云计算环境中的虚拟机同驻安全问题综述

在云计算环境中,为了实现资源共享,不同租户的虚拟机可能运行在同一台物理机器上,即虚拟机同驻,这将带来新的安全问题。为此,文章重点讨论同驻虚拟机所面临的一些新的安全威胁,包括资源干扰、隐蔽通道/侧信道、拒绝服务与虚拟机负载监听等,介绍现有虚拟机同驻探测方法,总结针对虚拟机同驻威胁的四种防御思路,并分析未来的研究趋势。     

基于移动目标防御信号博弈的容器迁移策略

容器作为虚拟机的轻量级替代产品,以其灵活、高效的特点促进了云计算的发展,但同时也面临着同驻攻击、逃逸攻击等安全威胁。针对云环境中的容器安全威胁,构建了基于移动目标防御的信号博弈模型,并提出了多阶段最优防御策略求解算法,通过博弈模型和求解算法选取最优策略,同时通过容器调度方法对容器进行调度,可以增强容器安全性。仿真实验结果表明,提出的迁移策略获取的防御收益相较于Kubernetes自带迁移策略提升了3.6倍,同时容器同驻率降低了79.62%,对现实容器云环境下的防御策略选取和安全性增强具有一定的借鉴意义。     

云环境中基于cache负载实时定噪的同驻分析方法

云计算具有使用便捷、可按需定制服务、优化资源利用等特点,成为提供外包服务的主要计算模式。云环境中的虚拟机侧通道攻击是云计算的主要潜在威胁之一,同驻是云环境中侧通道攻击的前提。针对如何在多租户云环境下进行同驻检测,提出基于链式结构的Prime-Probe测量cache负载方法MCLPPLS和针对云环境噪声复杂多变问题的实时噪声分析机制RTNAM。结合MCLPPLS与RTNAM提出一种新型的同驻检测分析方法。实验表明,该方法能减少突发噪声对同驻检测的干扰,有较高的同驻检测正确率及较低的同驻检测时耗,表现出良好的性能。     

An Analytical Model for Estimating Cloud Resources of Elastic Services

In the cloud, ensuring proper elasticity for hosted applications and services is a challenging problem and far from being solved. To achieve proper elasticity, the minimal number of cloud resources that are needed to satisfy a particular service level objective (SLO) requirement has to be determined. In this paper, we present an analytical model based on Markov chains to predict the number of cloud instances or virtual machines (VMs) needed to satisfy a given SLO performance requirement such as response time, throughput, or request loss probability. For the estimation of these SLO performance metrics, our analytical model takes the offered workload, the number of VM instances as an input, and the capacity of each VM instance. The correctness of the model has been verified using discrete-event simulation. Our model has also been validated using experimental measurements conducted on the Amazon Web Services cloud platform.     

抗旋转的整数小波变换数字水印算法

现有的大多数基于小波变换的水印算法没有抵抗几何攻击的能力，例如将图像旋转微小的角度即可导致水印检测的失败。为了提高基于小波变换的水印算法抵抗图像旋转攻击的能力，提出了一种抗旋转的整数小波变换盲水印算法。该算法通过在嵌人水印后的图像中嵌人一个模板，在图像遭到旋转攻击后，利用模板能有效地恢复图像，达到水印提取同步，从而准确地提取出水印。实验结果表明，0到360度的旋转攻击均能被准确监测到，从而证明了该方法是一种鲁棒的能有效抵抗旋转攻击的图像水印算法。     

抗旋转的整数小波变换数字水印算法

现有的大多数基于小波变换的水印算法没有抵抗几何攻击的能力,例如将图像旋转微小的角度即可导致水印检测的失败。为了提高基于小波变换的水印算法抵抗图像旋转攻击的能力,提出了一种抗旋转的整数小波变换盲水印算法。该算法通过在嵌入水印后的图像中嵌入一个模板,在图像遭到旋转攻击后,利用模板能有效地恢复图像,达到水印提取同步,从而准确地提取出水印。实验结果表明,0到360度的旋转攻击均能被准确监测到,从而证明了该方法是一种鲁棒的能有效抵抗旋转攻击的图像水印算法。     

DFA-VMP: An efficient and secure virtual machine placement strategy under cloud environment

