Design And Implementation Of Security Subsystem Based On Desktop Cloud Management Platform Of Ovirt-Kvm

With the popularity of cloud computing technology, the security problem is becoming more and more serious. Because the number of virtual machines of cloud computing platform is very large, traditional security monitoring software is not suitable for cloud platform. Becase the deployment of cloud platform is very complex, traditional security audit technology can not effectively gain the security situation of cloud computing platform.In this thesis, it designs and implements a security subsystem based on desktop cloud management platform of Ovirt-Kvm. It mainly includes the cloud platform monitoring module and the cloud platform audit module. We realize the cloud platform security monitoring system of virtual machine file system and the memory process, as well as the security audit system of the cloud platform service availability, authentication and authorization, business process security and other related information. In this thesis, we use Ovirt desktop cloud platform as a representative to design the security subsystem, which can be implemented in conjunction with Ovirt cloud platform. It can effectively guarantee the security of the virtual machine system, and by the audit system it can effectively gain the overall security situation of the cloud platform. Ensure the services of the cloud platform available and safe.The main work of this thesis is as follows:(1)Study the virtual machine introspection techniques based on Libvmi open source introspection Library. Reconstruct low-level information(process page table, memory mapping, etc.) of virtual machine to access to high-level information(process information of the virtual machine, the kernel data). We improve Libvmi API library to completely get all the process of the virtual machine, and achieve real-time monitoring of the behavior and state of the virtual machine process.(2) Analysis the file system format and disk image technology to mount raw, qcow2 disk image format on NTFS, EXT file system. We develop open source virus scanning engine in the hypervisor layer to scan file system of disk images. Such to complete the virtual machine file system security monitoring.(3)Study cloud platform security audit technology. Design a model of data acquisition and information analysis, analyse the overall trend of cloud platform safety. This thesis introduces the audit information collection module and audit information analysis module, and introduces the real-time audit and post audit modes to meet the different needs of cloud platform audit. In this thesis, we introduce a correlation analysis algorithm. According to the cloud environment changes of security audit data, system can improve the audit rules, thus ensure the reliability of the security subsystem.At the end of this thesis, we verify each module of the security subsystem of the Ovirt desktop cloud management platform. The experiment proves that the security subsystem has good practicability and reliability for the security of the cloud platform.