高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于访问控制的Hypervisor非控制数据完整性保护

陈志锋 李清宝 张平 曾光裕

陈志锋, 李清宝, 张平, 曾光裕. 基于访问控制的Hypervisor非控制数据完整性保护[J]. 电子与信息学报, 2015, 37(10): 2508-2516. doi: 10.11999/JEIT150130
引用本文: 陈志锋, 李清宝, 张平, 曾光裕. 基于访问控制的Hypervisor非控制数据完整性保护[J]. 电子与信息学报, 2015, 37(10): 2508-2516. doi: 10.11999/JEIT150130
Chen Zhi-feng, Li Qing-bao, Zhang Ping, Zeng Guang-yu. Access Control Based Hypervisor Non-control Data Integrity Protection[J]. Journal of Electronics and Information Technology, 2015, 37(10): 2508-2516. doi: 10.11999/JEIT150130
Citation: Chen Zhi-feng, Li Qing-bao, Zhang Ping, Zeng Guang-yu. Access Control Based Hypervisor Non-control Data Integrity Protection[J]. Journal of Electronics and Information Technology, 2015, 37(10): 2508-2516. doi: 10.11999/JEIT150130

基于访问控制的Hypervisor非控制数据完整性保护

doi: 10.11999/JEIT150130
基金项目: 

核高基国家科技重大专项(2013JH00103)和国家863目标导向项目(2009AA01Z434)

Access Control Based Hypervisor Non-control Data Integrity Protection

Funds: 

The National Science and Technology Major Project of China (2013JH00103)