The problem of Virtual Machine (VM) placement is critical to the security and efficiency of the cloud infrastructure. Nowadays most research focuses on the influences caused by the deployed VM on the data center load, energy consumption, resource loss, etc. Few works consider the security and privacy issues of the tenant data on the VM. For instance, as the application of virtualization technology, the VM from different tenants may be placed on one physical host. Hence, attackers may steal secrets from other tenants by using the side-channel attack based on the shared physical resources, which will threat the data security of the tenants in the cloud computing. To address the above issues, this paper proposes an efficient and secure VM placement strategy. Firstly, we define the related security and efficiency indices in the cloud computing system. Then, we establish a multi-objective constraint optimization model for the VM placement considering the security and performance of the system, and find resolution towards this model based on the discrete firefly algorithm. The experimental results in OpenStack cloud platform indicates that the above strategy can effectively reduce the possibility of malicious tenants and targeted tenants on the same physical node, and reduce energy consumption and resource loss at the data center.     

容器云中基于信号博弈的容器迁移与蜜罐部署策略

SaaS 云中的多租户共存和资源共享模式会带来严重的安全隐患。一方面逻辑上命名空间的软隔离容易被绕过或突破,另一方面由于共享宿主机操作系统和底层物理资源容易遭受同驻攻击,对容器云中数据可用性、完整性、机密性产生严重威胁。针对 SaaS 云服务容易遭受容器逃逸、侧信道等同驻攻击的问题,网络欺骗技术通过隐藏执行体的业务功能和特征属性,增加云环境的不确定度,降低攻击的有效性。针对容器易遭受同驻攻击的安全威胁,结合动态迁移、虚拟蜜罐等安全技术,研究经济合理的网络欺骗方法降低同驻攻击带来的安全威胁。具体而言,提出一种基于信号博弈的容器迁移与蜜罐部署策略。依据容器面临的安全威胁分析,使用容器迁移和蜜罐两种技术作为防御方法,前者基于移动目标防御的思想提高系统的不可探测性,后者通过布置诱饵容器或提供虚假服务来迷惑攻击者;鉴于网络嗅探是网络攻击链的前置步骤,将攻防过程建模为双人不完整信息的信号博弈,发送者根据自己类型选择释放一个信号,接收者仅能够获取到发送者释放的信号,而不能确定其类型。对这个完全但不完美的信息动态博弈构建博弈树,设置攻防双方不同策略组合的开销和收益;对攻防模型进行均衡分析确定最优的欺骗策略。实验结果表明,所提策略能够有效提高系统安全性,同时能够降低容器迁移频率和防御开销。     

云环境下的软件保护方案

分析云环境下各方通过协作完成任务的应用场景,发现该场景中存在遭受软件使用方的安全攻击,然后设计了一种云环境下的软件水印方案以抵抗该风险。通过在云计算环境中增加一个软件水印服务,该服务只能被云服务提供商访问,软件开发人员在上传软件前嵌入可见的安全标签,上传后由软件水印系统嵌入不可见水印,该水印与可见安全标签对应,如果该软件被使用方修改后重新嵌入可见安全标签并上传,则水印检测模块可以检测到该可见安全标签与提取出的水印不匹配的现象,从而告警。最后,在Hadoop框架下实现该方案,并分析了该方案的时间复杂度、漏报率和误报率。分析表明,该算法正确且能够有效地解决协作云下来自软件使用方的安全攻击。     

结合视觉密码和离散小波变换的栅格地理数据双重水印

目的 在栅格地理数据的使用过程中,为防止数据被破坏或被篡改,需要加强对数据完整性的检验;为防止数据被恶意传播,需要加强对数据版权信息的保护。双重水印技术可以同时完成这两项任务。方法 利用基于异或的（2,2）-视觉密码方案VCS（visual cryptography scheme）和离散小波变换DWT（discrete wavelet transform）,对数字栅格地理数据嵌入双重水印,使用半脆弱性水印作为第1重水印进行完整性检验,水印信息依据DWT变换后高频系数中水平分量之间的大小关系嵌入;使用零水印作为第2重水印进行版权保护,提取DWT变换后经低频子带奇异值分解的特征值生成特征份,利用基于异或的（2,2）-VCS,根据特征份和水印信息生成版权份。结果 为验证算法的有效性,对具体的栅格地理数据进行实验分析。结果表明,本文算法中第1重水印能够正确区分偶然攻击和恶意破坏,对含水印的栅格地理数据进行质量因子为90、80、70、60、50的JPEG压缩后,提取出完整性水印的归一化相关系数NC（normalized correlation）值分别是1、0.996、0.987、0.9513、0.949,在定位裁剪攻击时,能准确地定位到篡改的位置,对于定位替换攻击时,能定位到篡改的大致位置;第2重水印具有良好的视觉效果和较强的鲁棒性,对含水印的栅格地理数据进行滤波攻击、JPEG压缩、裁剪攻击、缩放攻击等性能测试,提取出版权水印的NC值优于其他方案。结论 论文基于异或的（2,2）-VCS和DWT提出的栅格地理数据双重水印算法,在实现数据完整性检验的同时达到了版权保护的目的。     

