共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
If the attacker wants to compromise a target virtual machine on a cloud platform,the malicious virtual machine must be co-resident with the target.Based on this,a virtual machine co-residency method was proposed.The method combined a co-residency detection scheme based on covert channel construction and an automatic virtual machine flooding strategy,and was evaluated on a well-known domestic cloud platform.Experiment shows that the adaptive covert channel can achieve accuracies of 95%,the proposed detection scheme has strong robustness whose false positive rate is less than 5 ‰,the proposed method is versatile and keeps the virtualization isolation barrier intact,which has great potential threat and should be paid great attention and precaution. 相似文献
3.
with the increasing popularity of cloud services,attacks on the cloud infrastructure also increase dramatically.Especially,how to monitor the integrity of cloud execution environments is still a difficult task.In this paper,a real-time dynamic integrity validation(DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud.DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine's architecture stack.DIV introduces a trusted third party(TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers.To evaluate the effectiveness and efficiency of DIV framework,a prototype on KVM/QEMU is implemented,and extensive analysis and experimental evaluation are performed.Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time,with minor performance overhead. 相似文献
4.
多年以来,人们使用工具来完成任务,直到最近我们的工具才开始变得越来越聪明,并且互相连接起来。微处理器已经出现在很多日常使用的物品中,并且越来越多地和网络有了联系。J2ME目标是在具有16位或32位处理器和总量不少于约128KB的存储器的微型设备上运行JAvA程序。但由于硬件和软件方面的限制,为了给应用程序尽可能的空间和资源,让应用程序在虚拟机上流畅、稳定地运行,因而需要对这类嵌入式JAVA虚拟机进行优化处理,以提高其性能。对于JVW中代的划分、根集的确定和堆空间的分配、回收的新算法无疑能够优化虚拟机,提高其效率。 相似文献
5.
6.
与传统的恶意代码检测方式相比,面向虚拟桌面的恶意代码检测方法面临着性能方面的挑战,同一物理服务器上多个虚拟桌面同时开展恶意代码检测使得磁盘等硬件成为严重的IO性能瓶颈.本文提出了一种高效的虚拟桌面恶意代码检测方案,基于母本克隆技术的虚拟桌面恶意代码检测机制(MCIDS),MCIDS根据虚拟桌面系统的特点,通过系统映像网络存储克隆技术以及部署在网络存储系统中的恶意代码引擎减少虚拟桌面系统中的恶意代码检测范围,有效减少恶意代码检测所需的磁盘IO开销;同时MCIDS还克服了传统“Out-of-the-Box”安全检测机制存在的语义差别问题,改善了系统的安全性能.在原型系统上的实验显示该方法在技术上是可行的,与现有方法相比MCIDS具有较好的性能优势. 相似文献
7.
Unlike the existing electric grid, the smart grid has a variety of functions that enable electric utility suppliers and consumers to perform dual exchanges of real-time information by adding IT technology. Therefore, the systems of smart grid suppliers and those of users are always connected through a network, which means that the systems related to the smart grid could become targets of malicious attackers. The various smart grid systems could have different hardware configuration from those of general systems, but their fundamental operating mechanism is the same as that of the general computer system. When a system is operating, its information and the data used by a program are loaded into the system’s memory. In this paper, we studied the method of physical memory collection and analysis in smart grid embedded systems in order to help investigate crimes related to smart grids. In addition, we verify the method studied in this paper through the collection and analysis of physical memory in the virtual Linux environment using a virtual machine. 相似文献
8.
When using trusted computing technology to build a trusted virtual platform environment,it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment.At present,the certificate trust expansion schemes are not perfect,either there is a violation of the TCG specifications,or TPM and vTPM certificate results inconsistent,either the presence of key redundancy,or privacy CA performance burden,some project cannot even extend the certificate trust.Based on this,a new extension method of trusted certificate chain was proposed.Firstly,a new class of certificate called VMEK (virtual machine extension key) was added in TPM,and the management mechanism of certificate VMEK was constructed,the main feature of which was that its key was not transferable and could be used to sign and encrypt the data inside and outside of TPM.Secondly,it used certificate VMEK to sign vTPM’s vEK to build the trust relationship between the underlying TPM and virtual machine,and realized extension of trusted certificate chain in virtual machine.Finally,in Xen,VMEK certificate and its management mechanism,and certificate trust extension based on VMEK were realized.The experiment results show that the proposed scheme can effectively realize the remote attestation function of virtual platform. 相似文献
9.
10.
侧信道攻击是当前云计算环境下多租户间信息泄露的主要途径,针对现有服务功能链(SFC)部署方法未充分考虑多租户环境下虚拟网络功能(VNF)面临的侧信道攻击问题,该文提出一种抗侧信道攻击的服务功能链部署方法。引入基于时间均值的租户分类策略以及结合历史信息的部署策略,在满足服务功能链资源约束条件下,以最小化租户所能覆盖的服务器数量为目标建立相应的优化模型,并设计了基于贪婪选择的部署算法。实验结果表明,与其他部署方法相比,该方法显著提高了恶意租户实现共存的难度与代价,降低了租户面临的侧信道攻击风险。 相似文献
11.
Several methods exist for detecting hacking programs operating within online games. However, a significant amount of computational power is required to detect the illegal access of a hacking program in game clients. In this study, we propose a novel detection method that analyzes the protected memory area and the hacking program's process in real time. Our proposed method is composed of a three-step process: the collection of information from each PC, separation of the collected information according to OS and version, and analysis of the separated memory information. As a result, we successfully detect malicious injected dynamic link libraries in the normal memory space. 相似文献
12.
