| With the rapid development of Internet, the traditional computing environment is a large-scale migration to the cloud computing environment. Some traditional security issues can be solved under the cloud computing environment, but cloud computing also brought a lot of new security problems. Recent years, a series of incidents in cloud security makes users more worried about information disclosure, such as Google Gmail users’ data leakage, improper operation of Ali cloud makes company TeamCola data loss.In this paper, we study the computational attack and secure virtual machine protection in the cloud computing. Aiming at the virtual machine escape attack put forward an attack model and attack steps. And then design an access control model to prevent the virtual machine escape. The main contributions and innovation are as follows.First, detailed analysis of virtualized operating interactive between virtual machine and Hypervisor. Got the operating privilege level of x86 architecture on hardware-assisted virtualization. Analysis of the virtual machine escape attack permission to go through the conversion process and the corresponding state transitions of difficulties. Then abstract a kind of virtual machine escape attack model and attack steps. Finally, propose means of prevention for different levels of virtual machine escape attack.Secondly, according to the model of virtual machine escape which we proposed and the access control strategy, we put forward an access control model that can Prevent Virtual Machine Escape(PVME) based on BLP model. PVME model can manage system calls and resource utilization in virtual platforms between virtual machine and Hypervisor.Finally, according to the theory of the PVME model, we designed and implemented PVME module on KVM. By simulating the RTC(Real-Time Clock) state attack, we verify the PVME module can prevent the escape of virtual machine. PVME module will consume an additional time of the system call above 4% to 8%. |
PDF Full Text Request