Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment

A covert channel and detection method technology, applied in the field of virtual machines and network security, can solve the problems of reduced effectiveness and inability to effectively detect co-residents

Active Publication Date: 2014-08-27
PEKING UNIV
View PDF3 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0031] This technology relies on the analysis of network traffic and will be affected by network conditions and network security policies
When the network condition is poor and the network security policy is set very strictly, the effectiveness of this method will be greatly reduced, and it cannot effectively detect the co-resident

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment
  • Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment
  • Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] In actual situations, if a single tenant (or two cooperative users) deploys multiple instances of the same type at the same time, and hopes that two or more of the instances can reside on the same physical machine to meet the tenant's own specific computing needs;

[0064] Or two cooperating users, one of which user A has pre-deployed a virtual machine on the cloud platform, and the other cooperating user B hopes to deploy a large number of virtual machine instances of the same type as user A's virtual machine instance to integrate his own virtual machine with The pre-deployed virtual machine of user A resides on the same physical machine, and the upper limit of the virtual machine of this physical machine is X.

[0065] In these several situations, using the co-resident detection method of the present invention can easily find a pair or multiple virtual machine instances co-resident.

[0066] Taking the cloud platform (EC2) based on Xen virtualization technology as an...

Embodiment 2

[0072] In fact, some cloud service providers (such as EC2) claim to users that they provide users with dedicated and exclusive services, and the instances created by users are physically isolated from the instances of other tenants. That is, the user exclusively owns a physical machine, and all instances created by the user run on the physical machine. Compared with ordinary rented services, this dedicated service charges more, but is the cloud service provider honest enough?

[0073] In this case, the co-resident detection method of the present invention can quickly detect whether the dedicated instance is co-resident, and check whether the cloud service provider really provides physical isolation for the user.

[0074] like Figure 4 As shown, the user creates multiple dedicated instances and obtains the DomIDs of these instances respectively. The method of obtaining the DomID is the same as that in Example 1; because it is a verification experiment, there is no need...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual machine simultaneous-locating detection method based on a hidden channel under a cloud environment. The method includes the steps that (1) a plurality of virtual machine embodiments of the same type are deployed on a cloud platform; (2) the real hidden channel, based on the cloud platform, of virtual machine monitor share resources is selected; (3) two virtual machine embodiments are selected from the virtual machine embodiments and recorded as the virtual machine embodiment A and the virtual machine embodiment B respectively; (4) the virtual machine embodiment A and the virtual machine embodiment B serve as a sender and a receiver of the hidden channel respectively, the hidden channel is used for communication, if the communication succeeds, the virtual machine embodiment A and the virtual machine embodiment B are simultaneously located on a physical machine, and if not, the virtual machine embodiment A and the virtual machine embodiment B are not simultaneously located on the physical machine. By means of the virtual machine simultaneous-locating detection method based on the hidden channel under the cloud environment, efficiency and reliability of the simultaneous-locating detection are improved, excessive dependence on the network is avoided through the hidden channel, and the problem of simultaneous-locating detection is solved on the premise that the performance is not lowered.

Description

technical field [0001] The invention relates to a virtual machine co-resident detection method, in particular to a virtual machine co-resident detection method based on a covert channel in a cloud environment, and belongs to the technical field of virtual machines and network security. Background technique [0002] Cloud computing provides a new computing mode, in which core computing and software are deployed on third-party infrastructure, effectively reducing the cost of deploying, managing and maintaining data centers, and enabling users to Use various software and computing services in a convenient way. [0003] Co-resident virtual machines refer to two or more virtual machines running on the same physical machine in a virtualized environment, they share the resources of the physical machine, and the virtual machine monitor schedules different virtual machines and provides Isolation and security between virtual machines. In a cloud environment, in order to effectively ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06G06F9/455
Inventor 沈晴霓张智陈康李聪任意吴中海
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap