一种面向云平台的虚拟机内存SLA审计机制

李攀攀; 张宏莉; 邓会敏; 周志刚

doi:10.3969/j.issn.1000-0801.2013.06.012

您当前的位置：

首页 >

文章列表页 >

一种面向云平台的虚拟机内存SLA审计机制

研究与开发 | 更新时间：2024-06-05

- 一种面向云平台的虚拟机内存SLA审计机制
- SLA Audit Mechanism of Virtual Machine Memory on Cloud
- 电信科学 2013年29卷第6期页码：72-81
- 作者机构：
- 作者简介：
  
  [ "李攀攀，男，哈尔滨工业大学博士研究生，主要研究方向为云计算、网络安全等。" ]
  [ "张宏莉，女，博士，哈尔滨工业大学教授，主要研究方向为云计算、网络安全、网络计算等。" ]
  [ "邓会敏，男，哈尔滨工业大学硕士研究生，主要研究方向为云计算、网络安全等。" ]
  [ "周志刚，男，哈尔滨工业大学博士研究生，主要研究方向为云计算、数据库安全等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61100188);国家自然科学基金资助项目(61173144);国家重点基础研究发展计划（“973”计划）基金资助项目;The National Basic Research Program of China （973 Program）(2011CB302605);国家高技术研究发展计划（“863”计划）基金资助项目;The National High Technology Research and Development Program of China（863 Program）(2011AA010705)
- DOI：10.3969/j.issn.1000-0801.2013.06.012
  中图分类号：
- 网络出版日期：2013-06，
  
  纸质出版日期：2013-06-20
- 稿件说明：
移动端阅览
李攀攀, 张宏莉, 邓会敏, 等. 一种面向云平台的虚拟机内存SLA审计机制[J]. 电信科学, 2013,29(6):72-81.

Panpan Li, Hongli Zhang, Huimin Deng, et al. SLA Audit Mechanism of Virtual Machine Memory on Cloud[J]. Telecommunications science, 2013, 29(6): 72-81.
李攀攀, 张宏莉, 邓会敏, 等. 一种面向云平台的虚拟机内存SLA审计机制[J]. 电信科学, 2013,29(6):72-81. DOI： 10.3969/j.issn.1000-0801.2013.06.012.

Panpan Li, Hongli Zhang, Huimin Deng, et al. SLA Audit Mechanism of Virtual Machine Memory on Cloud[J]. Telecommunications science, 2013, 29(6): 72-81. DOI： 10.3969/j.issn.1000-0801.2013.06.012.

摘要

针对云计算的服务模式屏蔽了云租户的物理硬件视图，不可信的云服务提供商（cloud service provider

CSP）可能利用廉价的硬盘资源通过虚拟化技术，违背服务等级协议约定（service level agreement

SLA）按物理内存定价标准为云租户提供服务这一问题，为了审计CSP提供内存服务的SLA合约性，提出了由Xen层到物理硬件层的内存轻量级测量的SLA合约性审计方案。同时引入可信启动机制和HyperSentry用于保证审计系统的可信启动和完整性运行，提出了带云租户签名机制的Diffie-Hellman密钥交换协议支持策略安全和可信告警。实验结果表明，在虚拟机运行环境下该方法能高效地进行内存SLA合约性审计，同时具有较高的云租户自定义策略扩展性和较低的性能开销。

Abstract

Cloud service style has shield physical hardware view to cloud tenant

thus untrusted CSP（cloud service provider）may replace expensive physical memory by cheaper hard disk resource

which violates the SLA. Therefore

in order to audit memory SLA of cloud

a novel scheme for auditing physical memory of VM was proposed. This scheme is based on light-weight memory measurement SLA auditing by Xen layer to physical layer. Meanwhile

trust boot mechanism and HyperSentry module to ensure trust boot and integrity guarantee at running time were introduced. Then

digital signatures-based Diffie-Hellman key exchange protocol was also proposed to support strategy security exchange and trust alarm. The experimental results indicate that the proposed module can effectively audit VM memory SLA

and also support strong expansibility of cloud tenant customize strategy with low overhead.

关键词

Keywords

references

Ristenpart T , Tromer E , Shacham H , et al . Finance: status, innovations, resources and future challenges [J ] . Managerial Finance , 2008 ( 6 ): 365 - 398 .

Amazon relational database service （Amazon RDS）. http://aws. amazon.com/rds http://aws. amazon.com/rds , 2012

Xen,the powerful open source industry standard for virtualization . http://www.xen.org http://www.xen.org , 2012

Azab A M , Ning P , Wang Z , et al . HyperSentry: enabling stealthy incontext measurement of hypervisor integrity . Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, USA , 2010 : 38 ～ 49

Zhang Y , Juels A , Oprea A , et al . Home alonecoresidency detection in the cloud via sidechannel analysis . Proceedings of the 23nd IEEE Symposium on Security and Privacy, Oakland, USA , 2011 : 313 ～ 328

Ye L , Zhang H , Shi J , et al . Verify cloud service level agreement . Proceedings of IEEE Global Communications Conference, Anaheim, USA , 2012 : 777 ～ 782

Wang X , Zang J , Wang Z , et al . Selective hardware/software memory virtualization . Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, Newport Beach, USA , 2011 : 217 ～ 226

Zhu J , Jiang Z , Xiao Z , et al . Optimizing the performance of virtual machine synchronization for fault tolerance . IEEE Transactions on Computers , 2011 , 60 ( 12 ): 1718 ～ 1729

Szefer J , Lee R B . Architectural support for hypervisorsecure virtualization . Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems, London, UK , 2012 : 437 ～ 450

Payne B D , Carbone M D P , Lee W . Secure and flexible monitoring of virtual machines . Proceedings of the 23rd Annual Computer Security Applications Conference, Miami Beach, USA , 2007 : 385 ～ 397

Tian H , Zhan Y , Wang Y M . Analysis of host authentication mechanism in current POD copy protection system . IEEE Transactions on Consumer Electronics , 2005 , 51 ( 3 ): 922 ～ 924

Liu L , Chu R , Zhu Y , et al . DMSS: a dynamic memory scheduling system in server consolidation environments . Proceedings of the 15th IEEE International Symposium on Object/Component/ServiceOriented RealTime Distributed Computing Workshops, Shenzhen, China , 2012 : 70 ～ 75

Baker Z K , Prasanna V K . A computationally efficient engine for flexible intrusion detection . IEEE Transactions on Very Large Scale Integration Systems , 2005 , 13 ( 10 ): 1179 ～ 1189

Heo J , Zhu X , Padala P , et al . Memory overbooking and dynamic control of xen virtual machines in consolidated environments . Proceedings of 11th IFIP/IEEE International Symposium on Integrated Network Management, New York, USA , 2009 : 630 ～ 637

Long N , Colin B , Nieto G , et al . Automated proofs for diffiehellmanbased key exchanges . Proceedings of the 24th IEEE Computer Security Foundations Symposium, France , 2011 : 51 ～ 65

HPLA portable implementation of the highperformance linpack benchmark for distributedmemory computers . http://netlib.org/benchmark/hpl http://netlib.org/benchmark/hpl , 2012

Kistler M , Gunnels J , Brokenshire D , et al . Programming the linpack benchmark for roadrunner . IBM Journal of Research and Development , 2009 , 53 ( 5 ): 1 ～ 11 .

SPEC CPU2000 . http://www.spec.org/cpu2000 http://www.spec.org/cpu2000 , 2012

Wang M , Wu X , Zhang W , et al . A conceptual platform of SLA in cloud computing . Proceedings of the IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, Sydney, Australia , 2011 : 1131 ～ 1135

Wang Z , Tang X , Luo X . Policybased SLAaware cloud service provision framework . Proceedings of 7th International Conference on Semantics Knowledge and Grid, Beijing, China , 2011 : 114 ～ 121

浏览量

432

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

软件定义网络创新实验平台的构建与运用

“双活”数据中心的设计实现

SDN驱动构建运营商新型业务平台体系

一种云环境下的镜像文件存储系统

运营商业务平台云计算资源池建设方案探讨