the IPCTCs in this paper.     

基于操作语义的时问隐通道分析

主要讨论了计算机信息安全领域中比较热点的话题--基于操作语义的时间隐通道.根据隐通道中的时间隐通道的特点和存在的最小条件,针对其特点提出了一种搜索方法,该搜索方法将进程看作一个抽象机状态机,以Plotkin的结构化操作语义等推导规则为基础,以及完整的信息传导操作语义的模型,分析了两个高低安全级进程抽象机状态变化及其状态动态变化序列,最后对可视窗口的分析,可以找到其中存在的时间隐通道.     

Performance considerations of shared virtual memory machines

Generalized speedup is defined as parallel speed over sequential speed. In this paper the generalized speedup and its relation with other existing performance metrics, such as traditional speedup, efficiency, scalability, etc., are carefully studied. In terms of the introduced asymptotic speed, we show that the difference between the generalized speedup and the traditional speedup lies in the definition of the efficiency of uniprocessor processing, which is a very important issue in shared virtual memory machines. A scientific application has been implemented on a KSR-1 parallel computer. Experimental and theoretical results show that the generalized speedup is distinct from the traditional speedup and provides a more reasonable measurement. In the study of different speedups, an interesting relation between fixed-time and memory-bounded speedup is revealed. Various causes of superlinear speedup are also presented     

一种虚拟机访问控制安全模型

在虚拟机系统的众多安全威胁中, 资源共享和数据通信所带来的内部安全问题成为了云平台下虚拟机中最为关注的问题。结合Chinese Wall和BLP模型, 提出了一种适合于虚拟机的访问控制安全模型VBAC, 在PCW安全模型的基础上, 引入了BLP多级安全模型, 并对BLP进行了相应改进, 该模型可对虚拟机内部资源使用、共享以及事件行为进行安全控制。实验结果显示该模型有较强的可行性及安全性。     

Protecting host-based intrusion detectors through virtual machines

Intrusion detection systems continuously watch the activity on a network or computer, looking for attack and intrusion evidences. However, host-based intrusion detectors are particularly vulnerable, as they can be disabled or tampered by successful intruders. This work proposes and implements an architecture model aimed to protect host-based intrusion detectors, through the application of the virtual machine concept. Virtual machine environments are becoming an interesting alternative for several computing systems due to their advantages in terms of cost and portability. The architecture proposed here makes use of the execution spaces separation provided by a virtual machine monitor, in order to separate the intrusion detection system from the system under monitoring. As a consequence, the intrusion detector becomes invisible and inaccessible to intruders. The prototype implementation and the tests performed show the viability of this solution.     

On the use of virtual channels in networks of workstations withirregular topology

Networks of workstations are becoming increasingly popular as a cost-effective alternative to parallel computers. Typically, these networks connect workstations using irregular topologies, providing the wiring flexibility, scalability, and incremental expansion capability required in this environment. Recently, we proposed two methodologies for the design of adaptive routing algorithms for networks with irregular topology, as well as fully adaptive routing algorithms for these networks. These algorithms increase throughput considerably with respect to previously existing ones, but require the use of at least two virtual channels. In this paper, we propose a very efficient flow control protocol to support virtual channels when link wires are very long and/or have different lengths. This flow control protocol relies on the use of channel pipelining and control flits. Control traffic is minimized by assigning physical bandwidth to virtual channels until the corresponding message blocks or it is completely transmitted. Simulation results show that this flow control protocol performs as efficiently as an ideal network with short wires and flit-by-flit multiplexing. The effect of additional virtual channels per physical channel has also been studied, revealing that the optimal number of virtual channels varies with network size. The use of virtual channel priorities is also analyzed. The proposed flow control protocol may increase short message latency, due to long messages monopolizing channels and hindering the progress of short messages. Therefore, we have analyzed the impact of limiting the number of flits (block size) that a virtual channel may forward once it gets the link. Simulation results show that limiting the maximum block size causes the overall network performance to decrease     

基于操作语义的磁臂隐通道分析

深入分析磁臂隐通道的产生及产生的原因,发现目前基于系统顶级描述和基于系统源代码搜索方法难以找出这类隐通道,提出一种基于操作语义的方法来研究磁臂隐通道,将磁臂调度过程中的进程看做一个抽象机,以Plotkin的结构化操作语义给出电梯调度算法的推导规则;根据推导规则得到进程抽象机所有状态以及进程抽象机状态的动态变化历史,这样就构成完整的信息传导操作语义模型.研究与分析两个高低安全级进程抽象机状态变迁及状态变迁序列,从而找到其中存在的磁臂隐通道.     

Detection of audio covert channels using statistical footprints of hidden messages

We address the problem of detecting the presence of hidden messages in audio. The detector is based on the characteristics of the denoised residuals of the audio file, which may consist of a mixture of speech and music data. A set of generalized moments of the audio signal is measured in terms of objective and perceptual quality measures. The detector discriminates between cover and stego files using a selected subset of features and an SVM classifier. The proposed scheme achieves on the average 88% discrimination performance on individual steganographic algorithms and 98.5% on individual watermarking algorithms. Between 75 and 90% discrimination performance is achieved in universal tests. Correct detection performance for individual embedding algorithms is roughly 90% when the detector can encounter any one in an ensemble of different embedding algorithms.     

虚拟机可瞬时开启的私有桌面云架构

私有桌面云被广泛应用在集中计算、集中管理、远程办公等场景中.现有的私有桌面云多基于OpenStack云操作系统搭建,然而,该操作系统在使用时会出现虚拟机开启时间过长导致用户等待的问题,无法满足某些应用的高实时性要求.对此,使用模板镜像策略和网络连接存储策略作为云存储层解决方案,提出一种虚拟机可瞬时开启(ISVM)的私有桌面云架构.ISVM桌面云架构包括云管理层、云存储层、云服务层.经过测试和分析发现,ISVM私有桌面云架构的虚拟机开启时间约为OpenStack云平台虚拟机开启时间的1/100,达到了毫秒数量级,能够满足应用的实时性要求.     

一种迁移开销感知的虚拟机动态整合算法

现有的以降低能耗为目标的虚拟机动态整合算法通常忽略了虚拟机迁移所带来的消极影响,导致虚拟机的动态整合虽然减少了数据中心的能耗,但不合理的虚拟机迁移次数较多,极有可能增加了SLA（Service Level Agreements）的违例率。针对上述问题,提出了一种迁移开销感知的虚拟机动态整合算法MigCAP（Migration Cost Aware Policy）,定义了迁移收益参数EMP,MigCAP算法通过EMP值的大小来决定是否需要进行虚拟机的迁移,避免了不合理的虚拟机迁移的发生。实验结果表明,MigCAP算法与现有的其他虚拟机动态整合算法相比,能够在有效减少能耗和降低SLA违例率的基础上,显著减少虚拟机迁移次数。     

一种基于信息流脉络网的隐蔽通道搜索方法

针对隐蔽流树搜索方法存在的规模大、分析工作量繁重等问题, 提出一种改进的隐蔽通道搜索方法。该方法采用网结构描述系统中的隐蔽信息流, 提出网中隐蔽通道的判定规则; 依据判定规则在深度优先搜索网中隐蔽通信路径过程中排除合法通道; 结合路径中的操作序列构造隐蔽通道工作场景, 从而发现系统中的隐蔽通道。实例分析和对比表明, 该方法可以弥补隐蔽流树搜索方法的不足。