DDBS:云数据中心基于数据依赖的虚拟机选择策略

提出了一种云数据中心基于数据依赖的虚拟机选择算法DDBS(data dependency based VM selection).参考Cloudsim项目中方法,将虚拟机迁移过程划分为虚拟机选择操作(VM selection)和虚拟机放置(VM placement)操作.DDBS在虚拟机选择过程中考虑虚拟机之间的数据依赖关系,把选择与迁移代价值比较小的虚拟机形成侯选虚拟机列表,配合后续的虚拟机放置策略最终完成虚拟机的迁移过程.以Cloudsim云计算模拟器中的虚拟机选择及放置策略作为性能比较对象.实验结果表明:DDBS与Cloudsim中已有能量感知的算法比较起来,在虚拟机迁移次数和能量消耗方面都比较少,可用性比较高.     

Task-Based System Load Balancing in Cloud Computing Using Particle Swarm Optimization

Live virtual machine (VM) migration is a technique for achieving system load balancing in a cloud environment by transferring an active VM from one physical host to another. This technique has been proposed to reduce the downtime for migrating overloaded VMs, but it is still time- and cost-consuming, and a large amount of memory is involved in the migration process. To overcome these drawbacks, we propose a Task-based System Load Balancing method using Particle Swarm Optimization (TBSLB-PSO) that achieves system load balancing by only transferring extra tasks from an overloaded VM instead of migrating the entire overloaded VM. We also design an optimization model to migrate these extra tasks to the new host VMs by applying Particle Swarm Optimization (PSO). To evaluate the proposed method, we extend the cloud simulator (Cloudsim) package and use PSO as its task scheduling model. The simulation results show that the proposed TBSLB-PSO method significantly reduces the time taken for the load balancing process compared to traditional load balancing approaches. Furthermore, in our proposed approach the overloaded VMs will not be paused during the migration process, and there is no need to use the VM pre-copy process. Therefore, the TBSLB-PSO method will eliminate VM downtime and the risk of losing the last activity performed by a customer, and will increase the Quality of Service experienced by cloud customers.     

Imperceptible digital watermarking scheme combining 4-level discrete wavelet transform with singular value decomposition

An imperceptible digital watermarking algorithm based on 4-level discrete wavelet transform, discrete cosine transform and singular value decomposition is designed. In this method, the 4-level diagonal sub-band image is obtained by performing the 4-level two-dimensional wavelet transform on the original image, and then a coefficient matrix is produced by applying the discrete cosine transform on the 4-level diagonal sub-band image. A diagonal matrix is constructed by performing the singular value decomposition on the coefficient matrix. The watermark is scrambled by Arnold transform and Logistic map, then the scrambled watermark is processed by the singular value decomposition. Later, the encryption process is completed by embedding the scrambled watermark singular value into the singular value of the coefficient matrix. Simulation results demonstrate that the proposed digital watermarking algorithm could resist JPEG compression attack, Salt and Pepper noise attack, Gaussian noise attack, filter attack, brightness change attack, geometric attack, cut attack, etc.