  • 摘要: 在虚拟化技术广泛应用的同时虚拟层的安全问题引起了国内外研究人员的密切关注。现有的虚拟机管理器(Hypervisor)完整性保护方法主要针对代码和控制数据的完整性保护,无法抵御非控制数据攻击;采用周期性监控无法提供实时的非控制数据完整性保护。针对现有方法的不足,该文提出了基于UCON的Hypervisor非控制数据完整性保护模型UCONhi。该模型在非控制数据完整性保护需求的基础上简化了UCON模型,继承了UCON模型的连续性和易变性实现非控制数据的实时访问控制。根据攻击样例分析攻击者和攻击对象确定主客体减少安全策略,提高了决策效率;并基于ECA描述UCONhi安全策略,能够有效地决策非控制数据访问合法性。在Xen系统中设计并实现了相应的原型系统Xen-UCONhi,通过实验评测Xen-UCONhi的有效性和性能。结果表明,Xen-UCONhi能够有效阻止针对虚拟机管理器的攻击,且性能开销在10%以内。
  • [1] Garfinkel T and Rosenblum M. A virtual machine introspection based architecture for intrusion detection[C]. Proceedings of the 10th Network and Distributed System Symposium, San Diego, USA, 2003: 191-206.
    [2] Lanzi A, Sharif M I, and Lee W. K-Tracer: a system for extracting kernel malware behavior[C]. Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, USA, 2009: 191-203.
    [3] Baliga A, Ganapathy V, and Iftode L. Detecting kernel-level rootkits using data structure invariants[J]. IEEE Transactions on Dependable and Secure Computing, 2011, 8(5): 670-684.
    [4] 李博, 沃天宇, 胡春明, 等. 基于VMM的操作系统隐藏对象关联检测技术[J]. 软件学报, 2013, 24(2): 405-420.
    [5] Li Bo, Wo Tian-yu, Hu Chun-ming, et al.. Hidden OS objects correlated detection technology based on VMM[J]. Journal of Software, 2013, 24(2): 405-420.
    [6] Criswell J, Dautenhahn N, and Adve V. KCoFI: complete control-flow integrity for commodity operating system kernels[C]. Proceedings of the 35th IEEE Symposium on Security and Privacy, Oakland, 2014: 14-29.
    [7] 殷波, 王颖, 邱雪松, 等. 一种面向云服务提供商的资源分配机制[J]. 电子与信息学报, 2014, 36(1): 15-21.
    [8] Yin Bo, Wang Ying, Qiu Xue-song, et al.. A resource provisioning mechanism for service providers in cloud[J]. Journal of Electronics Information Technology, 2014, 36(1): 15-21.
    [9] Barham P, Dragovic B, Fraser K, et al.. Xen and the art of virtualization[C]. Proceedings of the 19th ACM Symposium on Operating Systems Principles, New York, USA, 2003: 164-177.
    [10] Wojtczuk R. Subverting the xen hypervisor[R]. Black Hat, USA, 2008.
    [11] Rutkowska J and Tereshkin A. Bluepilling the xen hypervisor[R]. Black Hat, USA, 2008.
    [12] Zovi D D. Hardware virtualization rootkits[R]. Black Hat Briefings, USA, 2006.
    [13] Klein G, Elphinstone K, Heiser G, et al.. SeL4: formal verification of an OS kernel[C]. Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, New York, USA, 2009: 207-220.
    [14] Barthe G, Betarte G, Campo J D, et al.. Formally verifying isolation and availability in an idealized model of virtualization[C]. Proceedings of the 17th International Symposium on Formal Methods, Limerick, Ireland, 2011: 231-245.
    [15] Baumann C, Bormer T, Blasum H, et al.. Proving memory separation in a microkernel by code level verification[C]. Proceedings of the 14th IEEE International Symposium on/ Object/Component/Service-OrientedReal-Time Distributed Computing Workshops, Reno, NV, USA, 2011: 25-32.
    [16] Shinagawa T, Eiraku H, Tanimoto K, et al.. Bitvisor: a thin hypervisor for enforcing I/O device security[C]. Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, New York, USA, 2009: 121-130.
    [17] Steinberg U and Kauer B. NOVA: a microhypervisor-based secure virtualization architecture[C]. Proceedings of the 5th European Conference on Computer Systems, New York, USA, 2010: 209-222.
    [18] Nguyen A, Raj H, Rayanchu S, et al.. Delusional boot: securing hypervisors without massive re-engineering[C]. Proceedings of the 7th ACM European Conference on Computer Systems, New York, USA, 2012: 141-154.
    [19] Wang Z and Jiang X. HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity[C]. Proceedings of the 31st IEEE Symposium on Security and Privacy, Oakland, USA, 2010: 380-395.
    [20] Azab A M, Ning P, Wang Z, et al.. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity[C]. Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 38-49.
