Research On Virtualization Intrusion Tolerance Based On Cloud Computing

Cloud computing distributes computing tasks to virtual resource pool which is constituted by a large number of computers, cloud computing ensures that various applications can access computing power, storage space and various software services as needed. Service integration and supply on-demand coming from cloud computing can significantly improve the utilization of computing resources, reduce power consumption of per service, and effectively avoid the error of computing resources. However, cloud computing is still facing the problem of intrusion tolerance of the cloud computing platform and sensitive data of new enterprise data center. Many domestic and foreign research institutions and organizations research on intrusion tolerance, mainly adopt technologies of threshold cryptography, secret sharing and distributed redundancy replication, etc., on the real hardware platform; all those technologies require systems with high computing power and high storage capacity, and these resources generally can not be partitioned, they are usually designed for specific applications, therefore the utilization of resources is low, the management is hard to implement, and the versatility is poor; in addition, the system also has higher requirements for the number and quality of redundant components, and the recovery of redundant components will seriously affect the availability of system service. Therefore, this high cost of intrusion tolerance is unacceptable for cloud computing service providers and users, and this is not suit for the virtualization technology of cloud computing.In order to address the problem of intrusion tolerance of cloud computing platform and sensitive data in new enterprise data center, this paper constructs a virtualization intrusion tolerance system based on cloud computing by researching on the existing virtualization technology and secret sharing, and then presents a method of intrusion tolerance to protect sensitive data in cloud data center based on virtual adversary structure by utilizing secret sharing. This system adopts the method of hybrid fault model, active and passive replicas, state update and transfer, proactive recovery and diversity, and initially implements to tolerate F faulty replicas in N=2F+1 replicas and ensure that only F+1 active replicas to execute during the intrusion-free stage. The remaining replicas are all put into passive mode, which significantly reduces the resource consuming in cloud platform. At last we prove the reconstruction and confidentiality property of sensitive data by utilizing secret sharing.