     

基于DSP的嵌入式数字水印系统研究与设计

针对彩色图像进行抗几何攻击水印算法研究,利用奇异值的稳定性,结合小波变换理论,给出了一种基于DWT-SVD的抗几何攻击的彩色图像水印算法。该算法将水印信息嵌入在载体图像CIEL＊a＊b＊颜色模型的亮度空间中,并对载体图像进行打印机输出和各种攻击处理;然后,利用TMS320DM642硬件平台实时采集含水印图像,进行水印的检测与提取;最后利用Matlab对采集的载体图像和提取的水印图像进行性能评估。各种实验结果表明,基于DSP实现的本水印算法对抵抗打印扫描过程中的几何攻击具有很好的鲁棒性。     

人工智能模型水印研究进展

以神经网络为代表的人工智能技术在计算机视觉、模式识别和自然语言处理等诸多应用领域取得了巨大的成功,包括谷歌、微软在内的许多科技公司都将人工智能模型部署在商业产品中,以提升服务质量和经济效益。然而,构建性能优异的人工智能模型需要消耗大量的数据、计算资源和专家知识,并且人工智能模型易于被未经授权的用户窃取、篡改和贩卖。在人工智能技术迅速发展的同时,如何保护人工智能模型的知识产权具有显著学术意义和产业需求。在此背景下,本文主要介绍基于数字水印的人工智能模型产权保护技术。通过与传统多媒体水印技术进行对比,首先概述了人工模型水印的研究意义、基础概念和评价指标;然后,依据水印提取者是否需要掌握目标模型的内容细节以及是否需要和目标模型进行交互,从“白盒”模型水印、“黑盒”模型水印、“无盒”模型水印3个不同的角度分别梳理了国内外研究现状并总结了不同方法的差异,与此同时,对脆弱模型水印也进行了分析和讨论;最后,通过对比不同方法的特点、优势和不足,总结了不同场景下模型水印的共性技术问题,并对发展趋势进行了展望。     

On covert channels between virtual machines

Virtualization technology has become very popular because of better hardware utilization and easy maintenance. However, there are chances for information leakage and possibilities of several covert channels for information flow between the virtual machines. Our work focuses on the experimental study of security threats in virtualization, especially due to covert channels and other forms of information leakage. The existence of data leakage during migration shutdown and destruction of virtual machines, is tested on different hypervisors. For empirically showing the possibility of covert channels between virtual machines, three new network based covert channels are hypothesized and demonstrated through implementation, on different hypervisors. One of the covert channels hypothesized is a TCP/IP steganography based covert channel. Other covert channels are a timing covert channel and a new network covert channel having two pairs of socket programs. We propose a VMM (Virtual Machine Monitor) based network covert channel avoidance mechanism, tackling detection resistant covert channel problems. We also address issue of reducing the possibilities of network based covert channels using VMM-level firewalls. In order to emphasize the importance of addressing the issue of information leakage through virtual machines, we illustrate the simplicity of launching network covert channel based attacks, by demonstrating an attack on a virtual machine using covert channels through implementation.     

CBAC4C: conflict-based VM isolation control for cloud computing

For businesses to benefit from the many opportunities of cloud computing, they must first address a number of security challenges, such as the potential leakage of confidential data to unintended third parties. An inter-VM (where VM is virtual machine) attack, also known as cross-VM attack, is one threat through which cloud-hosted confidential data could be leaked to unintended third parties. An inter-VM attack exploits vulnerabilities between co-resident guest VMs that share the same cloud infrastructure. In an attempt to stop such an attack, this paper uses the principles of logical analysis to model a solution that provides physical separation of VMs belonging to conflicting tenants based on their levels of conflict. The derived mathematical model is founded on scientific principles and implemented using four conflict-aware VM placement algorithms. The resultant algorithms consider a tenant's risk appetite and cost implications. The model offers guidance to VM placement and is validated using a proof of concept. A cloud simulation tool was used to test and evaluate the effectiveness and efficiency of the model. The findings reflect that the introduction of the proposed model introduced a time lag in the time it took to place VM instances. On top of this, it was also discovered that the number and size of the VM instances has an effect on the VM placement performance. The findings further illustrate that the conflict tolerance level of a VM has a direct impact on the time it took to place.     

基于矩阵置乱的自适应视频水印算法

视频数字水印技术是当前水印研究中的一个热点。为了更好的保证视频水印的鲁棒性,提出了一种基于MPEG-2运动分量的自适应数字水印算法。该算法首先利用矩阵置乱来确定水印片段的目标图像组,然后结合人眼视觉系统选择水印比特嵌入的运动分量。实验结果表明,该算法不仅对于针对视频水印的特殊攻击具有高鲁棒性,且水印嵌入前后图像的峰值信噪比仅有微弱差异。