Research On Virtual Machine Secure And Isolated Execution In Cloud Environment

Since co-residency virtual machines in a cloud environment share the physical resources, making some malicious users stealthily obtain others’ private information through detecting and analyzing the physical resources,which brings the potential threat of the Side-Channel-Attacks and challenged the isolation among co-residency virtual machines in a cloud environment. In view of this, this paper researches the virtual machine security isolation mechanism in cloud environment, proposes a cloud model-based method for measuring the side-channel-attacks threat among the co-residency virtual machines, furtherly builds up a virtual machine secure and isolated execution model based on threat metrics. Finally, the simulation results show the feasibility and validity of this model.The research work mentioned in this paper is summarized here:1. Taking advantages of cloud model ’ s fuzziness and randomness measure,combined with the signatures of the co-residency virtual machines ’side-channel-attacks threat, a cloud model-based method for measuring the side-channel-attacks threat of the co-residency virtual machines is proposed. The method comprehensively considers the indexes of the side-channel-attacks threat,gives the levels of the side-channel-attacks threat and provides important basis for the model construction of the side-channel-attacks threat detection and defense for co-residency virtual machines in cloud environment.2. Utilizing the Filter mechanism in OpenStack platform’s module-Nova and the isolation superiority of virtual machine monitor among cloud environment, integrating cloud user’s threat assessment level metrics, a virtual machine isolation running modelbased on threat metrics is build. This model can deploy the virtual machine instance which applied by different threat level user at corresponding isolation area, where achieve the goal of isolating the virtual machine instance applied by the potential malicious users at different isolation area.Experiments show that this model can reduce the potential risk that malicious user who wants to carry out side-channel-attack to a certain extent, enhance the users ’virtual machine isolation between instances, and achieve the propose of virtual machine security isolation in a cloud environment.