Research On Xen Virtual Machine Scheduling Strategy To Mitigate Covert Channel Attacks

With the continuous development of computer technology, cloud computing technology plays a more and more important role in today’s age of the Internet. As one of the basic theory of the cloud computing, virtualization technology has received the extensive concern of the industry once again. However, the covert channel attacks across virtual machine have brought security issues to cloud computing. In a virtual machine system, scheduling algorithm is an important method for virtual machine manager to allocate processor resource.It has a great impact on the full use of computer resources and improving the security of virtual machines. In view of the cache based covert channel attacks across virtual machine, the paper improves the scheduling algorithm of Xen virtual machine to achieve the purpose of weakening the harm of covert channel attacks.The main research contents of the paper are as follows:(1) The paper analyzes the covert channel attacks across virtual machine in cloud platform, and mainly introduces the principle of cache based covert channel attacks and the attack steps, and puts forward the idea of reducing the cache based covert channel attacks.(2) The paper studies the architecture of Xen virtual machine, and analyzes the Xen scheduling frameworks and the default Credit scheduling algorithm in depth. Then, to mitigate the cache based covert channel attacks across virtual machine on the cloud platform, the paper puts forward the improvement of Credit scheduling algorithm.(3) In the improved algorithm, the URGENT priority is increased. This priority is used to deal with the special emergency tasks in the Xen virtual environment,and can make the virtual machine adjust the virtual CPU scheduling order when the cloud platform is being attacked. At the same time, the improved algorithm limits the execution of the malicious processes in malicious virtual machine. When the victim process is running in the system, the malicious process can not get the physical CPU time and can not be scheduled to run.(4) This paper analyses the design principle of Schedsim simulator,designs and implementes the improved Credit algorithm and Credit algorithm in the simulator. This paper carrys out performance testing, comparison and analysis of the algorithm before and after improvement.Test results show that the improved Credit algorithm can handle the emergency process, and can limit the response time of the attack process.