政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/76870
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113160/144130 (79%)
造訪人次 : 50760223      線上人數 : 783
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 >  Item 140.119/76870
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/76870


    題名: 使用虛擬化偵察以強化核心虛擬機器的雲端平台
    Securing KVM-based Cloud Systems via Virtualization Introspection
    作者: 李聖瑋
    Lee, Sheng Wei
    貢獻者: 郁方
    Yu, Fang
    李聖瑋
    Lee, Sheng Wei
    關鍵詞: 雲端運算
    資訊安全
    虛擬化
    惡意行為偵測
    Cloud Computing
    Cybersecurity
    Virtualization
    Malicious behavior detection
    日期: 2015
    上傳時間: 2015-07-27 11:23:26 (UTC+8)
    摘要: Linux 核心虛擬機器 (KVM) 在雲端運算生態系統內的基礎建設即為服務平台(Infrastructure as a Service) 上是最熱門的虛擬化管理程序 (Hypervisor)。Linux 核心虛擬機器提供了全虛擬化的環境,包含虛擬化的 CPU,網路卡及主機板上的晶片,在 Linux 核心虛擬機器上面可以安裝異質的作業系統在虛擬主機裡面。我們提出了新的虛擬化偵察系統 (Virtualization Introspection System),可以保護虛擬主機以及運作虛擬化管理程序的實體主機, 儘管虛擬主機是運作在各種不同的虛擬化管理程序, 虛擬化偵察系統可以保護虛擬主機與實體主機不被惡意的駭客攻擊。 虛擬化偵察系統蒐集虛擬主機的動態及靜態資料來偵測及攔截惡意攻擊。 我們使用了虛擬主機重現了各種不同的惡意攻擊, 然後使用非監督的人工智慧學習技術來產生偵測規則。 我們的虛擬化偵察系統也整合了雲端運算系統平台像是 OpenStack 和 OpenNebula。
    Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hypervisor drivers in the Infrastructure as a Service (IaaS) layer of cloud computing ecosystems. The KVM hypervisor provides a full-virtualized environment that virtualizes as much hardware as possible, including CPUs, network interfaces and chipsets with KVM, where heterogeneous operating systems can be installed by Virtual Machines (VMs) in an homogeneous environment. We have proposed a new Virtualization Introspection System (VIS) to protect the host as well as VMs running on various hypervisors of cloud computing structure from malicious attacks. VIS detects and intercepts attacks from VMs by collecting their static and dynamic status. We then replay the attacks on VMs and utilize artificial intelligence derived from unsupervised learning techniques to derive effective decision rules. VIS can be further integrated with common cloud middleware, such as OpenStack and OpenNebula.
    參考文獻: [ 1]
    Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
    [ 2]
    Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., ... & Xu, D. (2010, October). Dksm: Subverting virtual machine introspection for fun and profit. In Reliable Distributed Systems, 2010 29th IEEE Symposium on (pp. 82-91). IEEE.
    [ 3]
    Bartholomew, D. (2006). Qemu a multihost multitarget emulator. Linux Journal, 2006(145), 3.
    [ 4]
    Bellard, F. (2005, April). QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference, FREENIX Track (pp. 41-46).
    [ 5]
    Biermann, A. W., & Feldman, J. A. (1972). On the synthesis of finite-state machines from samples of their behavior. Computers, IEEE Transactions on, 100(6), 592-597.
    [ 6]
    Caron, E., Desprez, F., Loureiro, D., & Muresan, A. (2009, September). Cloud computing resource management through a grid middleware: A case study with DIET and eucalyptus. In Cloud Computing, 2009. CLOUD`09. IEEE International Conference on (pp. 151-154). IEEE.
    [ 7]
    Catteddu, D. (2010). Cloud Computing: benefits, risks and recommendations for information security. In Web Application Security (pp. 17-17). Springer Berlin Heidelberg.
    [ 8]
    Elhage, N. (2011). Virtunoid: A KVM Guest-> Host privilege escalation exploit. Black Hat USA, 2011.
    [ 9]
    Ernst, M. D., Cockrell, J., Griswold, W. G., & Notkin, D. (2001). Dynamically discovering likely program invariants to support program evolution. Software Engineering, IEEE Transactions on, 27(2), 99-123.
    [ 10]
    Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., ... & Stoica, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13.
    [ 11]
    Garfinkel, T., & Rosenblum, M. (2003, February). A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS (Vol. 3, pp. 191-206).
    [ 12]
    GHSOM. Retrieved March, 2012, from http://www.ifs.tuwien.ac.at/~andi/ghsom/.
    [ 13]
    Hartigan, J. A., & Wong, M. A. (1979). Algorithm AS 136: A k-means clustering algorithm.70 Applied statistics, 100-108.
    [ 14]
    Hsiao, S. W., Chen, Y. N., Sun, Y. S., & Chen, M. C. (2013, October). A cooperative botnet profiling and detection in virtualized environment. In Communications and Network Security (CNS), 2013 IEEE Conference on (pp. 154-162). IEEE.
    [ 15]
    Kruegel, C., Kirda, E., & Bayer, U. (2006, April). TTAnalyze: A tool for analyzing malware. In Proceedings of the 15th European Institute for Computer Antivirus Research Annual Conference (EICAR).
    [ 16]
    Lee, S. W., & Yu, F. (2014, January). Securing KVM-Based Cloud Systems via Virtualization Introspection. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 5028-5037). IEEE.
    [ 17]
    Lee, S. W., Tsai, D. B.(2006, December). A Guide to Having Fun with the Next Generation Linux, Ubuntu, ISBN: 9867199979, Taipei, Taiwan, , GrandTech Press.
    [ 18]
    libvirt: The virtualization API, Retrieved March, 2012, from http://libvirt.org.
    [ 19]
    Lo, D., & Khoo, S. C. (2008). Mining patterns and rules for software specification discovery. Proceedings of the VLDB Endowment, 1(2), 1609-1616.
    [ 20]
    Lombardi, F., & Di Pietro, R. (2009, March). KvmSec: a security extension for Linux kernel virtual machines. In Proceedings of the 2009 ACM symposium on Applied Computing (pp. 2029-2034). ACM.
    [ 21]
    Lombardi, F., & Di Pietro, R. (2010). CUDACS: securing the cloud with CUDA-enabled secure virtualization. In Information and Communications Security (pp. 92-106). Springer Berlin Heidelberg.
    [ 22]
    Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud computing. Journal of Network and Computer Applications, 34(4), 1113-1122.
    [ 23]
    Metasploit, Retrieved March, 2012, from. http://www.metasploit/, 2013.
    [ 24]
    Milojičić, D., Llorente, I. M., & Montero, R. S. (2011). Opennebula: A cloud management tool. IEEE Internet Computing, (2), 11-14.
    [ 25]
    Openecp, Retrieved March, 2012, from http://www.openecp.org.
    [ 26]
    Payne, B. D., Carbone, M., Sharif, M., & Lee, W. (2008, May). Lares: An architecture for secure active monitoring using virtualization. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (pp. 233-247). IEEE.
    [ 27]
    Peter, M., Schild, H., Lackorzynski, A., & Warg, A. (2009, March). Virtual machines jailed:
    71
    virtualization in systems with small trusted computing bases. In Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems (pp. 18-23). ACM.
    [ 28]
    Pfoh, J., Schneider, C., & Eckert, C. (2011). Nitro: Hardware-based system call tracing for virtual machines. In Advances in Information and Computer Security (pp. 96-112). Springer Berlin Heidelberg.
    [ 29]
    Rieck, K., Holz, T., Willems, C., Düssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 108-125). Springer Berlin Heidelberg.
    [ 30]
    Santos, I., Brezo, F., Ugarte-Pedrero, X., & Bringas, P. G. (2013). Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences, 231, 64-82.
    [ 31]
    Sefraoui, O., Aissaoui, M., & Eleuldj, M. (2012). OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55(3), 38-42.
    [ 32]
    Seshadri, A., Luk, M., Qu, N., & Perrig, A. (2007). SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. ACM SIGOPS Operating Systems Review, 41(6), 335-350.
    [ 33]
    Siebenlist, F. (2009, June). Challenges and opportunities for virtualized security in the clouds. In Proceedings of the 14th ACM symposium on Access control models and technologies (pp. 1-2). ACM.
    [ 34]
    Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October). All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 3-14). ACM.
    [ 35]
    Sung, A. H., Xu, J., Chavez, P., & Mukkamala, S. (2004, December). Static analyzer of vicious executables (save). In Computer Security Applications Conference, 2004. 20th Annual (pp. 326-334). IEEE.
    [ 36]
    Wu, Y. S., Sun, P. K., Huang, C. C., Lu, S. J., Lai, S. F., & Chen, Y. Y. (2013, June). EagleEye: Towards mandatory security monitoring in virtualized datacenter environment. In Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on (pp. 1-12). IEEE.
    [ 37]
    Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future 72 Generation computer systems, 28(3), 583-592.
    描述: 碩士
    國立政治大學
    資訊管理研究所
    100356010
    資料來源: http://thesis.lib.nccu.edu.tw/record/#G1003560102
    資料類型: thesis
    顯示於類別:[資訊管理學系] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    010201.pdf4424KbAdobe PDF2620檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