    [21] Wang J, Stavrou A, and Ghosh A. HyperCheck: a hardware-assisted integrity monitor[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 11(4): 332-344.
    [22] Ding B, He Y, Wu Y, et al.. HyperVerify: a vm-assisted architecture for monitoring hypervisor non-control data[C]. Proceedings of the IEEE 7th International Conference on Software Security and Reliability-Companion, Gaithersburg, MD, USA, 2013: 26-34.
    [23] Liu Z, Lee J H, Zeng J, et al.. CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM[C]. Proceedings of the 40th Annual International Symposium on Computer Architecture, Tel-Aviv, Israel, 2013: 392-403.
    [24] Chen S, Xu J, Sezer E C, et al.. Non-control-data attacks are realistic threats[C]. Proceedings of the 14th Usenix Security Symposium, Baltimore, MD, USA, 2005: 177-192.
    [25] Ding B, He Y, Wu Y, et al.. Systemic threats to hypervisor non-control data[J]. IET Information Security, 2013, 7(4): 349-354.
    [26] 俞能海, 郝卓, 徐甲甲, 等. 云安全研究进展综述[J]. 电子学报, 2013, 41(2): 371-381.
    [27] Yu Neng-hai, Hao Zhuo, Xu Jia-jia, et al.. Review of cloud computing security[J]. Acta Electronica Sinica, 2013, 41(2): 371-381.
    [28] Park J and Sandhu R. Towards usage control models: beyond traditional access control[C]. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, 2002: 57-64.
    [29] 熊厚仁, 陈性元, 张斌, 等. 基于双层角色和组织的可扩展访问控制模型[J]. 电子与信息学报, 2015, DOI: 10.11999/ JEIT141255.
    [30] Xiong Hou-ren, Chen Xing-yuan, Zhang Bin, et al.. Scalable access control model based on double-tier role and organization[J]. Journal of Electronics Information Technology, 2015, DOI:  10.11999/JEIT141255.
    [31] Alferes J J, Banti F, and Brogi A. An event-condition-action logic programming language[C]. Proceedings of the 10th European Conference on JELIA, Liverpool, 2006: 29-42.
    [32] Kivity A, Kamay Y, Laor D, et al.. KVM: the linux virtual machine monitor[C]. Proceedings of the 2007 Linux Symposium, Ottawa, Canada, 2007: 225-230.
  • [1] 田俊峰, 屈雪晴, 何欣枫, 李珍.  基于哈希图的虚拟机实时迁移方法, 电子与信息学报. doi: 10.11999/JEIT190200
    [2] 刘雪艳, 芦婷婷, 杨晓涛.  具有隐私保护的完整性可验证的关键字搜索方案, 电子与信息学报. doi: 10.11999/JEIT190817
    [3] 曾帅, 钱志华, 赵天烽, 任彦, 王育杰.  生存性条件约束下的软件定义光网络控制器部署算法, 电子与信息学报. doi: 10.11999/JEIT190395
    [4] 曾帅, 盖绍聪, 张毅, 赵国锋, 左理政.  软件定义光网络中一种时延约束的控制器生存性部署方法, 电子与信息学报. doi: 10.11999/JEIT160820
    [5] 史久根, 许辉亮, 陆立鹏.  软件定义网络中数据中心虚拟机迁移序列问题的研究, 电子与信息学报. doi: 10.11999/JEIT160792
    [6] 黄艳, 张启坤, 段赵磊, 古志民.  基于缓存行为特征的线程数据预取距离控制策略, 电子与信息学报. doi: 10.11999/JEIT141429
    [7] 杨立君, 丁超, 吴蒙.  一种同时保障隐私性与完整性的无线传感器网络可恢复数据聚合方案, 电子与信息学报. doi: 10.11999/JEIT150208
    [8] 余建军, 吴春明.  支持接入控制的虚拟网映射近似算法, 电子与信息学报. doi: 10.3724/SP.J.1146.2013.00965
    [9] 颜湘涛, 李益发.  基于消息认证函数的云端数据完整性检测方案, 电子与信息学报. doi: 10.3724/SP.J.1146.2012.00629
    [10] 罗卿, 林亚平, 王雷, 尹波.  传感器网络中基于数据融合的栅栏覆盖控制研究, 电子与信息学报. doi: 10.3724/SP.J.1146.2011.00446
    [11] 刘孜文, 冯登国.  基于可信计算的动态完整性度量架构, 电子与信息学报. doi: 10.3724/SP.J.1146.2009.00408
    [12] 丁同浩, 李玉山, 张伟, 闫旭, 曲咏哲.  电磁带隙结构的信号完整性分析, 电子与信息学报. doi: 10.3724/SP.J.1146.2009.00568
    [13] 丁凡, 宋丽茹, 熊华钢.  FC-AE-ASM网络数据发送控制算法研究, 电子与信息学报. doi: 10.3724/SP.J.1146.2008.00769
    [14] 袁琴, 方旭明.  业务非均匀分布CDMA系统中一种基于公平性保证的贪婪呼叫接纳控制策略, 电子与信息学报. doi: 10.3724/SP.J.1146.2006.01985
    [15] 王莹, 刘宝玲, 沈晓冬, 张平.  分布式虚拟群小区中的接入控制, 电子与信息学报.
    [16] 刘亚伟, 荆涛, 卢燕飞, 冯玉珉.  基于缓存的语音/数据呼叫无线接入控制算法, 电子与信息学报.
    [17] 姜正涛, 庞辽军, 王育民.  一种高效的可选择验证完整性和消息源的加密体制, 电子与信息学报.
    [18] 乔庐峰, 王志功, 黄斌, 陆园琳.  PCI总线多用户数据缓冲区管理器的实现, 电子与信息学报.
    [19] 任丰原, 王福豹, 任勇, 山秀明.  主动队列管理中的PID控制器, 电子与信息学报.
    [20] 徐德, 杨莹春.  通用硬件模糊控制器研究, 电子与信息学报.
  • 加载中
  • 计量
    • 文章访问数:  564
    • HTML全文浏览量:  92
    • PDF下载量:  684
    • 被引次数: 0
    出版历程
    • 收稿日期:  2015-01-27
    • 修回日期:  2015-06-23
    • 刊出日期:  2015-10-19

    目录

      /

      返回文章
      返回

      官方微信,欢迎关注