僵尸网络仿真是僵尸网络研究领域的一门新兴技术,近年来日益得到广泛的关注。现有研究中基于虚拟机的大规模僵尸网络实用仿真系统比较缺乏,现有系统缺乏对虚拟机集群的快速部署、多虚拟化(尤其是对轻量级虚拟化)、僵尸网络特性(如僵尸网络的昼夜随机关机开机)模拟、高可扩展性功能的支持。通过对僵尸网络仿真特性的分析,提出了一种基于虚拟机的僵尸网络仿真系统及适用于僵尸网络仿真系统的可扩展性优化技术。实验表明,所提出的基于内存性能优化和CPU性能优化的技术,可以使每个虚拟机的常驻内存比优化前减少77%以上,同一台物理机所能开启的最大虚拟机数量由15台增加到43台,当限制虚拟机的vCPU占用率到100 000时,主机CPU占用率在同样情况下能从100%降低到20%,优化效果显著。 相似文献
13.
Firstly the experiments to verify the relationship between the number of dirty memory pages and application characteristics which exist in virtual machine migration was conducted.Then,different virtual machine application characteristics were perceived,with which the number of dirty memory pages produced during the migrations was predicted by the use of GM(1,N) grey prediction model.At the same time,using residual correction to adjust error makes results more reliable.According to the prediction of memory dirty pages,network bandwidth was adjusted and reserved.Compared with the traditional pre-copy strategy,the given experiments show that the optimized strategy proposed can improve the performance of network and reduce migratory cost for the memory-intensive and network-intensive applications. 相似文献
14.
标准VRRP(虚拟路由器冗余协议)解决在配置默认网关环境下消除网络单点故障问题,其协议自身不够灵活,即虚拟路由器中只有主设备进行流量转发,其他备用设备均作为备份不进行流量转发,无法负载分担,不能最大程度提高带宽和设备利用率。针对该局限,在此基于与某公司的合作项目,论述了一种虚拟路由冗余协议负载均衡实现机制,在标准VRRP协议分析研究基础上引入虚拟转发器和转发状态机,实现一个虚拟IP对应多个虚拟MAC的机制,无需配置多个备份组就能同时实现路由冗余备份和流量负载均衡,使局域网内用户能够通过每台虚拟转发器与外界通信,极大地提高资源利用率,最后以实验验证了设计可行性。 相似文献
15.
In order to make computationally weak cloud tenants can reconstruct a secret with efficiency and fairness,a cloud outsourcing secret sharing scheme was proposed,which combined cloud outsourcing computation with secret sharing scheme.In the process of outsourcing secret sharing,cloud tenants just need a small amount of decryption and validation operations,while outsource expensive cryptographic operations to cloud service provider (CSP).The scheme,without complex interactive augment or zero-knowledge proof,could detect malicious behaviors of cloud tenants or cloud service providers.And the scheme was secure against covert adversaries.Finally,every cloud tenant was able to obtain the secret fairly and correctly.Security analysis and performance comparison show that scheme is safe and effective. 相似文献
16.
17.
机器学习已经广泛应用于恶意代码检测中,并在恶意代码检测产品中发挥重要作用。构建针对恶意代码检测机器学习模型的对抗样本,是发掘恶意代码检测模型缺陷,评估和完善恶意代码检测系统的关键。该文提出一种基于遗传算法的恶意代码对抗样本生成方法,生成的样本在有效对抗基于机器学习的恶意代码检测模型的同时,确保了恶意代码样本的可执行和恶意行为的一致性,有效提升了生成对抗样本的真实性和模型对抗评估的准确性。实验表明,该文提出的对抗样本生成方法使MalConv恶意代码检测模型的检测准确率下降了14.65%;并可直接对VirusTotal中4款基于机器学习的恶意代码检测商用引擎形成有效的干扰,其中,Cylance的检测准确率只有53.55%。 相似文献
18.
19.
多租户数据中心环境下,保证云应用性能的一个重要因素是为租户应用提供可保证的通信带宽,这可以通过为每个租户提供一个独占的虚拟数据中心(VDC)来实现.研究了在物理数据中心网络中超额认购数据中心的嵌入问题.相对于一般虚拟数据中心,超额认购虚拟数据中虚拟机之间的流量模式更加复杂,因此首先利用线性规划方程阐述了流量模型及嵌入问题.对于虚拟机嵌入问题,提出了一种具有较低时间复杂度的启发式算法——分组扰动算法.最后,通过仿真实验将分组扰动算法和先前工作中提出的算法以及著名的first-fit进行了比较,实验表明所提算法在降低算法复杂度的同时提高了嵌入成功率. 相似文献
20.
针对现有Android恶意代码检测方法容易被绕过的问题,提出了一种强对抗性的Android恶意代码检测方法.首先设计实现了动静态分析相结合的移动应用行为分析方法,该方法能够破除多种反分析技术的干扰,稳定可靠地提取移动应用的权限信息、防护信息和行为信息.然后,从上述信息中提取出能够抵御模拟攻击的能力特征和行为特征,并利用一个基于长短时记忆网络(Long Short-Term Memory,LSTM)的神经网络模型实现恶意代码检测.最后通过实验证明了本文所提出方法的可靠性和先进性. 相似文献