Clustering hypervisors to minimize failures in mobile cloud computing

Resource virtualization has become one of the key super‐power mobile computing architecture technologies. As mobile devices and multimedia traffic have increased dramatically, the load on mobile cloud computing systems has become heavier. Under such conditions, mobile cloud system reliability becomes a challenging task. In this paper, we propose a new model using a naive Bayes classifier for hypervisor failure prediction and prevention in mobile cloud computing. We exploit real‐time monitoring data in combination with historical maintenance data, which achieves higher accuracy in failure prediction and early failure‐risk detection. After detecting hypervisors at risk, we perform live migration of virtual servers within a cluster, which decreases the load and prevents failures in the cloud. We performed a simulation for verification. According to the experimental results, our proposed model shows good accuracy in failure prediction and the possibility of decreasing downtime in a hypervisor service. Copyright © 2017 John Wiley & Sons, Ltd.     

云计算中关键虚拟化技术及其安全防御机制研究

随着信息技术的发展,云计算技术被广泛应用于各个领域。由于云计算能实现资源共享、灵活供给、快速交付和弹性扩展,政府和企业都在努力建立自己的云计算环境,虚拟化技术是构建云计算环境的关键,它为建立云服务和应用提供了基础。文中深入分析了虚拟化技术的各个方面,包括 Hypervisor 技术、计算虚拟化、存储虚拟化和网络虚拟化。同时,文中还指出了虚拟化给云平台带来的主要安全问题。为解决这些安全问题,文中提出了一些安全防御机制和建议。首先,需构建安全防御建设思路,明确安全目标和策略。其次,可以采用分域控制机制,将虚拟化平台划分为多个安全区域,以增强其安全性。此外,还应设计安全防御措施,包括虚拟化安全、Hypervisor 技术安全、虚拟机安全和虚拟网络安全等。通过针对性地提出这些安全防御机制和措施,可以确保虚拟化平台提供安全、可靠的服务,使政府和企业能更好地应用云计算技术来处理大量的数据     

云计算虚拟环境的形式化安全验证

云计算是一种新兴的计算、存储资源使用模式,由于具备低成本、高效率等优点,得到了业界的广泛应用,但安全性仍然是云计算推广最大的障碍之一。虚拟化作为云计算的关键技术,其安全水平直接影响云环境的安全性,目前对云计算虚拟环境多采用传统的覆盖式验证方法,无法彻底解决正确性问题。文中通过结合形式化方法中的模型检测技术,经过配置采集、需求分析和性质检测3个阶段对虚拟化安全性质进行高覆盖率验证,提供了一种对云计算环境进行安全评估的可行思路。     

云计算的虚拟化安全问题

随着云计算的发展,云计算的安全问题越来越受到关注。本文全面分析了云计算中与虚拟化安全有关的各类问题,阐述了虚拟化安全的研究现状并提出了未来发展方向。文中先介绍了虚拟化角度下的云计算架构,然后介绍了虚拟化技术,重点介绍了虚拟化安全问题和研究现状,接着以Xen平台为例,介绍了Xen的虚拟化安全问题,最后对未来的发展进行了展望。     

Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN

Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion Detection System (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detection system. The proposed system is implemented and compared with Naïve Bayes classifier and Classic ANN algorithm. The DARPA’s KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Naïve Bayes classifier and Classic ANN.     

企业级虚拟化应用研究

企业级虚拟化技术在云计算中有着重要的应用,本文在研究了Hypervisor系统运行层次的基础上,分析了虚拟化技术的优势,给出了不适合虚拟化部署的场合.从实体机整体效率检测、虚拟机合并率、服务器合并后的TCO/ROI计算等方面对虚拟化进行了效率评估,指出了根据不同资源密集类型进行相应资源配置的研究方向.     

