政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/76870
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113160/144130 (79%)
Visitors : 50751351      Online Users : 281
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大典藏 > College of Commerce > Department of MIS > Theses >  Item 140.119/76870
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/76870


    Title: 使用虛擬化偵察以強化核心虛擬機器的雲端平台
    Securing KVM-based Cloud Systems via Virtualization Introspection
    Authors: 李聖瑋
    Lee, Sheng Wei
    Contributors: 郁方
    Yu, Fang
    李聖瑋
    Lee, Sheng Wei
    Keywords: 雲端運算
    資訊安全
    虛擬化
    惡意行為偵測
    Cloud Computing
    Cybersecurity
    Virtualization
    Malicious behavior detection
    Date: 2015
    Issue Date: 2015-07-27 11:23:26 (UTC+8)
    Abstract: Linux 核心虛擬機器 (KVM) 在雲端運算生態系統內的基礎建設即為服務平台(Infrastructure as a Service) 上是最熱門的虛擬化管理程序 (Hypervisor)。Linux 核心虛擬機器提供了全虛擬化的環境,包含虛擬化的 CPU,網路卡及主機板上的晶片,在 Linux 核心虛擬機器上面可以安裝異質的作業系統在虛擬主機裡面。我們提出了新的虛擬化偵察系統 (Virtualization Introspection System),可以保護虛擬主機以及運作虛擬化管理程序的實體主機, 儘管虛擬主機是運作在各種不同的虛擬化管理程序, 虛擬化偵察系統可以保護虛擬主機與實體主機不被惡意的駭客攻擊。 虛擬化偵察系統蒐集虛擬主機的動態及靜態資料來偵測及攔截惡意攻擊。 我們使用了虛擬主機重現了各種不同的惡意攻擊, 然後使用非監督的人工智慧學習技術來產生偵測規則。 我們的虛擬化偵察系統也整合了雲端運算系統平台像是 OpenStack 和 OpenNebula。
    Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hypervisor drivers in the Infrastructure as a Service (IaaS) layer of cloud computing ecosystems. The KVM hypervisor provides a full-virtualized environment that virtualizes as much hardware as possible, including CPUs, network interfaces and chipsets with KVM, where heterogeneous operating systems can be installed by Virtual Machines (VMs) in an homogeneous environment. We have proposed a new Virtualization Introspection System (VIS) to protect the host as well as VMs running on various hypervisors of cloud computing structure from malicious attacks. VIS detects and intercepts attacks from VMs by collecting their static and dynamic status. We then replay the attacks on VMs and utilize artificial intelligence derived from unsupervised learning techniques to derive effective decision rules. VIS can be further integrated with common cloud middleware, such as OpenStack and OpenNebula.
    Reference: [ 1]
    Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
    [ 2]
    Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., ... & Xu, D. (2010, October). Dksm: Subverting virtual machine introspection for fun and profit. In Reliable Distributed Systems, 2010 29th IEEE Symposium on (pp. 82-91). IEEE.
    [ 3]
    Bartholomew, D. (2006). Qemu a multihost multitarget emulator. Linux Journal, 2006(145), 3.
    [ 4]
    Bellard, F. (2005, April). QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference, FREENIX Track (pp. 41-46).
    [ 5]
    Biermann, A. W., & Feldman, J. A. (1972). On the synthesis of finite-state machines from samples of their behavior. Computers, IEEE Transactions on, 100(6), 592-597.
    [ 6]
    Caron, E., Desprez, F., Loureiro, D., & Muresan, A. (2009, September). Cloud computing resource management through a grid middleware: A case study with DIET and eucalyptus. In Cloud Computing, 2009. CLOUD`09. IEEE International Conference on (pp. 151-154). IEEE.
    [ 7]
    Catteddu, D. (2010). Cloud Computing: benefits, risks and recommendations for information security. In Web Application Security (pp. 17-17). Springer Berlin Heidelberg.
    [ 8]
    Elhage, N. (2011). Virtunoid: A KVM Guest-> Host privilege escalation exploit. Black Hat USA, 2011.
    [ 9]
    Ernst, M. D., Cockrell, J., Griswold, W. G., & Notkin, D. (2001). Dynamically discovering likely program invariants to support program evolution. Software Engineering, IEEE Transactions on, 27(2), 99-123.
    [ 10]
    Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., ... & Stoica, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13.
    [ 11]
    Garfinkel, T., & Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).
    [ 12]
    GHSOM. Retrieved March, 2012, from http://www.ifs.tuwien.ac.at/~andi/ghsom/.
    [ 13]
    Hartigan, J. A., & Wong, M. A. (1979). Algorithm AS 136: A k-means clustering algorithm.70 Applied statistics, 100-108.
    [ 14]
