东篱科研大数据发现系统（DRDS）

位置：成果数据库 > 期刊 > 期刊详情页

A Concurrent Security Monitoring Method for Virtualization Environments

ISSN号：1673-5447
期刊名称：中国通信
时间：0
页码：-
分类：TP391.9[自动化与计算机技术—计算机应用技术;自动化与计算机技术—计算机科学与技术] TV698.19[水利工程—水利水电工程]
作者机构：[1]Beijing Key Laboratory of Software Security Engineering Technique, School of Software, Beijing Institute of Technology, Beijing 100081,China, [2]State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China, [3]Key Laboratory of IOT Application Technology of Universities in Yunnan Province, Yunnan Minzu University, Kunming 650500, China
相关基金：supported in part by National Natural Science Foundation of China（NSFC）under Grant No.61100228 and 61202479; the National High-tech R＆D Program of China under Grant No.2012AA013101; the Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No.XDA06030601 and XDA06010701; Open Found of Key Laboratory of IOT Application Technology of Universities in Yunnan Province Grant No.2015IOT03
相关项目：群上高效秘密共享算法研究

作者： TIAN Donghai|JIA Xiaoqi|CHEN Junhua|HU Changzhen|

关键词：虚拟化技术, 安全监控, 执行环境, 监测方法, 并发, 目标系统, 安全事件, 系统管理程序, security virtualization technology concurrent monitoring

中文摘要：

Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport’s ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.

英文摘要：

Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport＇s ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.

同期刊论文项目