共查询到20条相似文献,搜索用时 611 毫秒
1.
2.
3.
4.
介绍了设计并实现的基于显卡直接分配的虚拟机图形加速系统Gracias,它的思想是把显卡直接分配给某一台完全虚拟化的虚拟机使用。这样一来,虚拟机中显卡的设备驱动程序对于显卡的使用和访问操作就不会被虚拟机监控器所拦截,也不用通过软件模拟的方式来处理这些访问请求,而是直接交给真实的硬件去完成。这使得对图形处理要求很高的程序在虚拟机中可以获得比普通虚拟化方法高很多的性能提升。 相似文献
5.
介绍了虚拟化技术的概念和研究范围,接着探讨计算平台虚拟化及高可用等特性,引入虚拟机宿主服务器的概念,指出为了发挥虚拟化技术的特性,对虚拟机宿主服务器进行性能数据收集的必要性,以EsxServer和Xen为性能收集对象,分别探讨性能收集方法.具体方法是针对不同虚拟化产品,相应使用了Linux命令查询解析、虚拟化监视器命令解析及数据管理对象访问.最后以虚拟化产品厂商提供的性能监视数据作为参照,指出了性能收集方法的优劣. 相似文献
6.
在云计算蓬勃发展这个外因的驱动下,虚拟化技术作为云计算的关键技术平台也正不可逆转地发展着。虚拟化使得一台计算机上能够运行多个虚拟机,虚拟机之间有很强的隔离性,且虚拟机与硬件没有直接的关联。论文从虚拟化出现的原因入手,进而介绍UVP虚拟化平台的架构、特点以及在虚拟化平台中使用的性能优化技术、节能管理技术、安全实现技术以及UVP的增强技术等,使用这些关键技术意义在于提高系统性能、增强安全性、易于后期维护和扩展等。 相似文献
7.
8.
虚拟环境中,客户虚拟机的磁盘数据的访问由特权虚拟机来完成,这使得恶意的黑客或者系统管理员可以通过控制特权虚拟机随意地访问和修改客户虚拟机的磁盘数据,对客户虚拟机的磁盘数据安全性带来了极大的威胁。通过虚拟机监控器对客户虚拟机的磁盘数据使用数据加密和哈希校验的方法,可以有效地保护客户虚拟机的磁盘数据在访问过程中的隐私性和完整性,从而确保虚拟环境中,客户虚拟机磁盘数据的安全。该方法可以有效增强Xen虚拟架构下客户虚拟机磁盘数据的安全性。实验结果显示该方法真实有效且性能开销很小,是一种有效地保护客户虚拟机磁盘数据的安全性的方法。 相似文献
9.
《计算机科学与探索》2016,(3):311-325
针对开源虚拟化平台Xen的管理虚拟机Dom0服务臃肿和可信计算基庞大等问题,提出了一种基于Xen的安全虚拟机架构XHydra。该架构采用微内核的设计思想和最小特权安全理论,将Dom0分离成多个功能独立、相互隔离且具有最小特权的迷你服务域,并设计了一个服务监视器进行管理。服务监视器通过构建用户虚拟机与迷你服务域之间设备通信的专用通道,实现用户虚拟机和迷你服务域之间的双向隔离。最后基于Xen4.4开发了XHydra的原型系统,提高了平台的安全性,验证了架构的可行性。同时,针对虚拟化平台的存储性能和网络性能进行基准测试,实验结果表明所提方案性能相对于原始Xen仅降低了3%。 相似文献
10.
虚拟化服务对基于行为监控的客户虚拟机实施访问控制,以监控客户对受保护服务的访问行为.虚拟化服务使用运行时监控技术,通过观察到的客户虚拟机行为计算当前客户的信任度值,并强制客户执行符合其信任值级别的访问控制权限.本文设计了一种虚拟化服务信任度增强方案,提出了增强的虚拟化服务多层安全体系架构,描述了基于行为监控的信任度管理框架,最后介绍了其应用方向. 相似文献
11.
服务器虚拟化安全机制研究 总被引:1,自引:0,他引:1
服务器虚拟化技术立足于操作系统和CPU提供的权限控制,由工作在底层的虚拟机监控器为客户机提供资源的实时监控、授权访问、追踪审计等安全功能;同时虚拟机监控器自身采用可信计算技术,实现动态的可信认证;配合其他安全策略规划,服务器虚拟化为客户机提供更好的私密性和完整性保护. 相似文献
12.
贸易结算等测量应用要求计量软件及运行环境能有效防范包括管理员在内的各类用户的非授权篡改,但难以得到现有安全模型的有效支持。为此提出面向测量应用的软件保护模型MBSPM,基于角色—域—型访问控制策略分配数据访问权限,利用强制访问控制实施数据分级保护和法制相关软件隔离,依靠防篡改存储防止计量参数的非授权修改,基于可信平台模块(TPM)保护运行环境的完整性。基于虚拟称重系统的应用实例表明,MBSPM可支持计量应用所要求的软件保护特性,与不实施MBSPM的情况相比较,除系统启动时间增加大约50%之外,文件打开和应用启动等操作的速度下降均不超过20%。 相似文献
13.
