Please use this identifier to cite or link to this item: https://ah.lib.nccu.edu.tw/handle/140.119/76870
題名: 使用虛擬化偵察以強化核心虛擬機器的雲端平台
Securing KVM-based Cloud Systems via Virtualization Introspection
作者: 李聖瑋
Lee, Sheng Wei
貢獻者: 郁方
Yu, Fang
李聖瑋
Lee, Sheng Wei
關鍵詞: 雲端運算
資訊安全
虛擬化
惡意行為偵測
Cloud Computing
Cybersecurity
Virtualization
Malicious behavior detection
日期: 2015
上傳時間: 27-Jul-2015
摘要: Linux 核心虛擬機器 (KVM) 在雲端運算生態系統內的基礎建設即為服務平台(Infrastructure as a Service) 上是最熱門的虛擬化管理程序 (Hypervisor)。Linux 核心虛擬機器提供了全虛擬化的環境,包含虛擬化的 CPU,網路卡及主機板上的晶片,在 Linux 核心虛擬機器上面可以安裝異質的作業系統在虛擬主機裡面。我們提出了新的虛擬化偵察系統 (Virtualization Introspection System),可以保護虛擬主機以及運作虛擬化管理程序的實體主機, 儘管虛擬主機是運作在各種不同的虛擬化管理程序, 虛擬化偵察系統可以保護虛擬主機與實體主機不被惡意的駭客攻擊。 虛擬化偵察系統蒐集虛擬主機的動態及靜態資料來偵測及攔截惡意攻擊。 我們使用了虛擬主機重現了各種不同的惡意攻擊, 然後使用非監督的人工智慧學習技術來產生偵測規則。 我們的虛擬化偵察系統也整合了雲端運算系統平台像是 OpenStack 和 OpenNebula。
Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hypervisor drivers in the Infrastructure as a Service (IaaS) layer of cloud computing ecosystems. The KVM hypervisor provides a full-virtualized environment that virtualizes as much hardware as possible, including CPUs, network interfaces and chipsets with KVM, where heterogeneous operating systems can be installed by Virtual Machines (VMs) in an homogeneous environment. We have proposed a new Virtualization Introspection System (VIS) to protect the host as well as VMs running on various hypervisors of cloud computing structure from malicious attacks. VIS detects and intercepts attacks from VMs by collecting their static and dynamic status. We then replay the attacks on VMs and utilize artificial intelligence derived from unsupervised learning techniques to derive effective decision rules. VIS can be further integrated with common cloud middleware, such as OpenStack and OpenNebula.
參考文獻: [ 1]\nArmbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.\n[ 2]\nBahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., ... & Xu, D. (2010, October). Dksm: Subverting virtual machine introspection for fun and profit. In Reliable Distributed Systems, 2010 29th IEEE Symposium on (pp. 82-91). IEEE.\n[ 3]\nBartholomew, D. (2006). Qemu a multihost multitarget emulator. Linux Journal, 2006(145), 3.\n[ 4]\nBellard, F. (2005, April). QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference, FREENIX Track (pp. 41-46).\n[ 5]\nBiermann, A. W., & Feldman, J. A. (1972). On the synthesis of finite-state machines from samples of their behavior. Computers, IEEE Transactions on, 100(6), 592-597.\n[ 6]\nCaron, E., Desprez, F., Loureiro, D., & Muresan, A. (2009, September). Cloud computing resource management through a grid middleware: A case study with DIET and eucalyptus. In Cloud Computing, 2009. CLOUD`09. IEEE International Conference on (pp. 151-154). IEEE.\n[ 7]\nCatteddu, D. (2010). Cloud Computing: benefits, risks and recommendations for information security. In Web Application Security (pp. 17-17). Springer Berlin Heidelberg.\n[ 8]\nElhage, N. (2011). Virtunoid: A KVM Guest-> Host privilege escalation exploit. Black Hat USA, 2011.\n[ 9]\nErnst, M. D., Cockrell, J., Griswold, W. G., & Notkin, D. (2001). Dynamically discovering likely program invariants to support program evolution. Software Engineering, IEEE Transactions on, 27(2), 99-123.\n[ 10]\nFox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., ... & Stoica, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13.\n[ 11]\nGarfinkel, T., & Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).\n[ 12]\nGHSOM. Retrieved March, 2012, from http://www.ifs.tuwien.ac.at/~andi/ghsom/.\n[ 13]\nHartigan, J. A., & Wong, M. A. (1979). Algorithm AS 136: A k-means clustering algorithm.70 Applied statistics, 100-108.\n[ 14]\nHsiao, S. W., Chen, Y. N., Sun, Y. S., & Chen, M. C. (2013, October). A cooperative botnet profiling and detection in virtualized environment. In Communications and Network Security (CNS), 2013 IEEE Conference on (pp. 154-162). IEEE.\n[ 15]\nKruegel, C., Kirda, E., & Bayer, U. (2006, April). TTAnalyze: A tool for analyzing malware. In Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference (EICAR).\n[ 16]\nLee, S. W., & Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.\n[ 17]\nLee, S. W., Tsai, D. B.(2006, December). A Guide to Having Fun with the Next Generation Linux, Ubuntu, ISBN: 9867199979, Taipei, Taiwan, , GrandTech Press.\n[ 18]\nlibvirt: The virtualization API, Retrieved March, 2012, from http://libvirt.org.\n[ 19]\nLo, D., & Khoo, S. C. (2008). Mining patterns and rules for software specification discovery. Proceedings of the VLDB Endowment, 1(2), 1609-1616.\n[ 20]\nLombardi, F., & Di Pietro, R. (2009, March). KvmSec: a security extension for Linux kernel virtual machines. In Proceedings of the 2009 ACM symposium on Applied Computing (pp. 2029-2034). ACM.\n[ 21]\nLombardi, F., & Di Pietro, R. (2010). CUDACS: securing the cloud with CUDA-enabled secure virtualization. In Information and Communications Security (pp. 92-106). Springer Berlin Heidelberg.\n[ 22]\nLombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4), 1113-1122.\n[ 23]\nMetasploit, Retrieved March, 2012, from. http://www.metasploit/, 2013.\n[ 24]\nMilojičić, D., Llorente, I. M., & Montero, R. S. (2011). Opennebula: A cloud management tool. IEEE Internet Computing, (2), 11-14.\n[ 25]\nOpenecp, Retrieved March, 2012, from http://www.openecp.org.\n[ 26]\nPayne, B. D., Carbone, M., Sharif, M., & Lee, W. (2008, May). Lares: An architecture for secure active monitoring using virtualization. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (pp. 233-247). IEEE.\n[ 27]\nPeter, M., Schild, H., Lackorzynski, A., & Warg, A. (2009, March). Virtual machines jailed:\n71\nvirtualization in systems with small trusted computing bases. In Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems (pp. 18-23). ACM.\n[ 28]\nPfoh, J., Schneider, C., & Eckert, C. (2011). Nitro: Hardware-based system call tracing for virtual machines. In Advances in Information and Computer Security (pp. 96-112). Springer Berlin Heidelberg.\n[ 29]\nRieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.\n[ 30]\nSantos, I., Brezo, F., Ugarte-Pedrero, X., & Bringas, P. G. (2013). Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences, 231, 64-82.\n[ 31]\nSefraoui, O., Aissaoui, M., & Eleuldj, M. (2012). OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55(3), 38-42.\n[ 32]\nSeshadri, A., Luk, M., Qu, N., & Perrig, A. (2007). SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. ACM SIGOPS Operating Systems Review, 41(6), 335-350.\n[ 33]\nSiebenlist, F. (2009, June). Challenges and opportunities for virtualized security in the clouds. In Proceedings of the 14th ACM symposium on Access control models and technologies (pp. 1-2). ACM.\n[ 34]\nSomorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October). All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 3-14). ACM.\n[ 35]\nSung, A. H., Xu, J., Chavez, P., & Mukkamala, S. (2004, December). Static analyzer of vicious executables (save). In Computer Security Applications Conference, 2004. 20th Annual (pp. 326-334). IEEE.\n[ 36]\nWu, Y. S., Sun, P. K., Huang, C. C., Lu, S. J., Lai, S. F., & Chen, Y. Y. (2013, June). EagleEye: Towards mandatory security monitoring in virtualized datacenter environment. In Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on (pp. 1-12). IEEE.\n[ 37]\nZissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future 72 Generation computer systems, 28(3), 583-592.
描述: 碩士
國立政治大學
資訊管理研究所
100356010
資料來源: http://thesis.lib.nccu.edu.tw/record/#G1003560102
資料類型: thesis
Appears in Collections:學位論文

Files in This Item:
File SizeFormat
010201.pdf4.42 MBAdobe PDF2View/Open
Show full item record

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.