Continuous leakage–resilient IBE in cloud computing

Cloud computing is an efficient tool in which cloud storage shares plenty of encrypted data with other data owners. In existing cloud computing scenarios, it may suffer from some new attacks like side channel attacks. Therefore, we are eager to introduce a new cryptographic scheme that can resist these new attacks. In this work, we exploit a new technique to build leakage‐resilient identity‐based encryption and use the stronger existing partial leakage model, such as continual leakage model. More specifically, our proposal is based on the underlying decisional bilinear Diffie‐Hellman assumption, but proven adaptively secure against adaptive chosen ciphertext attack in the standard model. Above all, a continuous leakage–resilient IBE scheme with adaptive security meets cloud computing with stronger security.     

A Profile-Based Novel Framework for Detecting EDoS Attacks in the Cloud Environment

The future of information technology mainly depends upon cloud computing. Hence security in cloud computing is highly essential for the consumers as well as the service providers of the particular cloud environment. There are many security threats are challenging the current cloud environment. One of the important security threat ever in cloud environment is considered to be the Distributed Denial of Service (DDoS) attack. Where cloud is of greater benefit in terms of providing on-demand services, a certain kind of attack named as Economic Denial of Sustainability (EDoS) occurs in pay per use payment model. Due to the occurrence of this attack the consumers are forced to pay additional amount for the services offered. EDoS attacks are similar to that of DDoS attacks Which is classified as-attacks associated with bandwidth consuming, application targeted attacks and the exhaustion of the connection layer. The main objective of the proposed work is to design a profile-based novel framework for maximizing the detection of various types of EDoS attacks. During this process, the proposed framework consisting Feature Classification (FC) algorithm ensures that false positives and negatives along with bandwidth and memory consumption are highly minimized. The proposed algorithm allows only the limited resources for allocation to the available virtual machines which increases the chances of the detecting the attack and preventing the misuse propagation of resources. The accuracy and efficiency of this approach is proven to be higher with lesser computational complexity when compare to the existing approaches.

     

Analysis of Hot Topics in Cloud Computing

In the field of cloud computing, topics such as computing resource virtualization, differences between grid and cloud computing, relationship between high-performance computers and cloud computing centers, and cloud security and standards have attracted much research interest. This paper analyzes these topics and highlights that resource virtualization allows information services to be scalable, intensive, and specialized; grid computing involves using many computers for large-scale computing tasks, while cloud computing uses one platform for multiple services; high-performance computers may not be suitable for a cloud computing; security in cloud computing focuses on trust management between service suppliers and users; and based on the existing standards,standardization of cloud computing should focus on interoperability between services.     

利用可信赖执行技术防范基于hypervisor的rootkit

虚拟化技术的发展和应用,给虚拟机的安全带来了新的威胁和挑战。论文深入研究和分析了针对虚拟机的rootkit攻击以及虚拟机监控软件（hypervisor）面临的安全风险,提出了检测和防范rookit攻击的方法。结合可信赖执行技术（TXT）的特点,给出了防范基于hypervisor的rootkit的方法和步骤,并探讨了虚拟机安全的发展趋势和下一步的研究方向。     

云安全研究进展综述

 随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.     

基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上,揭示了SOS在节点被攻击时的退出机制存在的安全漏洞,根据云计算路由策略改进了一致性散列算法Chord,提出了适用于云计算路由平台三层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path）,在安全访问路径中引入了心跳机制,利用虚拟机技术实现弹性的虚拟节点,完成在云平台中被攻击节点之间的无缝切换,保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验,重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数,并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下,VHSAP具有较高的数据通过率,可以提高云计算平台的安全性。     

云计算热点问题分析

在云计算的研究和应用中一些热点问题比较突出,如：如何理解计算资源及其虚拟化、云计算与网格计算的差异、云计算中心与高性能计算机的关系、云安全和云标准等。文章对此给出了一些见解：计算资源的虚拟化促使信息服务走向规模化、集约化和专业化;网格计算是＂多为一＂,而云计算是＂一为多＂;部署于高性能计算中心的高性能计算机未必适合云计算;云安全已经将传统安全问题发展为服务方和被服务方之间的信任和信任管理问题;在现有标准的基础上,云计算标准将需更加关注服务的互操作等。     

试析云计算虚拟化安全技术

通过云计算虚拟化安全技术,可以有效提升数据中心基础资源的使用效率,避免由于黑客的入侵而影响到用户个人信息的安全性与稳定性,将云计算服务推升至全新的高度和深度.本文主要针对云计算虚拟化安全技术展开深入的研究,重点阐述云计算虚拟化安全技术架构,以供相关人士的借鉴.     

云计算虚拟化安全技术研究

云计算为信息系统未来的发展方向,而技术的发展却面临着许多的困难。随着云计算的不断普及和应用,安全问题的重要性正呈现逐步上升的趋势,并且成为制约云计算技术发展的关键因素。云计算的核心技术在于虚拟化,而虚拟化存在诸如安全隔离、受控迁移、权限访问等系列安全问题,已经实实在在摆在人们面前。文中着重分析目前虚拟化技术存在的安全问题,并提出了与之匹配的解决思路。     

Authenticated key agreement scheme for fog-driven IoT healthcare system

The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

     

虚拟机监控器的安全威胁及规避措施

云计算通过使用虚拟化技术,将大规模数据中心的设备分成独立的小型资源按需租用给用户。这种多租户环境建立的前提是虚拟化平台是安全可靠的,以确保位于同一台物理主机上的不同用户之间的独立性不被破坏。然而现有虚拟机控制器都拥有一个规模较大的可信计算基,使得其管理的虚拟机存在较大安全风险。文中提出一种方法,将传统的控制虚拟机分解为各个组件组成,每个组件执行单一的功能。这样可以带来一些好处：客户共享的服务组件是可配置和可审计的;限制每个组件以所需的最小权限接入Hypervisor,这使得风险明确化;通过配置组件的微重置的频率,可减小单个组件的时间攻击面。     

虚拟化平台安全漏洞分析与防护研究

虚拟化平台是云计算服务的核心基础设施,因此虚拟化平台的安全研究在云安全中扮演了关键角色。概述了虚拟化的典型架构和主流平台,分析了虚拟化平台安全漏洞的类型、影响及主要高危漏洞,最后对主流厂商的虚拟化安全防护系统进行分析,并提出防护解决方案。     

SAPA-based approach for defending DoS attacks in cloud computing

Denial of service (DoS) attack was one of the major threats to cloud computing.Security access path algorithm (SAPA) used node route table (NRT) to compose security access path.It simplified role nodes of traditional secure overlay services (SOS),and periodically updated role nodes,and cached security access paths.Therefore,SAPA was more appropriate for cloud computing to defend DoS attacks.Based on the turn routing architecture of cloud computing,the mathematical model of SAPA was built and its performance was analyzed in theory.The performance of SAPA was tested in OMNeT++ experimental platform.Also,the Test-bed experiments were performed to evaluate the effectiveness of SAPA for defending DoS attack.Experimental results show that comparing with SOS,SAPA can degrade the impact of communication success rate caused by DoS attack effectively,and guarantees the access delay small enough.     

Secure Cloud Architecture for 5G Core Network

Service-based architecture (SBA) is a profound advancement in the novel 5G Core network (5GC). Existing studies show that SBA can benefit from cloud computing to achieve extensibility, modularity, reusability, and openness. It also brings security problems (e.g., hypervisor hijacking, and malware injection). To provide secure 5G services, we propose a service-based cloud architecture called Mimicloud for 5GC based on dynamic and heterogeneous techniques. Mimicloud provides flexible reconfiguration mechanisms to protect containers and eliminate all attack knowledge obtained from adversaries. We use multiple containers to execute crucial services and ensure security with crosscheck. Mimicloud employs heterogeneous components to prevent multiple containers from being breached through the same vulnerabilities. Experimental results show that Mimicloud can effectively strengthen the security of the 5GC. The performance overhead is analyzed in order to demonstrate its scalability.