    Hsiao, S. W., Chen, Y. N., Sun, Y. S., & Chen, M. C. (2013, October). A cooperative botnet profiling and detection in virtualized environment. In Communications and Network Security (CNS), 2013 IEEE Conference on (pp. 154-162). IEEE.
    [ 15]
    Kruegel, C., Kirda, E., & Bayer, U. (2006, April). TTAnalyze: A tool for analyzing malware. In Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference (EICAR).
    [ 16]
    Lee, S. W., & Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.
    [ 17]
    Lee, S. W., Tsai, D. B.(2006, December). A Guide to Having Fun with the Next Generation Linux, Ubuntu, ISBN: 9867199979, Taipei, Taiwan, , GrandTech Press.
    [ 18]
    libvirt: The virtualization API, Retrieved March, 2012, from http://libvirt.org.
    [ 19]
    Lo, D., & Khoo, S. C. (2008). Mining patterns and rules for software specification discovery. Proceedings of the VLDB Endowment, 1(2), 1609-1616.
    [ 20]
    Lombardi, F., & Di Pietro, R. (2009, March). KvmSec: a security extension for Linux kernel virtual machines. In Proceedings of the 2009 ACM symposium on Applied Computing (pp. 2029-2034). ACM.
    [ 21]
    Lombardi, F., & Di Pietro, R. (2010). CUDACS: securing the cloud with CUDA-enabled secure virtualization. In Information and Communications Security (pp. 92-106). Springer Berlin Heidelberg.
    [ 22]
    Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4), 1113-1122.
    [ 23]
    Metasploit, Retrieved March, 2012, from. http://www.metasploit/, 2013.
    [ 24]
    Milojičić, D., Llorente, I. M., & Montero, R. S. (2011). Opennebula: A cloud management tool. IEEE Internet Computing, (2), 11-14.
    [ 25]
    Openecp, Retrieved March, 2012, from http://www.openecp.org.
    [ 26]
    Payne, B. D., Carbone, M., Sharif, M., & Lee, W. (2008, May). Lares: An architecture for secure active monitoring using virtualization. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (pp. 233-247). IEEE.
    [ 27]
    Peter, M., Schild, H., Lackorzynski, A., & Warg, A. (2009, March). Virtual machines jailed:
    71
    virtualization in systems with small trusted computing bases. In Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems (pp. 18-23). ACM.
    [ 28]
    Pfoh, J., Schneider, C., & Eckert, C. (2011). Nitro: Hardware-based system call tracing for virtual machines. In Advances in Information and Computer Security (pp. 96-112). Springer Berlin Heidelberg.
    [ 29]
    Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.
    [ 30]
    Santos, I., Brezo, F., Ugarte-Pedrero, X., & Bringas, P. G. (2013). Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences, 231, 64-82.
    [ 31]
    Sefraoui, O., Aissaoui, M., & Eleuldj, M. (2012). OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55(3), 38-42.
    [ 32]
    Seshadri, A., Luk, M., Qu, N., & Perrig, A. (2007). SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. ACM SIGOPS Operating Systems Review, 41(6), 335-350.
    [ 33]
    Siebenlist, F. (2009, June). Challenges and opportunities for virtualized security in the clouds. In Proceedings of the 14th ACM symposium on Access control models and technologies (pp. 1-2). ACM.
    [ 34]
    Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October). All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 3-14). ACM.
    [ 35]
    Sung, A. H., Xu, J., Chavez, P., & Mukkamala, S. (2004, December). Static analyzer of vicious executables (save). In Computer Security Applications Conference, 2004. 20th Annual (pp. 326-334). IEEE.
    [ 36]
    Wu, Y. S., Sun, P. K., Huang, C. C., Lu, S. J., Lai, S. F., & Chen, Y. Y. (2013, June). EagleEye: Towards mandatory security monitoring in virtualized datacenter environment. In Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on (pp. 1-12). IEEE.
    [ 37]
    Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future 72 Generation computer systems, 28(3), 583-592.
    Description: 碩士
    國立政治大學
    資訊管理研究所
    100356010
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G1003560102
    Data Type: thesis
    Appears in Collections:[Department of MIS] Theses

    Files in This Item:

    File SizeFormat
    010201.pdf4424KbAdobe PDF2620View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback