| Computer network has already gone deep into human society and daily life, and it is playing a very important role in every key department and economic field. The traditional network security technology is facing the huge challenge, so it is crying for effective security means. The research of network survivability is a breakthrough to the traditional security concept and technology. Moreover, it has become the new direction of the network security research. The thesis focuses on the survivable system based on service migration technology. To sustain the service continuity under the condition of being attacked and invaded, the theory and the realization mechanism of service migration are studied in detail. Through these researches, the problem that the service could only be attacked passively but not evade security threaten actively has been resolved effectively, which has improved the system survivability. The main contribution of this thesis includes:Firstly, this thesis deeply researches the system survivability theory and service migration technology. Furthermore, the deficiency of present survivability is analyzed. With the viewpoint that the motive goal is more secure, service migration technology is brought in. Through analyzing and comparing with the traditional dynamic migration technology and present service migration technology respectively, the service migration technology based on state management in application level is proved to be superior.Secondly, guided by the key point that the survivability of single host node is the foundation of network information security, this thesis brings forward a survivable model based on intrusion tolerance. In this model, the system function is divided into five layers, and the present kinds of technologies are synthesized to construct defense in depth for information security. At the same time, service migration technology is adopted to enhance the system's ability on evading threaten and running continuously. Moreover, the model adopts service violation layer to postpone the process of being found and attacked by attacker, and this supplies time for emergence response as much as possible. The whole model comes into being a close system, which could change defense policy self adaptively. Thus this model satisfies the requirements of survivability, such as resistance, recognition, recovery and adaptation.Thirdly, this thesis researches the key technologies of service migration based on state management in application level. At first, the architecture of service migration is set up, which satisfies the requirements of service migration, such as transparency, heterogeneity and adaptation. Subsequently, the three-layered realization architecture of service migration based on security is offered. On these backgrounds, this thesis focuses on state management, and divides the application level states into three kinds, such as initial state, active state and finish state, then researches the five stages particularly: state capture, state process, state transmission, state process and state restore.Finally, this thesis takes FTP as example, and realizes the prototype of service migration. According to the three-layered realization architecture of service migration, the cache of FTP active state in proxy layer is analyzed, especially the key technologies of flux control, such as time and size, are studied to ensure the persistence and transparence of service during the migration. At the same time, the capture, transmit and recover of initial state and finish state are also provided. At last, the basic realization model of service migration and the results of service migration are offered, which indicates that the theory of service migration is practicable.The research in the thesis takes an important role in the 863 project, and it is useful in many fields such as survivability, load balance, mobile computation and service migration crossing platform in communication industry. |
PDF Full Text Request