E. B. Aleksandrova D. P. Zegzhda A. S. Konoplev 《Automatic Control and Computer Sciences》2016,50(8):739-742
The paper describes the problem of unauthorized access to the data processed in distributed grid computing networks. Existing implementations of entity authentication mechanisms in grid systems are analyzed, and their disadvantages are considered. An approach to the use of group signature schemes, which prevents unauthorized access to a computing environment and provides the integrity of transferred data, is proposed. 相似文献
14.
在企业网中为了限制非授权用户访问企业网之外的资源,一般在代理服务器上进行IP地址或计算机MAC绑定.但是如果代理服务器的参数设置不合适,可能起不到限制非授权用户访问外网的作用.为了检测哪些代理服务器没有进行非授权用户IP或MAC限制,使用C++Builder 6.0的NMHTTP控件开发了一个局域网代理服务器检测程序.... 相似文献
15.
A distributed, persistent memory system is considered, which implements a form of segmentation with paging within the framework of the single-address-space paradigm of memory reference. A peculiar problem of a system of this type is the lack of protection of the private information items of any given process against unauthorized access attempts possibly performed by the other processes. We present a set of mechanisms able to enforce access control over the private virtual space areas. These mechanisms guarantee a degree of protection comparable to that typical of a multiple-address-space system, while preserving the advantages of ease of information sharing, typical of the single-address-space model. The resulting environment is evaluated from a number of salient viewpoints, including ease of distribution and revocation of access rights, strategies for virtual space reuse, and the storage requirements of the information for memory management 相似文献
16.
针对云服务中多租户应用面临越权访问和联合恶意攻击问题,综合聚类思想和基于密文策略的属性加密(CP-ABE)提出一种多租户授权管理访问控制模型(MTACM)。该模型根据多租户的业务特点将角色任务聚类为任务组,并采用匹配因子标记任务组,进而通过任务组授权管理角色属性,以实现角色的细粒度授权访问控制管理,减少系统计算量开销,降低系统的复杂度。在虚拟环境下实现了该模型算法,且通过逻辑推理证明了模型的安全性和系统访问的高效性。 相似文献
17.
《Computer Networks》2001,35(1):39-56
The IETF Script management information base (MIB) integrates the management by delegation (MbD) model into the Internet management framework. This paper discusses the security aspects of the Script MIB concerning MIB access security and runtime security of delegated management functions. The paper shows how SNMPv3 security mechanisms have been utilized to protect the Script MIB from unauthorized access. A prototype implementation is presented using the Java virtual machine as a runtime system for delegated management functions. The prototype demonstrates how solutions to all security aspects can be integrated. 相似文献
18.
Davide Alberto Albertini Barbara Carminati Elena Ferrari 《International Journal of Information Security》2017,16(1):75-89
In general, access control mechanisms in DBMSs ensure that users access only those portions of data for which they have authorizations, according to a predefined set of access control policies. However, it has been shown that access control mechanisms might be not enough. A clear example is the inference problem due to functional dependencies, which might allow a user to discover unauthorized data by exploiting authorized data. In this paper, we wish to investigate data dependencies (e.g., functional dependencies, foreign key constraints, and knowledge-based implications) from a different perspective. In particular, the aim was to investigate data dependencies as a mean for increasing the DBMS utility, that is, the number of queries that can be safely answered, rather than as channels for releasing sensitive data. We believe that, under given circumstances, this unauthorized release may give more benefits than issues. As such, we present a query rewriting technique capable of extending defined access control policies by exploiting data dependencies, in order to authorize unauthorized but inferable data. 相似文献
19.
Ciminiera L. Valenzano A. 《IEEE transactions on pattern analysis and machine intelligence》1989,15(5):654-658
The problem of authenticating the users of a computer network in order to protect the shared resources against unauthorized use is discussed. Since intruders could enter the network and try to use services they have no right to access, the host implementing the service (or server) has to check the user's identity and access rights by searching in the relevant database. The author presents a method of carrying out such checks efficiently. The basic idea is that a suitable interface process is associated with each user-server connection in order to filter out unauthorized requests, thus implementing a sort of cache with parallel search where the working set of the whole database is stored and explored. The use of the interface process enables the system to exploit the hardware support for capability checking provided by new microprocessors. In particular, an implementation using iAPX432-based hosts is illustrated and performance issues are discussed 相似文献
20.
As advertisers increasingly rely on mobile-based data, consumer perceptions regarding the collection and use of such data becomes of great interest to scholars and practitioners. Recent industry data suggests advertisers seeking to leverage personal data offered via mobile devices would be wise to acknowledge and address the privacy concerns held by mobile users. Utilizing the theoretical foundation of communication privacy management (CPM), the current study investigates commonly understood privacy concerns such as collection, control, awareness, unauthorized secondary use, improper access and a newly adapted dimension of location tracking, trust in mobile advertisers, and attitudes toward mobile commerce, to predict mobile commerce engagement. Data from this study indicate that control, unauthorized access, trust in mobile advertisers, and attitude toward mobile commerce significantly predicted 43% of the variance in mobile commerce activity. 相似文献
